RubyGems - puppet - Versions diffs - 3.3.2 → 3.4.0.rc1 - Mend

puppet 3.3.2 → 3.4.0.rc1

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (589) hide show

data/CONTRIBUTING.md +22 -0
data/Gemfile +11 -2
data/README.md +13 -17
data/README_DEVELOPER.md +1 -1
data/Rakefile +1 -1
data/examples/hiera/README.md +4 -4
data/ext/debian/puppetmaster.init +1 -0
data/ext/debian/rules +2 -5
data/ext/nagios/check_puppet.rb +7 -7
data/ext/osx/file_mapping.yaml +1 -1
data/ext/osx/preflight.erb +34 -19
data/ext/rack/{files/config.ru → config.ru} +0 -0
data/ext/rack/{files/apache2.conf → example-passenger-vhost.conf} +6 -0
data/ext/redhat/puppet.spec.erb +20 -2
data/ext/systemd/{puppetagent.service → puppet.service} +0 -0
data/lib/hiera_puppet.rb +2 -2
data/lib/puppet/agent.rb +1 -6
data/lib/puppet/application.rb +15 -2
data/lib/puppet/application/agent.rb +2 -7
data/lib/puppet/application/apply.rb +8 -13
data/lib/puppet/application/cert.rb +47 -7
data/lib/puppet/application/device.rb +1 -6
data/lib/puppet/application/face_base.rb +1 -1
data/lib/puppet/application/filebucket.rb +1 -1
data/lib/puppet/application/inspect.rb +3 -12
data/lib/puppet/application/master.rb +1 -6
data/lib/puppet/application/queue.rb +1 -6
data/lib/puppet/application/resource.rb +2 -6
data/lib/puppet/coercion.rb +11 -0
data/lib/puppet/configurer.rb +5 -3
data/lib/puppet/configurer/downloader.rb +3 -1
data/lib/puppet/configurer/plugin_handler.rb +10 -0
data/lib/puppet/confine.rb +80 -0
data/lib/puppet/{provider/confine → confine}/exists.rb +3 -3
data/lib/puppet/{provider/confine → confine}/false.rb +2 -2
data/lib/puppet/{provider/confine → confine}/feature.rb +2 -2
data/lib/puppet/{provider/confine → confine}/true.rb +2 -2
data/lib/puppet/{provider/confine → confine}/variable.rb +2 -2
data/lib/puppet/{provider/confine_collection.rb → confine_collection.rb} +4 -4
data/lib/puppet/{provider/confiner.rb → confiner.rb} +4 -4
data/lib/puppet/daemon.rb +2 -6
data/lib/puppet/data_binding.rb +2 -30
data/lib/puppet/defaults.rb +283 -174
data/lib/puppet/error.rb +1 -0
data/lib/puppet/external/nagios.rb +0 -2
data/lib/puppet/external/nagios/base.rb +4 -3
data/lib/puppet/external/nagios/grammar.ry +173 -112
data/lib/puppet/external/nagios/parser.rb +233 -184
data/lib/puppet/face/file/store.rb +1 -1
data/lib/puppet/face/module/generate.rb +5 -7
data/lib/puppet/face/parser.rb +12 -2
data/lib/puppet/face/plugin.rb +6 -0
data/lib/puppet/feature/base.rb +16 -0
data/lib/puppet/feature/external_facts.rb +5 -0
data/lib/puppet/feature/libuser.rb +1 -1
data/lib/puppet/feature/msgpack.rb +1 -0
data/lib/puppet/feature/rails.rb +2 -2
data/lib/puppet/file_bucket/dipper.rb +8 -6
data/lib/puppet/file_bucket/file.rb +17 -1
data/lib/puppet/file_serving/base.rb +21 -10
data/lib/puppet/file_serving/configuration.rb +5 -7
data/lib/puppet/file_serving/configuration/parser.rb +1 -1
data/lib/puppet/file_serving/content.rb +1 -1
data/lib/puppet/file_serving/fileset.rb +3 -3
data/lib/puppet/file_serving/metadata.rb +22 -18
data/lib/puppet/file_serving/mount/file.rb +1 -1
data/lib/puppet/file_serving/mount/pluginfacts.rb +35 -0
data/lib/puppet/file_system.rb +3 -0
data/lib/puppet/file_system/file.rb +261 -0
data/lib/puppet/file_system/file18.rb +5 -0
data/lib/puppet/file_system/file19.rb +5 -0
data/lib/puppet/file_system/file19windows.rb +113 -0
data/lib/puppet/file_system/memory_file.rb +31 -0
data/lib/puppet/file_system/tempfile.rb +20 -0
data/lib/puppet/indirector/active_record.rb +1 -0
data/lib/puppet/indirector/catalog/compiler.rb +28 -0
data/lib/puppet/indirector/certificate_request/memory.rb +6 -0
data/lib/puppet/indirector/data_binding/hiera.rb +46 -2
data/lib/puppet/indirector/direct_file_server.rb +2 -2
data/lib/puppet/indirector/facts/facter.rb +25 -0
data/lib/puppet/indirector/file_bucket_file/file.rb +60 -74
data/lib/puppet/indirector/indirection.rb +5 -1
data/lib/puppet/indirector/json.rb +1 -1
data/lib/puppet/indirector/key/ca.rb +4 -0
data/lib/puppet/indirector/key/file.rb +7 -3
data/lib/puppet/indirector/key/memory.rb +6 -0
data/lib/puppet/indirector/node/write_only_yaml.rb +2 -2
data/lib/puppet/indirector/request.rb +17 -11
data/lib/puppet/indirector/resource/ral.rb +5 -0
data/lib/puppet/indirector/resource/rest.rb +1 -0
data/lib/puppet/indirector/resource/store_configs.rb +4 -0
data/lib/puppet/indirector/rest.rb +2 -1
data/lib/puppet/indirector/ssl_file.rb +7 -7
data/lib/puppet/indirector/terminus.rb +4 -0
data/lib/puppet/indirector/yaml.rb +3 -3
data/lib/puppet/interface/documentation.rb +4 -11
data/lib/puppet/module.rb +19 -6
data/lib/puppet/module_tool/applications/builder.rb +1 -1
data/lib/puppet/module_tool/applications/installer.rb +1 -1
data/lib/puppet/module_tool/checksums.rb +1 -1
data/lib/puppet/module_tool/dependency.rb +7 -3
data/lib/puppet/module_tool/metadata.rb +6 -2
data/lib/puppet/module_tool/tar.rb +2 -1
data/lib/puppet/module_tool/tar/gnu.rb +6 -2
data/lib/puppet/module_tool/tar/mini.rb +2 -0
data/lib/puppet/module_tool/tar/solaris.rb +2 -5
data/lib/puppet/network/authconfig.rb +0 -2
data/lib/puppet/network/authentication.rb +1 -1
data/lib/puppet/network/authstore.rb +6 -7
data/lib/puppet/network/format.rb +2 -3
data/lib/puppet/network/format_handler.rb +16 -11
data/lib/puppet/network/format_support.rb +14 -0
data/lib/puppet/network/formats.rb +26 -0
data/lib/puppet/network/http/connection.rb +8 -41
data/lib/puppet/network/http/handler.rb +28 -32
data/lib/puppet/network/http/webrick.rb +15 -22
data/lib/puppet/network/http_pool.rb +43 -9
data/lib/puppet/network/rights.rb +0 -0
data/lib/puppet/node.rb +24 -8
data/lib/puppet/node/environment.rb +18 -20
data/lib/puppet/node/facts.rb +23 -6
data/lib/puppet/parameter.rb +15 -2
data/lib/puppet/parameter/boolean.rb +5 -0
data/lib/puppet/parameter/value_collection.rb +6 -4
data/lib/puppet/parser/ast/resourceparam.rb +2 -1
data/lib/puppet/parser/compiler.rb +25 -9
data/lib/puppet/parser/files.rb +1 -1
data/lib/puppet/parser/functions.rb +12 -21
data/lib/puppet/parser/functions/collect.rb +6 -35
data/lib/puppet/parser/functions/contain.rb +26 -0
data/lib/puppet/parser/functions/create_resources.rb +5 -0
data/lib/puppet/parser/functions/extlookup.rb +2 -2
data/lib/puppet/parser/functions/file.rb +1 -1
data/lib/puppet/parser/functions/{reject.rb → filter.rb} +13 -12
data/lib/puppet/parser/functions/fqdn_rand.rb +13 -5
data/lib/puppet/parser/functions/include.rb +18 -1
data/lib/puppet/parser/functions/map.rb +44 -0
data/lib/puppet/parser/functions/select.rb +6 -38
data/lib/puppet/parser/lexer.rb +1 -1
data/lib/puppet/parser/parser_support.rb +1 -1
data/lib/puppet/parser/resource.rb +6 -45
data/lib/puppet/parser/scope.rb +33 -2
data/lib/puppet/parser/type_loader.rb +4 -60
data/lib/puppet/pops/binder/bindings_loader.rb +1 -1
data/lib/puppet/pops/binder/config/binder_config.rb +3 -3
data/lib/puppet/pops/binder/hiera2/bindings_provider.rb +1 -1
data/lib/puppet/pops/binder/scheme_handler/confdir_hiera_scheme.rb +1 -1
data/lib/puppet/pops/binder/scheme_handler/module_hiera_scheme.rb +2 -2
data/lib/puppet/pops/issues.rb +4 -0
data/lib/puppet/pops/model/ast_transformer.rb +4 -1
data/lib/puppet/pops/model/model_label_provider.rb +1 -1
data/lib/puppet/pops/parser/egrammar.ra +5 -24
data/lib/puppet/pops/parser/eparser.rb +859 -902
data/lib/puppet/pops/parser/lexer.rb +48 -30
data/lib/puppet/pops/parser/parser_support.rb +1 -1
data/lib/puppet/pops/patterns.rb +4 -4
data/lib/puppet/pops/utils.rb +1 -1
data/lib/puppet/pops/validation/checker3_1.rb +25 -20
data/lib/puppet/provider.rb +23 -6
data/lib/puppet/provider/aixobject.rb +0 -0
data/lib/puppet/provider/augeas/augeas.rb +21 -5
data/lib/puppet/provider/confine.rb +5 -79
data/lib/puppet/provider/cron/crontab.rb +0 -0
data/lib/puppet/provider/exec.rb +9 -7
data/lib/puppet/provider/exec/posix.rb +10 -1
data/lib/puppet/provider/exec/windows.rb +1 -1
data/lib/puppet/provider/file/posix.rb +1 -0
data/lib/puppet/provider/file/windows.rb +16 -5
data/lib/puppet/provider/group/aix.rb +0 -0
data/lib/puppet/provider/group/windows_adsi.rb +33 -1
data/lib/puppet/provider/macauthorization/macauthorization.rb +1 -1
data/lib/puppet/provider/mailalias/aliases.rb +0 -0
data/lib/puppet/provider/maillist/mailman.rb +0 -0
data/lib/puppet/provider/mount/parsed.rb +0 -0
data/lib/puppet/provider/nameservice/directoryservice.rb +3 -3
data/lib/puppet/provider/package/appdmg.rb +1 -1
data/lib/puppet/provider/package/apple.rb +1 -1
data/lib/puppet/provider/package/apt.rb +1 -1
data/lib/puppet/provider/package/aptitude.rb +0 -0
data/lib/puppet/provider/package/blastwave.rb +1 -1
data/lib/puppet/provider/package/dpkg.rb +1 -1
data/lib/puppet/provider/package/fink.rb +1 -1
data/lib/puppet/provider/package/freebsd.rb +0 -0
data/lib/puppet/provider/package/gem.rb +0 -0
data/lib/puppet/provider/package/macports.rb +0 -0
data/lib/puppet/provider/package/msi.rb +4 -10
data/lib/puppet/provider/package/nim.rb +8 -8
data/lib/puppet/provider/package/openbsd.rb +1 -1
data/lib/puppet/provider/package/opkg.rb +0 -0
data/lib/puppet/provider/package/pacman.rb +2 -2
data/lib/puppet/provider/package/pkgdmg.rb +1 -1
data/lib/puppet/provider/package/pkgutil.rb +1 -1
data/lib/puppet/provider/package/ports.rb +0 -0
data/lib/puppet/provider/package/rpm.rb +39 -3
data/lib/puppet/provider/package/sun.rb +3 -3
data/lib/puppet/provider/package/sunfreeware.rb +0 -0
data/lib/puppet/provider/package/windows.rb +12 -19
data/lib/puppet/provider/package/windows/package.rb +1 -1
data/lib/puppet/provider/package/yum.rb +2 -2
data/lib/puppet/provider/parsedfile.rb +0 -0
data/lib/puppet/provider/port/parsed.rb +0 -0
data/lib/puppet/provider/service/base.rb +0 -0
data/lib/puppet/provider/service/bsd.rb +3 -3
data/lib/puppet/provider/service/daemontools.rb +8 -8
data/lib/puppet/provider/service/debian.rb +0 -0
data/lib/puppet/provider/service/freebsd.rb +3 -3
data/lib/puppet/provider/service/init.rb +5 -4
data/lib/puppet/provider/service/launchd.rb +35 -24
data/lib/puppet/provider/service/openbsd.rb +23 -0
data/lib/puppet/provider/service/redhat.rb +0 -0
data/lib/puppet/provider/service/runit.rb +3 -3
data/lib/puppet/provider/service/smf.rb +0 -0
data/lib/puppet/provider/service/src.rb +0 -0
data/lib/puppet/provider/service/systemd.rb +0 -0
data/lib/puppet/provider/service/upstart.rb +3 -3
data/lib/puppet/provider/ssh_authorized_key/parsed.rb +2 -2
data/lib/puppet/provider/sshkey/parsed.rb +0 -0
data/lib/puppet/provider/user/aix.rb +0 -0
data/lib/puppet/provider/user/directoryservice.rb +1 -1
data/lib/puppet/provider/user/useradd.rb +1 -1
data/lib/puppet/provider/zone/solaris.rb +1 -1
data/lib/puppet/rails/benchmark.rb +1 -1
data/lib/puppet/reference/configuration.rb +1 -2
data/lib/puppet/reference/indirection.rb +12 -14
data/lib/puppet/relationship.rb +7 -4
data/lib/puppet/reports.rb +2 -2
data/lib/puppet/reports/rrdgraph.rb +1 -1
data/lib/puppet/reports/store.rb +3 -3
data/lib/puppet/reports/tagmail.rb +2 -2
data/lib/puppet/resource.rb +66 -8
data/lib/puppet/resource/catalog.rb +18 -25
data/lib/puppet/resource/status.rb +10 -4
data/lib/puppet/run.rb +6 -2
data/lib/puppet/settings.rb +39 -119
data/lib/puppet/settings/base_setting.rb +8 -9
data/lib/puppet/settings/directory_setting.rb +8 -0
data/lib/puppet/settings/file_setting.rb +35 -1
data/lib/puppet/settings/priority_setting.rb +42 -0
data/lib/puppet/ssl.rb +4 -0
data/lib/puppet/ssl/certificate.rb +18 -0
data/lib/puppet/ssl/certificate_authority.rb +101 -72
data/lib/puppet/ssl/certificate_authority/autosign_command.rb +44 -0
data/lib/puppet/ssl/certificate_authority/interface.rb +21 -17
data/lib/puppet/ssl/certificate_factory.rb +38 -12
data/lib/puppet/ssl/certificate_request.rb +201 -47
data/lib/puppet/ssl/certificate_request_attributes.rb +34 -0
data/lib/puppet/ssl/certificate_revocation_list.rb +2 -2
data/lib/puppet/ssl/host.rb +21 -10
data/lib/puppet/ssl/inventory.rb +6 -10
data/lib/puppet/ssl/key.rb +1 -1
data/lib/puppet/ssl/oids.rb +78 -0
data/lib/puppet/ssl/validator.rb +41 -97
data/lib/puppet/ssl/validator/default_validator.rb +153 -0
data/lib/puppet/ssl/validator/no_validator.rb +17 -0
data/lib/puppet/status.rb +4 -0
data/lib/puppet/test/test_helper.rb +5 -0
data/lib/puppet/transaction.rb +13 -0
data/lib/puppet/transaction/event.rb +8 -3
data/lib/puppet/transaction/report.rb +6 -2
data/lib/puppet/transaction/resource_harness.rb +173 -115
data/lib/puppet/type.rb +30 -13
data/lib/puppet/type/augeas.rb +12 -46
data/lib/puppet/type/component.rb +1 -7
data/lib/puppet/type/cron.rb +0 -0
data/lib/puppet/type/exec.rb +13 -1
data/lib/puppet/type/file.rb +19 -10
data/lib/puppet/type/file/checksum.rb +0 -0
data/lib/puppet/type/file/content.rb +3 -0
data/lib/puppet/type/file/ensure.rb +33 -15
data/lib/puppet/type/file/group.rb +0 -0
data/lib/puppet/type/file/mode.rb +6 -2
data/lib/puppet/type/file/owner.rb +0 -0
data/lib/puppet/type/file/source.rb +65 -14
data/lib/puppet/type/file/target.rb +6 -6
data/lib/puppet/type/file/type.rb +0 -0
data/lib/puppet/type/filebucket.rb +0 -0
data/lib/puppet/type/group.rb +18 -0
data/lib/puppet/type/host.rb +0 -0
data/lib/puppet/type/k5login.rb +4 -4
data/lib/puppet/type/mailalias.rb +0 -0
data/lib/puppet/type/maillist.rb +0 -0
data/lib/puppet/type/mount.rb +15 -1
data/lib/puppet/type/package.rb +7 -1
data/lib/puppet/type/port.rb +0 -0
data/lib/puppet/type/schedule.rb +9 -4
data/lib/puppet/type/service.rb +1 -1
data/lib/puppet/type/sshkey.rb +0 -0
data/lib/puppet/type/tidy.rb +1 -1
data/lib/puppet/type/user.rb +3 -0
data/lib/puppet/type/yumrepo.rb +8 -6
data/lib/puppet/type/zpool.rb +0 -0
data/lib/puppet/util.rb +4 -31
data/lib/puppet/util/adsi.rb +73 -17
data/lib/puppet/util/autoload.rb +3 -3
data/lib/puppet/util/backups.rb +4 -4
data/lib/puppet/util/cacher.rb +7 -13
data/lib/puppet/util/checksums.rb +2 -2
data/lib/puppet/util/classgen.rb +3 -1
data/lib/puppet/util/colors.rb +1 -0
data/lib/puppet/util/command_line.rb +5 -0
data/lib/puppet/util/docs.rb +33 -27
data/lib/puppet/util/execution.rb +42 -18
data/lib/puppet/util/filetype.rb +3 -3
data/lib/puppet/util/instance_loader.rb +2 -2
data/lib/puppet/util/instrumentation.rb +23 -42
data/lib/puppet/util/instrumentation/data.rb +11 -4
data/lib/puppet/util/instrumentation/indirection_probe.rb +11 -4
data/lib/puppet/util/instrumentation/instrumentable.rb +7 -14
data/lib/puppet/util/instrumentation/listener.rb +15 -8
data/lib/puppet/util/instrumentation/listeners/log.rb +4 -10
data/lib/puppet/util/instrumentation/listeners/performance.rb +8 -14
data/lib/puppet/util/limits.rb +12 -0
data/lib/puppet/util/lockfile.rb +2 -2
data/lib/puppet/util/log.rb +14 -6
data/lib/puppet/util/log/destinations.rb +23 -1
data/lib/puppet/util/metric.rb +9 -3
data/lib/puppet/util/monkey_patches.rb +7 -2
data/lib/puppet/util/network_device/config.rb +1 -1
data/lib/puppet/util/plugins.rb +1 -1
data/lib/puppet/util/posix.rb +0 -0
data/lib/puppet/util/profiler.rb +7 -2
data/lib/puppet/util/provider_features.rb +2 -2
data/lib/puppet/util/rdoc.rb +28 -30
data/lib/puppet/util/rdoc/code_objects.rb +75 -25
data/lib/puppet/util/rdoc/generators/puppet_generator.rb +1 -1
data/lib/puppet/util/rdoc/parser.rb +12 -487
data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +477 -0
data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc1.rb +19 -0
data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc2.rb +14 -0
data/lib/puppet/util/reference.rb +1 -1
data/lib/puppet/util/resource_template.rb +1 -1
data/lib/puppet/util/selinux.rb +1 -1
data/lib/puppet/util/storage.rb +2 -2
data/lib/puppet/util/suidmanager.rb +1 -1
data/lib/puppet/util/tag_set.rb +29 -0
data/lib/puppet/util/tagging.rb +8 -24
data/lib/puppet/util/watched_file.rb +1 -1
data/lib/puppet/util/watcher.rb +1 -1
data/lib/puppet/util/windows.rb +3 -0
data/lib/puppet/util/windows/access_control_entry.rb +84 -0
data/lib/puppet/util/windows/access_control_list.rb +106 -0
data/lib/puppet/util/windows/file.rb +213 -0
data/lib/puppet/util/windows/process.rb +199 -0
data/lib/puppet/util/windows/root_certs.rb +52 -37
data/lib/puppet/util/windows/security.rb +270 -245
data/lib/puppet/util/windows/security_descriptor.rb +62 -0
data/lib/puppet/util/windows/sid.rb +26 -4
data/lib/puppet/version.rb +2 -2
data/spec/fixtures/releases/jamtur01-apache/lib/puppet/provider/a2mod/debian.rb +1 -1
data/spec/fixtures/unit/indirector/{hiera → data_binding/hiera}/global.yaml +0 -0
data/spec/fixtures/unit/indirector/data_binding/hiera/invalid.yaml +1 -0
data/spec/fixtures/unit/module/trailing-comma.json +24 -0
data/spec/fixtures/unit/util/monkey_patches/x509.pem +32 -0
data/spec/integration/application/apply_spec.rb +1 -1
data/spec/integration/application/doc_spec.rb +1 -1
data/spec/integration/configurer_spec.rb +4 -2
data/spec/integration/data_binding.rb +100 -0
data/spec/integration/indirector/catalog/compiler_spec.rb +16 -13
data/spec/integration/indirector/direct_file_server_spec.rb +3 -5
data/spec/integration/indirector/file_content/file_server_spec.rb +2 -2
data/spec/integration/node/facts_spec.rb +1 -1
data/spec/integration/node_spec.rb +1 -1
data/spec/integration/parser/compiler_spec.rb +90 -0
data/spec/integration/parser/parser_spec.rb +2 -2
data/spec/integration/provider/cron/crontab_spec.rb +3 -5
data/spec/integration/resource/catalog_spec.rb +1 -1
data/spec/integration/ssl/autosign_spec.rb +90 -0
data/spec/integration/ssl/certificate_authority_spec.rb +62 -69
data/spec/integration/ssl/certificate_revocation_list_spec.rb +1 -1
data/spec/integration/ssl/host_spec.rb +1 -1
data/spec/integration/transaction_spec.rb +13 -13
data/spec/integration/type/exec_spec.rb +2 -2
data/spec/integration/type/file_spec.rb +287 -45
data/spec/integration/type/tidy_spec.rb +3 -3
data/spec/integration/util/rdoc/parser_spec.rb +236 -35
data/spec/integration/util/settings_spec.rb +1 -1
data/spec/integration/util/windows/process_spec.rb +22 -0
data/spec/integration/util/windows/security_spec.rb +316 -106
data/spec/lib/matchers/containment_matchers.rb +52 -0
data/spec/lib/puppet_spec/compiler.rb +6 -0
data/spec/lib/puppet_spec/files.rb +20 -21
data/spec/shared_behaviours/documentation_on_faces.rb +3 -3
data/spec/shared_behaviours/file_server_terminus.rb +2 -2
data/spec/shared_contexts/platform.rb +1 -0
data/spec/spec_helper.rb +13 -1
data/spec/unit/agent_spec.rb +0 -12
data/spec/unit/application/agent_spec.rb +4 -4
data/spec/unit/application/apply_spec.rb +18 -2
data/spec/unit/application/cert_spec.rb +8 -6
data/spec/unit/application/device_spec.rb +1 -1
data/spec/unit/application/filebucket_spec.rb +1 -1
data/spec/unit/application/inspect_spec.rb +1 -1
data/spec/unit/application_spec.rb +24 -0
data/spec/unit/configurer/downloader_spec.rb +8 -7
data/spec/unit/configurer/fact_handler_spec.rb +23 -0
data/spec/unit/configurer/plugin_handler_spec.rb +7 -2
data/spec/unit/configurer_spec.rb +15 -5
data/spec/unit/{provider/confine → confine}/exists_spec.rb +12 -12
data/spec/unit/{provider/confine → confine}/false_spec.rb +9 -9
data/spec/unit/{provider/confine → confine}/feature_spec.rb +10 -10
data/spec/unit/{provider/confine → confine}/true_spec.rb +7 -7
data/spec/unit/{provider/confine → confine}/variable_spec.rb +16 -16
data/spec/unit/{provider/confine_collection_spec.rb → confine_collection_spec.rb} +30 -30
data/spec/unit/{provider/confine_spec.rb → confine_spec.rb} +11 -11
data/spec/unit/{provider/confiner_spec.rb → confiner_spec.rb} +4 -4
data/spec/unit/face/parser_spec.rb +54 -0
data/spec/unit/file_bucket/dipper_spec.rb +2 -2
data/spec/unit/file_serving/base_spec.rb +32 -9
data/spec/unit/file_serving/configuration_spec.rb +7 -7
data/spec/unit/file_serving/content_spec.rb +12 -7
data/spec/unit/file_serving/fileset_spec.rb +57 -27
data/spec/unit/file_serving/metadata_spec.rb +74 -12
data/spec/unit/file_serving/mount/file_spec.rb +10 -10
data/spec/unit/file_serving/mount/pluginfacts_spec.rb +73 -0
data/spec/unit/file_system/file_spec.rb +486 -0
data/spec/unit/file_system/tempfile_spec.rb +48 -0
data/spec/unit/graph/relationship_graph_spec.rb +0 -6
data/spec/unit/hiera_puppet_spec.rb +2 -2
data/spec/unit/indirector/catalog/compiler_spec.rb +15 -19
data/spec/unit/indirector/certificate_status/file_spec.rb +30 -40
data/spec/unit/indirector/data_binding/hiera_spec.rb +95 -2
data/spec/unit/indirector/direct_file_server_spec.rb +6 -6
data/spec/unit/indirector/facts/facter_spec.rb +33 -0
data/spec/unit/indirector/file_bucket_file/file_spec.rb +61 -52
data/spec/unit/indirector/file_metadata/file_spec.rb +2 -2
data/spec/unit/indirector/file_server_spec.rb +4 -4
data/spec/unit/indirector/json_spec.rb +4 -4
data/spec/unit/indirector/key/file_spec.rb +13 -14
data/spec/unit/indirector/resource/ral_spec.rb +7 -0
data/spec/unit/indirector/resource/store_configs_spec.rb +11 -0
data/spec/unit/indirector/rest_spec.rb +7 -3
data/spec/unit/indirector/ssl_file_spec.rb +14 -17
data/spec/unit/indirector/yaml_spec.rb +4 -4
data/spec/unit/module_spec.rb +43 -15
data/spec/unit/module_tool/tar/gnu_spec.rb +2 -2
data/spec/unit/module_tool/tar/solaris_spec.rb +2 -2
data/spec/unit/module_tool/tar_spec.rb +45 -0
data/spec/unit/network/authconfig_spec.rb +2 -1
data/spec/unit/network/authentication_spec.rb +2 -2
data/spec/unit/network/format_handler_spec.rb +2 -2
data/spec/unit/network/formats_spec.rb +24 -0
data/spec/unit/network/http/connection_spec.rb +76 -199
data/spec/unit/network/http/handler_spec.rb +33 -34
data/spec/unit/network/http_pool_spec.rb +8 -5
data/spec/unit/node/environment_spec.rb +76 -90
data/spec/unit/node/facts_spec.rb +20 -3
data/spec/unit/node_spec.rb +43 -0
data/spec/unit/parameter/boolean_spec.rb +22 -12
data/spec/unit/parser/ast/resourceparam_spec.rb +51 -0
data/spec/unit/parser/compiler_spec.rb +103 -35
data/spec/unit/parser/eparser_adapter_spec.rb +12 -12
data/spec/unit/parser/files_spec.rb +11 -11
data/spec/unit/parser/functions/contain_spec.rb +185 -0
data/spec/unit/parser/functions/create_resources_spec.rb +13 -5
data/spec/unit/parser/functions/generate_spec.rb +1 -1
data/spec/unit/parser/functions_spec.rb +2 -2
data/spec/unit/parser/lexer_spec.rb +1 -1
data/spec/unit/parser/methods/each_spec.rb +1 -1
data/spec/unit/parser/methods/{select_spec.rb → filter_spec.rb} +11 -11
data/spec/unit/parser/methods/map_spec.rb +95 -0
data/spec/unit/parser/methods/reduce_spec.rb +12 -11
data/spec/unit/parser/methods/shared.rb +5 -5
data/spec/unit/parser/methods/slice_spec.rb +13 -13
data/spec/unit/parser/parser_spec.rb +1 -1
data/spec/unit/parser/resource/param_spec.rb +44 -0
data/spec/unit/parser/resource_spec.rb +16 -15
data/spec/unit/pops/model/ast_transformer_spec.rb +18 -4
data/spec/unit/pops/parser/lexer_spec.rb +22 -5
data/spec/unit/pops/parser/parse_calls_spec.rb +5 -5
data/spec/unit/pops/transformer/transform_calls_spec.rb +6 -6
data/spec/unit/pops/transformer/transform_containers_spec.rb +2 -2
data/spec/unit/pops/validator/validator_spec.rb +31 -0
data/spec/unit/provider/augeas/augeas_spec.rb +57 -2
data/spec/unit/provider/exec/posix_spec.rb +8 -3
data/spec/unit/provider/file/posix_spec.rb +2 -2
data/spec/unit/provider/group/windows_adsi_spec.rb +70 -3
data/spec/unit/provider/nameservice/directoryservice_spec.rb +3 -3
data/spec/unit/provider/package/apt_spec.rb +1 -1
data/spec/unit/provider/package/msi_spec.rb +15 -42
data/spec/unit/provider/package/openbsd_spec.rb +3 -3
data/spec/unit/provider/package/rpm_spec.rb +56 -13
data/spec/unit/provider/package/windows_spec.rb +15 -19
data/spec/unit/provider/service/base_spec.rb +1 -1
data/spec/unit/provider/service/daemontools_spec.rb +18 -8
data/spec/unit/provider/service/freebsd_spec.rb +3 -3
data/spec/unit/provider/service/gentoo_spec.rb +5 -2
data/spec/unit/provider/service/init_spec.rb +17 -17
data/spec/unit/provider/service/launchd_spec.rb +76 -23
data/spec/unit/provider/service/openbsd_spec.rb +125 -0
data/spec/unit/provider/service/openwrt_spec.rb +1 -1
data/spec/unit/provider/service/runit_spec.rb +12 -5
data/spec/unit/provider/service/upstart_spec.rb +4 -4
data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +5 -5
data/spec/unit/provider/user/directoryservice_spec.rb +4 -4
data/spec/unit/provider/zone/solaris_spec.rb +1 -1
data/spec/unit/provider_spec.rb +2 -2
data/spec/unit/reports/http_spec.rb +19 -34
data/spec/unit/reports/store_spec.rb +2 -2
data/spec/unit/resource/catalog_spec.rb +81 -11
data/spec/unit/resource/status_spec.rb +11 -1
data/spec/unit/resource/type_spec.rb +30 -1
data/spec/unit/resource_spec.rb +40 -4
data/spec/unit/settings/file_setting_spec.rb +2 -2
data/spec/unit/settings/path_setting_spec.rb +2 -2
data/spec/unit/settings/priority_setting_spec.rb +66 -0
data/spec/unit/settings_spec.rb +16 -31
data/spec/unit/ssl/certificate_authority/autosign_command_spec.rb +30 -0
data/spec/unit/ssl/certificate_authority_spec.rb +129 -134
data/spec/unit/ssl/certificate_factory_spec.rb +18 -0
data/spec/unit/ssl/certificate_request_attributes_spec.rb +61 -0
data/spec/unit/ssl/certificate_request_spec.rb +103 -0
data/spec/unit/ssl/certificate_spec.rb +31 -18
data/spec/unit/ssl/host_spec.rb +34 -8
data/spec/unit/ssl/inventory_spec.rb +27 -62
data/spec/unit/ssl/key_spec.rb +4 -4
data/spec/unit/ssl/oids_spec.rb +48 -0
data/spec/unit/ssl/validator_spec.rb +49 -6
data/spec/unit/status_spec.rb +9 -0
data/spec/unit/transaction/event_spec.rb +1 -9
data/spec/unit/transaction/report_spec.rb +20 -1
data/spec/unit/transaction/resource_harness_spec.rb +60 -210
data/spec/unit/transaction_spec.rb +54 -8
data/spec/unit/type/component_spec.rb +2 -2
data/spec/unit/type/exec_spec.rb +14 -7
data/spec/unit/type/file/content_spec.rb +13 -2
data/spec/unit/type/file/ctime_spec.rb +1 -1
data/spec/unit/type/file/mode_spec.rb +48 -2
data/spec/unit/type/file/mtime_spec.rb +1 -1
data/spec/unit/type/file/source_spec.rb +177 -7
data/spec/unit/type/file_spec.rb +63 -71
data/spec/unit/type/group_spec.rb +20 -0
data/spec/unit/type/k5login_spec.rb +3 -3
data/spec/unit/type/mount_spec.rb +53 -0
data/spec/unit/type/nagios_spec.rb +216 -0
data/spec/unit/type/package_spec.rb +7 -1
data/spec/unit/type/schedule_spec.rb +6 -0
data/spec/unit/type/service_spec.rb +3 -3
data/spec/unit/type/tidy_spec.rb +14 -14
data/spec/unit/type/user_spec.rb +9 -0
data/spec/unit/type_spec.rb +86 -4
data/spec/unit/util/adsi_spec.rb +120 -12
data/spec/unit/util/autoload_spec.rb +14 -14
data/spec/unit/util/backups_spec.rb +29 -21
data/spec/unit/util/checksums_spec.rb +2 -1
data/spec/unit/util/command_line_spec.rb +41 -0
data/spec/unit/util/docs_spec.rb +91 -0
data/spec/unit/util/execution_spec.rb +26 -2
data/spec/unit/util/filetype_spec.rb +7 -7
data/spec/unit/util/lockfile_spec.rb +2 -2
data/spec/unit/util/log/destinations_spec.rb +32 -0
data/spec/unit/util/monkey_patches_spec.rb +41 -0
data/spec/unit/util/pidlock_spec.rb +6 -6
data/spec/unit/util/rdoc/parser_spec.rb +15 -13
data/spec/unit/util/rdoc_spec.rb +18 -24
data/spec/unit/util/resource_template_spec.rb +3 -3
data/spec/unit/util/selinux_spec.rb +4 -2
data/spec/unit/util/storage_spec.rb +4 -4
data/spec/unit/util/suidmanager_spec.rb +7 -0
data/spec/unit/util/tag_set_spec.rb +46 -0
data/spec/unit/util/tagging_spec.rb +82 -45
data/spec/unit/util/watcher_spec.rb +4 -1
data/spec/unit/util/windows/access_control_entry_spec.rb +67 -0
data/spec/unit/util/windows/access_control_list_spec.rb +133 -0
data/spec/unit/util/windows/root_certs_spec.rb +10 -8
data/spec/unit/util/windows/security_descriptor_spec.rb +117 -0
data/spec/unit/util/windows/sid_spec.rb +69 -0
data/spec/unit/util_spec.rb +7 -7
data/tasks/ci.rake +17 -36
metadata +2811 -2746
checksums.yaml +0 -7
data/examples/mac_automount.pp +0 -16
data/examples/mcx_dock_absent.pp +0 -4
data/examples/mcx_dock_default.pp +0 -118
data/examples/mcx_dock_full.pp +0 -125
data/examples/mcx_dock_invalid.pp +0 -9
data/examples/mcx_nogroup.pp +0 -118
data/examples/mcx_notexists_absent.pp +0 -4
data/ext/rack/README +0 -58
data/ext/rack/manifest.pp +0 -59
data/lib/puppet/external/lock.rb +0 -63
data/lib/puppet/indirector/hiera.rb +0 -39
data/lib/puppet/parser/functions/foreach.rb +0 -95
data/spec/integration/network/server/webrick_spec.rb +0 -76
data/spec/integration/parser/functions_spec.rb +0 -16
data/spec/unit/indirector/hiera_spec.rb +0 -154
data/spec/unit/parser/methods/collect_spec.rb +0 -153
data/spec/unit/parser/methods/foreach_spec.rb +0 -91
data/spec/unit/parser/methods/reject_spec.rb +0 -73
data/spec/unit/resource/resource_type.json +0 -34

data/spec/unit/util/tagging_spec.rb CHANGED

@@ -3,92 +3,129 @@ require 'spec_helper'
 require 'puppet/util/tagging'
-describe Puppet::Util::Tagging, "when adding tags" do
-  before do
-    @tagger = Object.new
-    @tagger.extend(Puppet::Util::Tagging)
-  end
-  it "should have a method for adding tags" do
-    @tagger.should be_respond_to(:tag)
-  end
-  it "should have a method for returning all tags" do
-    @tagger.should be_respond_to(:tags)
-  end
+describe Puppet::Util::Tagging do
+  let(:tagger) { Object.new.extend(Puppet::Util::Tagging) }
   it "should add tags to the returned tag list" do
-    @tagger.tag("one")
-    @tagger.tags.should be_include("one")
-  end
-  it "should not add duplicate tags to the returned tag list" do
-    @tagger.tag("one")
-    @tagger.tag("one")
-    @tagger.tags.should == ["one"]
+    tagger.tag("one")
+    expect(tagger.tags).to include("one")
   end
   it "should return a duplicate of the tag list, rather than the original" do
-    @tagger.tag("one")
-    tags = @tagger.tags
+    tagger.tag("one")
+    tags = tagger.tags
     tags << "two"
-    @tagger.tags.should_not be_include("two")
+    expect(tagger.tags).to_not include("two")
   end
   it "should add all provided tags to the tag list" do
-    @tagger.tag("one", "two")
-    @tagger.tags.should be_include("one")
-    @tagger.tags.should be_include("two")
+    tagger.tag("one", "two")
+    expect(tagger.tags).to include("one")
+    expect(tagger.tags).to include("two")
   end
   it "should fail on tags containing '*' characters" do
-    expect { @tagger.tag("bad*tag") }.to raise_error(Puppet::ParseError)
+    expect { tagger.tag("bad*tag") }.to raise_error(Puppet::ParseError)
   end
   it "should fail on tags starting with '-' characters" do
-    expect { @tagger.tag("-badtag") }.to raise_error(Puppet::ParseError)
+    expect { tagger.tag("-badtag") }.to raise_error(Puppet::ParseError)
   end
   it "should fail on tags containing ' ' characters" do
-    expect { @tagger.tag("bad tag") }.to raise_error(Puppet::ParseError)
+    expect { tagger.tag("bad tag") }.to raise_error(Puppet::ParseError)
   end
   it "should allow alpha tags" do
-    expect { @tagger.tag("good_tag") }.to_not raise_error
+    expect { tagger.tag("good_tag") }.not_to raise_error
   end
   it "should allow tags containing '.' characters" do
-    expect { @tagger.tag("good.tag") }.to_not raise_error
+    expect { tagger.tag("good.tag") }.to_not raise_error(Puppet::ParseError)
   end
   it "should add qualified classes as tags" do
-    @tagger.tag("one::two")
-    @tagger.tags.should be_include("one::two")
+    tagger.tag("one::two")
+    expect(tagger.tags).to include("one::two")
   end
   it "should add each part of qualified classes as tags" do
-    @tagger.tag("one::two::three")
-    @tagger.tags.should be_include("one")
-    @tagger.tags.should be_include("two")
-    @tagger.tags.should be_include("three")
+    tagger.tag("one::two::three")
+    expect(tagger.tags).to include('one')
+    expect(tagger.tags).to include("two")
+    expect(tagger.tags).to include("three")
   end
   it "should indicate when the object is tagged with a provided tag" do
-    @tagger.tag("one")
-    @tagger.should be_tagged("one")
+    tagger.tag("one")
+    expect(tagger).to be_tagged("one")
   end
   it "should indicate when the object is not tagged with a provided tag" do
-    @tagger.should_not be_tagged("one")
+    expect(tagger).to_not be_tagged("one")
   end
   it "should indicate when the object is tagged with any tag in an array" do
-    @tagger.tag("one")
-    @tagger.should be_tagged("one","two","three")
+    tagger.tag("one")
+    expect(tagger).to be_tagged("one","two","three")
   end
   it "should indicate when the object is not tagged with any tag in an array" do
-    @tagger.tag("one")
-    @tagger.should_not be_tagged("two","three")
+    tagger.tag("one")
+    expect(tagger).to_not be_tagged("two","three")
+  end
+  context "when tagging" do
+    it "converts symbols to strings" do
+      tagger.tag(:hello)
+      expect(tagger.tags).to include('hello')
+    end
+    it "downcases tags" do
+      tagger.tag(:HEllO)
+      tagger.tag("GooDByE")
+      expect(tagger).to be_tagged("hello")
+      expect(tagger).to be_tagged("goodbye")
+    end
+    it "accepts hyphenated tags" do
+      tagger.tag("my-tag")
+      expect(tagger).to be_tagged("my-tag")
+    end
+  end
+  context "when querying if tagged" do
+    it "responds true if queried on the entire set" do
+      tagger.tag("one", "two")
+      expect(tagger).to be_tagged("one", "two")
+    end
+    it "responds true if queried on a subset" do
+      tagger.tag("one", "two", "three")
+      expect(tagger).to be_tagged("two", "one")
+    end
+    it "responds true if queried on an overlapping but not fully contained set" do
+      tagger.tag("one", "two")
+      expect(tagger).to be_tagged("zero", "one")
+    end
+    it "responds false if queried on a disjoint set" do
+      tagger.tag("one", "two", "three")
+      expect(tagger).to_not be_tagged("five")
+    end
+    it "responds false if queried on the empty set" do
+      expect(tagger).to_not be_tagged
+    end
+  end
+  context "when assigning tags" do
+    it "splits a string on ','" do
+      tagger.tags = "one, two, three"
+      expect(tagger).to be_tagged("one")
+      expect(tagger).to be_tagged("two")
+      expect(tagger).to be_tagged("three")
+    end
   end
 end

data/spec/unit/util/watcher_spec.rb CHANGED

@@ -14,7 +14,10 @@ describe Puppet::Util::Watcher do
     let(:filename) { "fake" }
     def after_reading_the_sequence(initial, *results)
-      expectation = File.stubs(:stat).with(filename)
+      mock_file = mock(filename)
+      Puppet::FileSystem::File.expects(:new).with(filename).at_least(1).returns mock_file
+      expectation = mock_file.stubs(:stat)
       ([initial] + results).each do |result|
         expectation = if result.is_a? Class
                         expectation.raises(result)

data/spec/unit/util/windows/access_control_entry_spec.rb ADDED

@@ -0,0 +1,67 @@
+#!/usr/bin/env ruby
+require 'spec_helper'
+require 'puppet/util/windows'
+describe "Puppet::Util::Windows::AccessControlEntry", :if => Puppet.features.microsoft_windows? do
+  let(:klass) { Puppet::Util::Windows::AccessControlEntry }
+  let(:sid) { 'S-1-5-18' }
+  let(:mask) { Windows::File::FILE_ALL_ACCESS }
+  it "creates an access allowed ace" do
+    ace = klass.new(sid, mask)
+    ace.type.should == klass::ACCESS_ALLOWED_ACE_TYPE
+  end
+  it "creates an access denied ace" do
+    ace = klass.new(sid, mask, 0, klass::ACCESS_DENIED_ACE_TYPE)
+    ace.type.should == klass::ACCESS_DENIED_ACE_TYPE
+  end
+  it "creates a non-inherited ace by default" do
+    ace = klass.new(sid, mask)
+    ace.should_not be_inherited
+  end
+  it "creates an inherited ace" do
+    ace = klass.new(sid, mask, klass::INHERITED_ACE)
+    ace.should be_inherited
+  end
+  it "creates a non-inherit-only ace by default" do
+    ace = klass.new(sid, mask)
+    ace.should_not be_inherit_only
+  end
+  it "creates an inherit-only ace" do
+    ace = klass.new(sid, mask, klass::INHERIT_ONLY_ACE)
+    ace.should be_inherit_only
+  end
+  context "when comparing aces" do
+    let(:ace1) { klass.new(sid, mask, klass::INHERIT_ONLY_ACE, klass::ACCESS_DENIED_ACE_TYPE) }
+    let(:ace2) { klass.new(sid, mask, klass::INHERIT_ONLY_ACE, klass::ACCESS_DENIED_ACE_TYPE) }
+    it "returns true if different objects have the same set of values" do
+    ace1.should == ace2
+    end
+    it "returns false if different objects have different sets of values" do
+      ace = klass.new(sid, mask)
+      ace.should_not == ace1
+    end
+    it "returns true when testing if two objects are eql?" do
+      ace1.eql?(ace2)
+    end
+    it "returns false when comparing object identity" do
+      ace1.should_not be_equal(ace2)
+    end
+  end
+end

data/spec/unit/util/windows/access_control_list_spec.rb ADDED

@@ -0,0 +1,133 @@
+#!/usr/bin/env ruby
+require 'spec_helper'
+require 'puppet/util/windows'
+describe "Puppet::Util::Windows::AccessControlList", :if => Puppet.features.microsoft_windows? do
+  let(:klass) { Puppet::Util::Windows::AccessControlList }
+  let(:system_sid) { 'S-1-5-18' }
+  let(:admins_sid) { 'S-1-5-544' }
+  let(:none_sid)   { 'S-1-0-0' }
+  let(:system_ace) do
+    Puppet::Util::Windows::AccessControlEntry.new(system_sid, 0x1)
+  end
+  let(:admins_ace) do
+    Puppet::Util::Windows::AccessControlEntry.new(admins_sid, 0x2)
+  end
+  let(:none_ace) do
+    Puppet::Util::Windows::AccessControlEntry.new(none_sid, 0x3)
+  end
+  it "constructs an empty list" do
+    acl = klass.new
+    acl.to_a.should be_empty
+  end
+  it "supports copy constructor" do
+    aces = klass.new([system_ace]).to_a
+    aces.to_a.should == [system_ace]
+  end
+  context "appending" do
+    it "appends an allow ace" do
+      acl = klass.new
+      acl.allow(system_sid, 0x1, 0x2)
+      acl.first.type.should == klass::ACCESS_ALLOWED_ACE_TYPE
+    end
+    it "appends a deny ace" do
+      acl = klass.new
+      acl.deny(system_sid, 0x1, 0x2)
+      acl.first.type.should == klass::ACCESS_DENIED_ACE_TYPE
+    end
+    it "always appends, never overwrites an ACE" do
+      acl = klass.new([system_ace])
+      acl.allow(admins_sid, admins_ace.mask, admins_ace.flags)
+      aces = acl.to_a
+      aces.size.should == 2
+      aces[0].should == system_ace
+      aces[1].sid.should == admins_sid
+      aces[1].mask.should == admins_ace.mask
+      aces[1].flags.should == admins_ace.flags
+    end
+  end
+  context "reassigning" do
+    it "preserves the mask from the old sid when reassigning to the new sid" do
+      dacl = klass.new([system_ace])
+      dacl.reassign!(system_ace.sid, admins_ace.sid)
+      # we removed system, so ignore prepended ace
+      ace = dacl.to_a[1]
+      ace.sid.should == admins_sid
+      ace.mask.should == system_ace.mask
+    end
+    it "matches multiple sids" do
+      dacl = klass.new([system_ace, system_ace])
+      dacl.reassign!(system_ace.sid, admins_ace.sid)
+      # we removed system, so ignore prepended ace
+      aces = dacl.to_a
+      aces.size.should == 3
+      aces.to_a[1,2].each do |ace|
+        ace.sid.should == admins_ace.sid
+      end
+    end
+    it "preserves aces for sids that don't match, in their original order" do
+      dacl = klass.new([system_ace, admins_ace])
+      dacl.reassign!(system_sid, none_sid)
+      aces = dacl.to_a
+      aces[1].sid == admins_ace.sid
+    end
+    it "preserves inherited aces, even if the sids match" do
+      flags = Puppet::Util::Windows::AccessControlEntry::INHERITED_ACE
+      inherited_ace = Puppet::Util::Windows::AccessControlEntry.new(system_sid, 0x1, flags)
+      dacl = klass.new([inherited_ace, system_ace])
+      dacl.reassign!(system_sid, none_sid)
+      aces = dacl.to_a
+      aces[0].sid.should == system_sid
+    end
+    it "prepends an explicit ace for the new sid with the same mask and basic inheritance as the inherited ace" do
+      expected_flags =
+        Puppet::Util::Windows::AccessControlEntry::OBJECT_INHERIT_ACE |
+        Puppet::Util::Windows::AccessControlEntry::CONTAINER_INHERIT_ACE |
+        Puppet::Util::Windows::AccessControlEntry::INHERIT_ONLY_ACE
+      flags = Puppet::Util::Windows::AccessControlEntry::INHERITED_ACE | expected_flags
+      inherited_ace = Puppet::Util::Windows::AccessControlEntry.new(system_sid, 0x1, flags)
+      dacl = klass.new([inherited_ace])
+      dacl.reassign!(system_sid, none_sid)
+      aces = dacl.to_a
+      aces.size.should == 2
+      aces[0].sid.should == none_sid
+      aces[0].should_not be_inherited
+      aces[0].flags.should == expected_flags
+      aces[1].sid.should == system_sid
+      aces[1].should be_inherited
+    end
+    it "makes a copy of the ace prior to modifying it" do
+      arr = [system_ace]
+      acl = klass.new(arr)
+      acl.reassign!(system_sid, none_sid)
+      arr[0].sid.should == system_sid
+    end
+  end
+end

data/spec/unit/util/windows/root_certs_spec.rb CHANGED

@@ -3,13 +3,15 @@ require 'spec_helper'
 require 'puppet/util/windows'
 describe "Puppet::Util::Windows::RootCerts", :if => Puppet::Util::Platform.windows? do
-  let(:klass) { Puppet::Util::Windows::RootCerts }
-  let(:x509) { 'mycert' }
-  context '#each' do
-    it "should enumerate each root cert" do
-      klass.expects(:load_certs).returns([x509])
-      klass.instance.to_a.should == [x509]
-    end
+  let(:x509_store) { Puppet::Util::Windows::RootCerts.instance.to_a }
+  it "should return at least one X509 certificate" do
+    expect(x509_store.to_a).to have_at_least(1).items
+  end
+  it "should return an X509 certificate with a subject" do
+    x509 = x509_store.first
+    expect(x509.subject.to_s).to match(/CN=.*/)
   end
 end

data/spec/unit/util/windows/security_descriptor_spec.rb ADDED

@@ -0,0 +1,117 @@
+#!/usr/bin/env ruby
+require 'spec_helper'
+require 'puppet/util/windows'
+describe "Puppet::Util::Windows::SecurityDescriptor", :if => Puppet.features.microsoft_windows? do
+  let(:system_sid) { Win32::Security::SID::LocalSystem }
+  let(:admins_sid) { Win32::Security::SID::BuiltinAdministrators }
+  let(:group_sid) { Win32::Security::SID::Nobody }
+  let(:new_sid)   { 'S-1-5-32-500-1-2-3' }
+  def empty_dacl
+    Puppet::Util::Windows::AccessControlList.new
+  end
+  def system_ace_dacl
+    dacl = Puppet::Util::Windows::AccessControlList.new
+    dacl.allow(system_sid, 0x1)
+    dacl
+  end
+  context "owner" do
+    it "changes the owner" do
+      sd = Puppet::Util::Windows::SecurityDescriptor.new(system_sid, group_sid, system_ace_dacl)
+      sd.owner = new_sid
+      sd.owner.should == new_sid
+    end
+    it "performs a noop if the new owner is the same as the old one" do
+      dacl = system_ace_dacl
+      sd = Puppet::Util::Windows::SecurityDescriptor.new(system_sid, group_sid, dacl)
+      sd.owner = sd.owner
+      sd.dacl.object_id.should == dacl.object_id
+    end
+    it "prepends SYSTEM when security descriptor owner is no longer SYSTEM" do
+      sd = Puppet::Util::Windows::SecurityDescriptor.new(system_sid, group_sid, system_ace_dacl)
+      sd.owner = new_sid
+      aces = sd.dacl.to_a
+      aces.size.should == 2
+      aces[0].sid.should == system_sid
+      aces[1].sid.should == new_sid
+    end
+    it "does not prepend SYSTEM when DACL already contains inherited SYSTEM ace" do
+      sd = Puppet::Util::Windows::SecurityDescriptor.new(admins_sid, system_sid, empty_dacl)
+      sd.dacl.allow(admins_sid, 0x1)
+      sd.dacl.allow(system_sid, 0x1, Puppet::Util::Windows::AccessControlEntry::INHERITED_ACE)
+      sd.owner = new_sid
+      aces = sd.dacl.to_a
+      aces.size.should == 2
+      aces[0].sid.should == new_sid
+    end
+    it "does not prepend SYSTEM when security descriptor owner wasn't SYSTEM" do
+      sd = Puppet::Util::Windows::SecurityDescriptor.new(group_sid, group_sid, empty_dacl)
+      sd.dacl.allow(group_sid, 0x1)
+      sd.owner = new_sid
+      aces = sd.dacl.to_a
+      aces.size.should == 1
+      aces[0].sid.should == new_sid
+    end
+  end
+  context "group" do
+    it "changes the group" do
+      sd = Puppet::Util::Windows::SecurityDescriptor.new(system_sid, group_sid, system_ace_dacl)
+      sd.group = new_sid
+      sd.group.should == new_sid
+    end
+    it "performs a noop if the new group is the same as the old one" do
+      dacl = system_ace_dacl
+      sd = Puppet::Util::Windows::SecurityDescriptor.new(system_sid, group_sid, dacl)
+      sd.group = sd.group
+      sd.dacl.object_id.should == dacl.object_id
+    end
+    it "prepends SYSTEM when security descriptor group is no longer SYSTEM" do
+      sd = Puppet::Util::Windows::SecurityDescriptor.new(new_sid, system_sid, system_ace_dacl)
+      sd.group = new_sid
+      aces = sd.dacl.to_a
+      aces.size.should == 2
+      aces[0].sid.should == system_sid
+      aces[1].sid.should == new_sid
+    end
+    it "does not prepend SYSTEM when DACL already contains inherited SYSTEM ace" do
+      sd = Puppet::Util::Windows::SecurityDescriptor.new(admins_sid, admins_sid, empty_dacl)
+      sd.dacl.allow(admins_sid, 0x1)
+      sd.dacl.allow(system_sid, 0x1, Puppet::Util::Windows::AccessControlEntry::INHERITED_ACE)
+      sd.group = new_sid
+      aces = sd.dacl.to_a
+      aces.size.should == 2
+      aces[0].sid.should == new_sid
+    end
+    it "does not prepend SYSTEM when security descriptor group wasn't SYSTEM" do
+      sd = Puppet::Util::Windows::SecurityDescriptor.new(group_sid, group_sid, empty_dacl)
+      sd.dacl.allow(group_sid, 0x1)
+      sd.group = new_sid
+      aces = sd.dacl.to_a
+      aces.size.should == 1
+      aces[0].sid.should == new_sid
+    end
+  end
+end