puppet 4.5.3-x86-mingw32 → 4.6.1-x86-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (422) hide show
  1. checksums.yaml +7 -0
  2. data/Gemfile +10 -1
  3. data/ext/debian/control +2 -4
  4. data/ext/project_data.yaml +4 -4
  5. data/install.rb +6 -2
  6. data/lib/puppet.rb +3 -1
  7. data/lib/puppet/agent/locker.rb +1 -1
  8. data/lib/puppet/application.rb +6 -4
  9. data/lib/puppet/application/agent.rb +2 -1
  10. data/lib/puppet/application/cert.rb +35 -2
  11. data/lib/puppet/application/device.rb +1 -1
  12. data/lib/puppet/application/generate.rb +5 -0
  13. data/lib/puppet/application/lookup.rb +3 -3
  14. data/lib/puppet/application_support.rb +1 -1
  15. data/lib/puppet/compilable_resource_type.rb +15 -0
  16. data/lib/puppet/configurer.rb +67 -10
  17. data/lib/puppet/configurer/plugin_handler.rb +2 -4
  18. data/lib/puppet/data_providers/hiera_config.rb +1 -1
  19. data/lib/puppet/defaults.rb +34 -7
  20. data/lib/puppet/environments.rb +4 -2
  21. data/lib/puppet/error.rb +1 -1
  22. data/lib/puppet/external/dot.rb +1 -1
  23. data/lib/puppet/face/ca.rb +4 -1
  24. data/lib/puppet/face/certificate.rb +7 -1
  25. data/lib/puppet/face/epp.rb +5 -5
  26. data/lib/puppet/face/generate.rb +64 -0
  27. data/lib/puppet/face/help.rb +19 -13
  28. data/lib/puppet/face/man.rb +1 -1
  29. data/lib/puppet/feature/external_facts.rb +1 -1
  30. data/lib/puppet/file_system.rb +16 -0
  31. data/lib/puppet/file_system/file_impl.rb +5 -0
  32. data/lib/puppet/file_system/memory_impl.rb +4 -0
  33. data/lib/puppet/file_system/path_pattern.rb +1 -0
  34. data/lib/puppet/file_system/windows.rb +19 -0
  35. data/lib/puppet/functions.rb +3 -5
  36. data/lib/puppet/functions/assert_type.rb +1 -1
  37. data/lib/puppet/functions/defined.rb +7 -5
  38. data/lib/puppet/functions/dig.rb +2 -18
  39. data/lib/puppet/functions/hiera.rb +1 -1
  40. data/lib/puppet/functions/lest.rb +1 -37
  41. data/lib/puppet/functions/new.rb +2 -473
  42. data/lib/puppet/functions/reverse_each.rb +2 -59
  43. data/lib/puppet/functions/scanf.rb +4 -4
  44. data/lib/puppet/functions/step.rb +1 -63
  45. data/lib/puppet/functions/then.rb +1 -61
  46. data/lib/puppet/functions/type.rb +1 -40
  47. data/lib/puppet/functions/unwrap.rb +40 -0
  48. data/lib/puppet/generate/models/type/property.rb +70 -0
  49. data/lib/puppet/generate/models/type/type.rb +57 -0
  50. data/lib/puppet/generate/templates/type/pcore.erb +41 -0
  51. data/lib/puppet/generate/type.rb +239 -0
  52. data/lib/puppet/graph/simple_graph.rb +2 -6
  53. data/lib/puppet/indirector/catalog/static_compiler.rb +5 -2
  54. data/lib/puppet/indirector/facts/facter.rb +1 -1
  55. data/lib/puppet/indirector/key/ca.rb +2 -2
  56. data/lib/puppet/indirector/request.rb +25 -4
  57. data/lib/puppet/indirector/rest.rb +73 -3
  58. data/lib/puppet/info_service/class_information_service.rb +1 -2
  59. data/lib/puppet/interface/documentation.rb +1 -1
  60. data/lib/puppet/loaders.rb +2 -0
  61. data/lib/puppet/metatype/manager.rb +6 -6
  62. data/lib/puppet/module.rb +8 -1
  63. data/lib/puppet/module_tool.rb +2 -2
  64. data/lib/puppet/module_tool/checksums.rb +1 -1
  65. data/lib/puppet/module_tool/errors/installer.rb +2 -2
  66. data/lib/puppet/module_tool/metadata.rb +1 -1
  67. data/lib/puppet/network/http/api/indirected_routes.rb +23 -32
  68. data/lib/puppet/network/http/rack/rest.rb +15 -1
  69. data/lib/puppet/network/rights.rb +1 -11
  70. data/lib/puppet/node/environment.rb +7 -3
  71. data/lib/puppet/node/facts.rb +1 -1
  72. data/lib/puppet/parameter.rb +23 -3
  73. data/lib/puppet/parameter/boolean.rb +1 -1
  74. data/lib/puppet/parameter/value.rb +1 -1
  75. data/lib/puppet/parser.rb +0 -1
  76. data/lib/puppet/parser/ast/pops_bridge.rb +1 -1
  77. data/lib/puppet/parser/ast/resource.rb +5 -0
  78. data/lib/puppet/parser/ast/resource_instance.rb +5 -1
  79. data/lib/puppet/parser/ast/resourceparam.rb +5 -0
  80. data/lib/puppet/parser/compiler.rb +14 -17
  81. data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +1 -1
  82. data/lib/puppet/parser/environment_compiler.rb +10 -0
  83. data/lib/puppet/parser/functions/create_resources.rb +39 -24
  84. data/lib/puppet/parser/functions/defined.rb +2 -26
  85. data/lib/puppet/parser/functions/dig.rb +29 -0
  86. data/lib/puppet/parser/functions/lest.rb +49 -0
  87. data/lib/puppet/parser/functions/new.rb +530 -0
  88. data/lib/puppet/parser/functions/require.rb +1 -1
  89. data/lib/puppet/parser/functions/reverse_each.rb +83 -0
  90. data/lib/puppet/parser/functions/scanf.rb +4 -4
  91. data/lib/puppet/parser/functions/step.rb +84 -0
  92. data/lib/puppet/parser/functions/then.rb +73 -0
  93. data/lib/puppet/parser/functions/type.rb +53 -0
  94. data/lib/puppet/parser/resource.rb +16 -7
  95. data/lib/puppet/parser/scope.rb +36 -28
  96. data/lib/puppet/parser/type_loader.rb +1 -1
  97. data/lib/puppet/plugins/data_providers/data_provider.rb +1 -1
  98. data/lib/puppet/pops.rb +13 -0
  99. data/lib/puppet/pops/adapters.rb +49 -49
  100. data/lib/puppet/pops/binder/scheme_handler/confdir_scheme.rb +1 -1
  101. data/lib/puppet/pops/evaluator/access_operator.rb +39 -2
  102. data/lib/puppet/pops/evaluator/closure.rb +39 -13
  103. data/lib/puppet/pops/evaluator/collector_transformer.rb +10 -1
  104. data/lib/puppet/pops/evaluator/evaluator_impl.rb +16 -11
  105. data/lib/puppet/pops/evaluator/external_syntax_support.rb +1 -1
  106. data/lib/puppet/pops/evaluator/json_strict_literal_evaluator.rb +0 -1
  107. data/lib/puppet/pops/evaluator/literal_evaluator.rb +0 -1
  108. data/lib/puppet/pops/evaluator/relationship_operator.rb +1 -2
  109. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +119 -0
  110. data/lib/puppet/pops/evaluator/runtime3_support.rb +19 -45
  111. data/lib/puppet/pops/functions/function.rb +5 -0
  112. data/lib/puppet/pops/issues.rb +1 -1
  113. data/lib/puppet/pops/label_provider.rb +2 -2
  114. data/lib/puppet/pops/loader/base_loader.rb +12 -15
  115. data/lib/puppet/pops/loader/loader.rb +15 -50
  116. data/lib/puppet/pops/loader/loader_paths.rb +28 -2
  117. data/lib/puppet/pops/loader/module_loaders.rb +16 -1
  118. data/lib/puppet/pops/loader/null_loader.rb +17 -1
  119. data/lib/puppet/pops/loader/puppet_function_instantiator.rb +12 -11
  120. data/lib/puppet/pops/loader/puppet_resource_type_impl_instantiator.rb +80 -0
  121. data/lib/puppet/pops/loader/ruby_function_instantiator.rb +2 -3
  122. data/lib/puppet/pops/loader/runtime3_type_loader.rb +52 -13
  123. data/lib/puppet/pops/loader/static_loader.rb +55 -0
  124. data/lib/puppet/pops/loader/type_definition_instantiator.rb +30 -14
  125. data/lib/puppet/pops/loader/typed_name.rb +50 -0
  126. data/lib/puppet/pops/loaders.rb +64 -19
  127. data/lib/puppet/pops/merge_strategy.rb +7 -7
  128. data/lib/puppet/pops/migration/migration_checker.rb +4 -0
  129. data/lib/puppet/pops/model/model_label_provider.rb +2 -0
  130. data/lib/puppet/pops/parser/egrammar.ra +8 -5
  131. data/lib/puppet/pops/parser/eparser.rb +1550 -1498
  132. data/lib/puppet/pops/parser/evaluating_parser.rb +1 -1
  133. data/lib/puppet/pops/parser/interpolation_support.rb +7 -0
  134. data/lib/puppet/pops/parser/lexer2.rb +14 -1
  135. data/lib/puppet/pops/parser/locator.rb +30 -1
  136. data/lib/puppet/pops/parser/parser_support.rb +0 -3
  137. data/lib/puppet/pops/parser/slurp_support.rb +3 -3
  138. data/lib/puppet/pops/patterns.rb +9 -1
  139. data/lib/puppet/pops/pcore.rb +67 -11
  140. data/lib/puppet/pops/puppet_stack.rb +43 -0
  141. data/lib/puppet/pops/resource/param.rb +51 -0
  142. data/lib/puppet/pops/resource/resource_type_impl.rb +301 -0
  143. data/lib/puppet/pops/resource/resource_type_set.pcore +21 -0
  144. data/lib/puppet/pops/serialization.rb +17 -0
  145. data/lib/puppet/pops/serialization/abstract_reader.rb +149 -0
  146. data/lib/puppet/pops/serialization/abstract_writer.rb +179 -0
  147. data/lib/puppet/pops/serialization/deserializer.rb +60 -0
  148. data/lib/puppet/pops/serialization/extension.rb +126 -0
  149. data/lib/puppet/pops/serialization/instance_reader.rb +19 -0
  150. data/lib/puppet/pops/serialization/instance_writer.rb +14 -0
  151. data/lib/puppet/pops/serialization/json.rb +247 -0
  152. data/lib/puppet/pops/serialization/object.rb +63 -0
  153. data/lib/puppet/pops/serialization/rgen.rb +151 -0
  154. data/lib/puppet/pops/serialization/serializer.rb +91 -0
  155. data/lib/puppet/pops/serialization/time_factory.rb +66 -0
  156. data/lib/puppet/pops/types/annotatable.rb +36 -0
  157. data/lib/puppet/pops/types/implementation_registry.rb +3 -8
  158. data/lib/puppet/pops/types/p_meta_type.rb +83 -0
  159. data/lib/puppet/pops/types/p_object_type.rb +110 -117
  160. data/lib/puppet/pops/types/p_runtime_type.rb +13 -0
  161. data/lib/puppet/pops/types/p_sem_ver_range_type.rb +23 -0
  162. data/lib/puppet/pops/types/p_sem_ver_type.rb +30 -2
  163. data/lib/puppet/pops/types/p_sensitive_type.rb +69 -0
  164. data/lib/puppet/pops/types/p_type_set_type.rb +361 -0
  165. data/lib/puppet/pops/types/puppet_object.rb +0 -5
  166. data/lib/puppet/pops/types/ruby_generator.rb +9 -2
  167. data/lib/puppet/pops/types/type_calculator.rb +6 -1
  168. data/lib/puppet/pops/types/type_factory.rb +14 -12
  169. data/lib/puppet/pops/types/type_formatter.rb +78 -33
  170. data/lib/puppet/pops/types/type_mismatch_describer.rb +0 -2
  171. data/lib/puppet/pops/types/type_parser.rb +27 -2
  172. data/lib/puppet/pops/types/type_set_reference.rb +59 -0
  173. data/lib/puppet/pops/types/types.rb +366 -13
  174. data/lib/puppet/pops/validation.rb +4 -4
  175. data/lib/puppet/pops/validation/checker4_0.rb +5 -2
  176. data/lib/puppet/pops/visitor.rb +2 -2
  177. data/lib/puppet/property.rb +64 -5
  178. data/lib/puppet/provider.rb +1 -1
  179. data/lib/puppet/provider/aixobject.rb +3 -3
  180. data/lib/puppet/provider/group/aix.rb +4 -4
  181. data/lib/puppet/provider/macauthorization/macauthorization.rb +1 -1
  182. data/lib/puppet/provider/mailalias/aliases.rb +1 -1
  183. data/lib/puppet/provider/mcx/mcxcontent.rb +2 -2
  184. data/lib/puppet/provider/mount/parsed.rb +1 -1
  185. data/lib/puppet/provider/nameservice/directoryservice.rb +5 -5
  186. data/lib/puppet/provider/package/appdmg.rb +3 -3
  187. data/lib/puppet/provider/package/apple.rb +1 -1
  188. data/lib/puppet/provider/package/dnf.rb +5 -0
  189. data/lib/puppet/provider/package/nim.rb +1 -1
  190. data/lib/puppet/provider/package/pacman.rb +2 -2
  191. data/lib/puppet/provider/package/pip.rb +5 -3
  192. data/lib/puppet/provider/package/pip3.rb +1 -1
  193. data/lib/puppet/provider/package/pkg.rb +5 -5
  194. data/lib/puppet/provider/package/pkgdmg.rb +4 -4
  195. data/lib/puppet/provider/package/pkgin.rb +1 -1
  196. data/lib/puppet/provider/package/pkgutil.rb +1 -1
  197. data/lib/puppet/provider/package/portage.rb +48 -8
  198. data/lib/puppet/provider/package/sun.rb +1 -1
  199. data/lib/puppet/provider/package/tdnf.rb +28 -0
  200. data/lib/puppet/provider/package/yum.rb +22 -4
  201. data/lib/puppet/provider/parsedfile.rb +2 -2
  202. data/lib/puppet/provider/service/base.rb +1 -1
  203. data/lib/puppet/provider/service/bsd.rb +1 -1
  204. data/lib/puppet/provider/service/daemontools.rb +2 -2
  205. data/lib/puppet/provider/service/debian.rb +3 -3
  206. data/lib/puppet/provider/service/init.rb +5 -3
  207. data/lib/puppet/provider/service/launchd.rb +16 -2
  208. data/lib/puppet/provider/service/runit.rb +1 -1
  209. data/lib/puppet/provider/service/smf.rb +8 -1
  210. data/lib/puppet/provider/service/systemd.rb +39 -6
  211. data/lib/puppet/provider/ssh_authorized_key/parsed.rb +1 -1
  212. data/lib/puppet/provider/user/aix.rb +3 -2
  213. data/lib/puppet/provider/user/directoryservice.rb +4 -3
  214. data/lib/puppet/provider/user/hpux.rb +1 -1
  215. data/lib/puppet/provider/user/user_role_add.rb +1 -1
  216. data/lib/puppet/provider/user/windows_adsi.rb +3 -0
  217. data/lib/puppet/provider/zfs/zfs.rb +1 -1
  218. data/lib/puppet/reference/type.rb +1 -1
  219. data/lib/puppet/resource.rb +33 -7
  220. data/lib/puppet/resource/capability_finder.rb +74 -54
  221. data/lib/puppet/resource/status.rb +11 -2
  222. data/lib/puppet/settings.rb +17 -6
  223. data/lib/puppet/settings/environment_conf.rb +1 -1
  224. data/lib/puppet/settings/server_list_setting.rb +20 -0
  225. data/lib/puppet/ssl/certificate_authority.rb +32 -9
  226. data/lib/puppet/ssl/certificate_authority/interface.rb +164 -24
  227. data/lib/puppet/ssl/host.rb +3 -3
  228. data/lib/puppet/ssl/oids.rb +10 -0
  229. data/lib/puppet/ssl/validator/default_validator.rb +2 -2
  230. data/lib/puppet/test/test_helper.rb +2 -2
  231. data/lib/puppet/transaction.rb +12 -0
  232. data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
  233. data/lib/puppet/transaction/event.rb +29 -2
  234. data/lib/puppet/transaction/event_manager.rb +1 -1
  235. data/lib/puppet/transaction/persistence.rb +84 -0
  236. data/lib/puppet/transaction/report.rb +49 -2
  237. data/lib/puppet/transaction/resource_harness.rb +98 -18
  238. data/lib/puppet/type.rb +63 -21
  239. data/lib/puppet/type/augeas.rb +3 -3
  240. data/lib/puppet/type/cron.rb +1 -1
  241. data/lib/puppet/type/file.rb +39 -2
  242. data/lib/puppet/type/file/data_sync.rb +13 -5
  243. data/lib/puppet/type/host.rb +1 -1
  244. data/lib/puppet/type/mount.rb +2 -6
  245. data/lib/puppet/type/notify.rb +1 -1
  246. data/lib/puppet/type/package.rb +1 -1
  247. data/lib/puppet/type/resources.rb +1 -1
  248. data/lib/puppet/type/scheduled_task.rb +1 -1
  249. data/lib/puppet/type/ssh_authorized_key.rb +2 -2
  250. data/lib/puppet/type/tidy.rb +1 -1
  251. data/lib/puppet/type/yumrepo.rb +3 -3
  252. data/lib/puppet/type/zone.rb +1 -1
  253. data/lib/puppet/util.rb +2 -2
  254. data/lib/puppet/util/classgen.rb +1 -1
  255. data/lib/puppet/util/command_line.rb +6 -2
  256. data/lib/puppet/util/command_line/trollop.rb +1 -1
  257. data/lib/puppet/util/execution.rb +2 -2
  258. data/lib/puppet/util/http_proxy.rb +1 -1
  259. data/lib/puppet/util/inifile.rb +1 -1
  260. data/lib/puppet/util/instance_loader.rb +1 -1
  261. data/lib/puppet/util/logging.rb +1 -1
  262. data/lib/puppet/util/multi_match.rb +1 -1
  263. data/lib/puppet/util/plist.rb +15 -5
  264. data/lib/puppet/util/profiler.rb +1 -1
  265. data/lib/puppet/util/profiler/around_profiler.rb +1 -1
  266. data/lib/puppet/util/psych_support.rb +1 -1
  267. data/lib/puppet/util/rdoc.rb +2 -2
  268. data/lib/puppet/util/rubygems.rb +1 -1
  269. data/lib/puppet/util/watcher/periodic_watcher.rb +2 -2
  270. data/lib/puppet/util/windows/access_control_entry.rb +1 -1
  271. data/lib/puppet/util/windows/adsi.rb +30 -8
  272. data/lib/puppet/util/windows/api_types.rb +1 -1
  273. data/lib/puppet/util/windows/file.rb +59 -0
  274. data/lib/puppet/util/windows/process.rb +10 -0
  275. data/lib/puppet/util/windows/security.rb +1 -1
  276. data/lib/puppet/util/windows/user.rb +22 -4
  277. data/lib/puppet/util/yaml.rb +15 -3
  278. data/lib/puppet/vendor/deep_merge/test/test_deep_merge.rb +1 -1
  279. data/lib/puppet/vendor/rgen_patch.rb +1 -1
  280. data/lib/puppet/version.rb +2 -2
  281. data/spec/fixtures/unit/pops/loaders/loaders/no_modules/manifests/site.pp +10 -0
  282. data/spec/integration/agent/logging_spec.rb +15 -14
  283. data/spec/integration/application/apply_spec.rb +1 -0
  284. data/spec/integration/directory_environments_spec.rb +16 -0
  285. data/spec/integration/environments/settings_spec.rb +32 -4
  286. data/spec/integration/faces/documentation_spec.rb +1 -1
  287. data/spec/integration/network/http/api/indirected_routes_spec.rb +33 -0
  288. data/spec/integration/node/environment_spec.rb +21 -0
  289. data/spec/integration/parser/collection_spec.rb +10 -0
  290. data/spec/integration/parser/compiler_spec.rb +76 -840
  291. data/spec/integration/parser/functions/require_spec.rb +3 -3
  292. data/spec/integration/parser/parameter_defaults_spec.rb +6 -2
  293. data/spec/integration/parser/pcore_resource_spec.rb +208 -0
  294. data/spec/integration/parser/resource_expressions_spec.rb +4 -2
  295. data/spec/integration/provider/yumrepo_spec.rb +4 -1
  296. data/spec/integration/transaction/report_spec.rb +666 -0
  297. data/spec/integration/type/file_spec.rb +11 -12
  298. data/spec/integration/util/windows/adsi_spec.rb +99 -0
  299. data/spec/integration/util/windows/principal_spec.rb +109 -60
  300. data/spec/integration/util/windows/process_spec.rb +4 -2
  301. data/spec/integration/util/windows/security_spec.rb +34 -8
  302. data/spec/integration/util/windows/user_spec.rb +26 -4
  303. data/spec/lib/puppet_spec/files.rb +2 -2
  304. data/spec/lib/puppet_spec/network.rb +12 -8
  305. data/spec/shared_examples/rhel_package_provider.rb +341 -0
  306. data/spec/spec_helper.rb +8 -2
  307. data/spec/unit/application/cert_spec.rb +20 -0
  308. data/spec/unit/configurer/plugin_handler_spec.rb +0 -26
  309. data/spec/unit/configurer_spec.rb +46 -0
  310. data/spec/unit/defaults_spec.rb +14 -0
  311. data/spec/unit/face/generate_spec.rb +230 -0
  312. data/spec/unit/face/help_spec.rb +53 -0
  313. data/spec/unit/face/parser_spec.rb +6 -0
  314. data/spec/unit/face/plugin_spec.rb +0 -4
  315. data/spec/unit/file_system_spec.rb +85 -0
  316. data/spec/unit/functions/lookup_spec.rb +4 -4
  317. data/spec/unit/functions/match_spec.rb +2 -2
  318. data/spec/unit/functions/regsubst_spec.rb +1 -1
  319. data/spec/unit/functions/split_spec.rb +1 -1
  320. data/spec/unit/functions/unwrap_spec.rb +29 -0
  321. data/spec/unit/functions/versioncmp_spec.rb +1 -1
  322. data/spec/unit/functions4_spec.rb +8 -8
  323. data/spec/unit/indirector/facts/facter_spec.rb +1 -9
  324. data/spec/unit/indirector/rest_spec.rb +95 -9
  325. data/spec/unit/module_spec.rb +43 -7
  326. data/spec/unit/module_tool/applications/installer_spec.rb +10 -1
  327. data/spec/unit/module_tool/applications/unpacker_spec.rb +2 -1
  328. data/spec/unit/module_tool/applications/upgrader_spec.rb +8 -0
  329. data/spec/unit/module_tool/tar/mini_spec.rb +3 -3
  330. data/spec/unit/network/http/api/indirected_routes_spec.rb +49 -58
  331. data/spec/unit/network/http/api/master/v3_spec.rb +7 -4
  332. data/spec/unit/network/rights_spec.rb +1 -1
  333. data/spec/unit/parameter_spec.rb +11 -0
  334. data/spec/unit/parser/compiler_spec.rb +19 -33
  335. data/spec/unit/{appmgmt_spec.rb → parser/environment_compiler_spec.rb} +12 -1
  336. data/spec/unit/parser/functions/create_resources_spec.rb +76 -4
  337. data/spec/unit/parser/functions/require_spec.rb +2 -2
  338. data/spec/unit/parser/resource_spec.rb +21 -11
  339. data/spec/unit/parser/scope_spec.rb +1 -5
  340. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +1 -1
  341. data/spec/unit/pops/loaders/dependency_loader_spec.rb +1 -1
  342. data/spec/unit/pops/loaders/loader_paths_spec.rb +1 -1
  343. data/spec/unit/pops/loaders/loaders_spec.rb +63 -5
  344. data/spec/unit/pops/loaders/module_loaders_spec.rb +2 -2
  345. data/spec/unit/pops/loaders/static_loader_spec.rb +1 -1
  346. data/spec/unit/pops/parser/lexer2_spec.rb +27 -3
  347. data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +8 -0
  348. data/spec/unit/pops/parser/parse_calls_spec.rb +9 -0
  349. data/spec/unit/pops/puppet_stack_spec.rb +79 -0
  350. data/spec/unit/pops/resource/resource_type_impl_spec.rb +37 -0
  351. data/spec/unit/pops/serialization/packer_spec.rb +153 -0
  352. data/spec/unit/pops/serialization/rgen_spec.rb +88 -0
  353. data/spec/unit/pops/serialization/serialization_spec.rb +228 -0
  354. data/spec/unit/pops/types/p_object_type_spec.rb +44 -2
  355. data/spec/unit/pops/types/p_sem_ver_type_spec.rb +42 -0
  356. data/spec/unit/pops/types/p_sensitive_type_spec.rb +139 -0
  357. data/spec/unit/pops/types/p_type_set_type_spec.rb +424 -0
  358. data/spec/unit/pops/types/ruby_generator_spec.rb +497 -181
  359. data/spec/unit/pops/types/type_calculator_spec.rb +10 -4
  360. data/spec/unit/pops/types/type_formatter_spec.rb +1 -1
  361. data/spec/unit/pops/types/type_mismatch_describer_spec.rb +2 -2
  362. data/spec/unit/pops/types/type_parser_spec.rb +1 -1
  363. data/spec/unit/pops/types/types_spec.rb +1 -1
  364. data/spec/unit/pops/validator/validator_spec.rb +18 -1
  365. data/spec/unit/property_spec.rb +48 -11
  366. data/spec/unit/provider/group/windows_adsi_spec.rb +11 -1
  367. data/spec/unit/provider/package/dnf_spec.rb +1 -99
  368. data/spec/unit/provider/package/pacman_spec.rb +4 -4
  369. data/spec/unit/provider/package/pip_spec.rb +14 -0
  370. data/spec/unit/provider/package/pkg_spec.rb +6 -0
  371. data/spec/unit/provider/package/pkgdmg_spec.rb +0 -3
  372. data/spec/unit/provider/package/portage_spec.rb +64 -8
  373. data/spec/unit/provider/package/tdnf_spec.rb +18 -0
  374. data/spec/unit/provider/package/windows/package_spec.rb +4 -1
  375. data/spec/unit/provider/package/windows_spec.rb +8 -2
  376. data/spec/unit/provider/package/yum_spec.rb +6 -377
  377. data/spec/unit/provider/service/base_spec.rb +6 -0
  378. data/spec/unit/provider/service/debian_spec.rb +16 -7
  379. data/spec/unit/provider/service/gentoo_spec.rb +6 -0
  380. data/spec/unit/provider/service/init_spec.rb +7 -0
  381. data/spec/unit/provider/service/launchd_spec.rb +35 -4
  382. data/spec/unit/provider/service/openrc_spec.rb +6 -0
  383. data/spec/unit/provider/service/smf_spec.rb +31 -6
  384. data/spec/unit/provider/service/src_spec.rb +6 -0
  385. data/spec/unit/provider/service/systemd_spec.rb +70 -20
  386. data/spec/unit/provider/service/upstart_spec.rb +6 -0
  387. data/spec/unit/provider/user/aix_spec.rb +7 -0
  388. data/spec/unit/provider/user/directoryservice_spec.rb +30 -1
  389. data/spec/unit/provider/user/windows_adsi_spec.rb +19 -0
  390. data/spec/unit/resource/capability_finder_spec.rb +51 -3
  391. data/spec/unit/resource/catalog_spec.rb +5 -0
  392. data/spec/unit/resource/type_spec.rb +2 -2
  393. data/spec/unit/resource_spec.rb +19 -0
  394. data/spec/unit/settings_spec.rb +13 -0
  395. data/spec/unit/ssl/certificate_authority/interface_spec.rb +176 -10
  396. data/spec/unit/ssl/certificate_authority_spec.rb +63 -22
  397. data/spec/unit/ssl/host_spec.rb +1 -1
  398. data/spec/unit/ssl/oids_spec.rb +24 -21
  399. data/spec/unit/transaction/event_spec.rb +3 -1
  400. data/spec/unit/transaction/persistence_spec.rb +173 -0
  401. data/spec/unit/transaction/report_spec.rb +64 -1
  402. data/spec/unit/transaction/resource_harness_spec.rb +91 -0
  403. data/spec/unit/type/file/content_spec.rb +47 -15
  404. data/spec/unit/type/file_spec.rb +28 -0
  405. data/spec/unit/type/mount_spec.rb +5 -12
  406. data/spec/unit/type/yumrepo_spec.rb +1 -5
  407. data/spec/unit/type_spec.rb +32 -0
  408. data/spec/unit/util/command_line_spec.rb +11 -0
  409. data/spec/unit/util/execution_spec.rb +1 -1
  410. data/spec/unit/util/plist_spec.rb +16 -3
  411. data/spec/unit/util/storage_spec.rb +4 -1
  412. data/spec/unit/util/windows/adsi_spec.rb +23 -2
  413. data/spec/unit/util/windows/file_spec.rb +56 -1
  414. data/spec/unit/util/windows/sid_spec.rb +31 -7
  415. data/spec/unit/util/yaml_spec.rb +12 -0
  416. data/spec/unit/util_spec.rb +87 -20
  417. metadata +91 -48
  418. data/ext/puppetlisten/puppetlisten.rb +0 -77
  419. data/ext/puppetlisten/puppetrun.rb +0 -38
  420. data/lib/puppet/resource/type_collection_helper.rb +0 -7
  421. data/spec/unit/parser/functions/defined_spec.rb +0 -120
  422. data/spec/unit/resource/type_collection_helper_spec.rb +0 -24
@@ -18,6 +18,8 @@ describe Puppet::Type.type(:user).provider(:windows_adsi), :if => Puppet.feature
18
18
  before :each do
19
19
  Puppet::Util::Windows::ADSI.stubs(:computer_name).returns('testcomputername')
20
20
  Puppet::Util::Windows::ADSI.stubs(:connect).returns connection
21
+ # this would normally query the system, but not needed for these tests
22
+ Puppet::Util::Windows::ADSI::User.stubs(:localized_domains).returns([])
21
23
  end
22
24
 
23
25
  describe ".instances" do
@@ -34,6 +36,16 @@ describe Puppet::Type.type(:user).provider(:windows_adsi), :if => Puppet.feature
34
36
  expect(provider.user).to be_a(Puppet::Util::Windows::ADSI::User)
35
37
  end
36
38
 
39
+ describe "when retrieving the password property" do
40
+ context "when the resource has a nil password" do
41
+ it "should never issue a logon attempt" do
42
+ resource.stubs(:[]).with(any_of(:name, :password)).returns(nil)
43
+ Puppet::Util::Windows::User.expects(:logon_user).never
44
+ provider.password
45
+ end
46
+ end
47
+ end
48
+
37
49
  describe "when managing groups" do
38
50
  it 'should return the list of groups as an array of strings' do
39
51
  provider.user.stubs(:groups).returns nil
@@ -226,6 +238,13 @@ describe Puppet::Type.type(:user).provider(:windows_adsi), :if => Puppet.feature
226
238
  expect(provider.password).to be_nil
227
239
  end
228
240
 
241
+ it "should test a blank user password" do
242
+ resource[:password] = ''
243
+ provider.user.expects(:password_is?).with('').returns true
244
+
245
+ expect(provider.password).to eq('')
246
+ end
247
+
229
248
  it 'should not create a user if a group by the same name exists' do
230
249
  Puppet::Util::Windows::ADSI::User.expects(:create).with('testuser').raises( Puppet::Error.new("Cannot create user if group 'testuser' exists.") )
231
250
  expect{ provider.create }.to raise_error( Puppet::Error,
@@ -65,13 +65,61 @@ describe Puppet::Resource::CapabilityFinder do
65
65
  result = Puppet::Resource::CapabilityFinder.find('production', nil, Puppet::Resource.new('Cap', 'cap'))
66
66
  expect(result['host']).to eq('ahost')
67
67
  end
68
+ end
69
+
70
+ describe '#find' do
71
+ let(:capability) { Puppet::Resource.new('Cap', 'cap') }
72
+ let(:code_id) { 'b59e5df0578ef411f773ee6c33d8073c50e7b8fe' }
73
+
74
+ it 'should search for the resource without including code_id' do
75
+ resources = [{"type"=>"Cap", "title"=>"cap", "parameters"=>{"host"=>"ahost"}}]
76
+ Puppet::Resource::CapabilityFinder.stubs(:search).with('production', nil, capability).returns resources
68
77
 
69
- it 'should include code_id in query' do
70
- code_id = 'b59e5df0578ef411f773ee6c33d8073c50e7b8fe'
71
- Puppet::Util::Puppetdb::Http.expects(:action).with(regexp_matches(Regexp.new(CGI.escape('"=","code_id","' + code_id + "")))).returns(response)
72
78
  result = Puppet::Resource::CapabilityFinder.find('production', code_id, Puppet::Resource.new('Cap', 'cap'))
73
79
  expect(result['host']).to eq('ahost')
74
80
  end
81
+
82
+ it 'should return nil if no resource is found' do
83
+ Puppet::Resource::CapabilityFinder.stubs(:search).with('production', nil, capability).returns []
84
+
85
+ result = Puppet::Resource::CapabilityFinder.find('production', code_id, capability)
86
+ expect(result).to be_nil
87
+ end
88
+
89
+ describe 'when multiple results are returned' do
90
+ let(:resources) do
91
+ [{"type"=>"Cap", "title"=>"cap", "parameters"=>{"host"=>"ahost"}},
92
+ {"type"=>"Cap", "title"=>"cap", "parameters"=>{"host"=>"bhost"}}]
93
+ end
94
+
95
+ before :each do
96
+ Puppet::Resource::CapabilityFinder.stubs(:search).with('production', nil, capability).returns resources
97
+ end
98
+
99
+ it 'should return the resource matching code_id' do
100
+ Puppet::Resource::CapabilityFinder.stubs(:search).with('production', code_id, capability).returns [{"type"=>"Cap", "title"=>"cap", "parameters"=>{"host"=>"chost"}}]
101
+
102
+ result = Puppet::Resource::CapabilityFinder.find('production', code_id, capability)
103
+ expect(result['host']).to eq('chost')
104
+ end
105
+
106
+ it 'should return nil if no resource matches code_id' do
107
+ Puppet::Resource::CapabilityFinder.stubs(:search).with('production', code_id, capability).returns []
108
+
109
+ result = Puppet::Resource::CapabilityFinder.find('production', code_id, capability)
110
+ expect(result).to be_nil
111
+ end
112
+
113
+ it 'should fail if multiple resources match code_id' do
114
+ Puppet::Resource::CapabilityFinder.stubs(:search).with('production', code_id, capability).returns resources
115
+
116
+ expect { Puppet::Resource::CapabilityFinder.find('production', code_id, capability) }.to raise_error(Puppet::DevError, /expected exactly one resource/)
117
+ end
118
+
119
+ it 'should fail if no code_id was specified' do
120
+ expect { Puppet::Resource::CapabilityFinder.find('production', nil, capability) }.to raise_error(Puppet::DevError, /expected exactly one resource/)
121
+ end
122
+ end
75
123
  end
76
124
  end
77
125
  end
@@ -818,6 +818,11 @@ describe Puppet::Resource::Catalog, "when converting a resource catalog to pson"
818
818
  expect(catalog.to_pson).to validate_against('api/schemas/catalog.json')
819
819
  end
820
820
 
821
+ it "should validate a single sensitive parameter resource catalog against the schema" do
822
+ catalog = compile_to_catalog("create_resources('file', {'/etc/foo'=>{'ensure'=>'present','content'=>Sensitive('hunter2')}})")
823
+ expect(catalog.to_pson).to validate_against('api/schemas/catalog.json')
824
+ end
825
+
821
826
  it "should validate a two resource catalog against the schema" do
822
827
  catalog = compile_to_catalog("create_resources('notify', {'foo'=>{'message'=>'one'}, 'bar'=>{'message'=>'two'}})")
823
828
  expect(catalog.to_pson).to validate_against('api/schemas/catalog.json')
@@ -656,7 +656,7 @@ describe Puppet::Resource::Type do
656
656
 
657
657
  @compiler.add_resource @scope, @parent_resource
658
658
 
659
- @type.resource_type_collection = @scope.known_resource_types
659
+ @type.resource_type_collection = @scope.environment.known_resource_types
660
660
  @type.resource_type_collection.add @parent_type
661
661
  end
662
662
 
@@ -696,7 +696,7 @@ describe Puppet::Resource::Type do
696
696
 
697
697
  @compiler.add_resource @scope, @parent_resource
698
698
 
699
- @type.resource_type_collection = @scope.known_resource_types
699
+ @type.resource_type_collection = @scope.environment.known_resource_types
700
700
  @type.resource_type_collection.add(@parent_type)
701
701
  end
702
702
 
@@ -811,6 +811,12 @@ describe Puppet::Resource do
811
811
  expect(result["fee"]).to eq(%w{baz})
812
812
  end
813
813
 
814
+ it "should set sensitive parameters as an array of strings" do
815
+ resource = Puppet::Resource.new("File", "/foo", :sensitive_parameters => [:foo, :fee])
816
+ result = PSON.parse(resource.to_pson)
817
+ expect(result["sensitive_parameters"]).to eq ["foo", "fee"]
818
+ end
819
+
814
820
  it "should serialize relationships as reference strings" do
815
821
  resource = Puppet::Resource.new("File", "/foo")
816
822
  resource[:requires] = Puppet::Resource.new("File", "/bar")
@@ -894,6 +900,11 @@ describe Puppet::Resource do
894
900
  resource = Puppet::Resource.from_data_hash(@data)
895
901
  expect(resource['foo']).to eq(%w{one})
896
902
  end
903
+
904
+ it "converts deserialized sensitive parameters as symbols" do
905
+ @data['sensitive_parameters'] = ['content', 'mode']
906
+ expect(Puppet::Resource.from_data_hash(@data).sensitive_parameters).to eq [:content, :mode]
907
+ end
897
908
  end
898
909
 
899
910
  it "implements copy_as_resource" do
@@ -901,6 +912,14 @@ describe Puppet::Resource do
901
912
  expect(resource.copy_as_resource).to eq(resource)
902
913
  end
903
914
 
915
+ describe "when copying resources" do
916
+ it "deep copies over 'sensitive' values" do
917
+ rhs = Puppet::Resource.new("file", "/my/file", {:parameters => {:content => "foo"}, :sensitive_parameters => [:content]})
918
+ lhs = Puppet::Resource.new(rhs)
919
+ expect(lhs.sensitive_parameters).to eq [:content]
920
+ end
921
+ end
922
+
904
923
  describe "because it is an indirector model" do
905
924
  it "should include Puppet::Indirector" do
906
925
  expect(Puppet::Resource).to be_is_a(Puppet::Indirector)
@@ -1375,8 +1375,21 @@ describe Puppet::Settings do
1375
1375
  end
1376
1376
 
1377
1377
  describe "when adding users and groups to the catalog" do
1378
+ before :all do
1379
+ # when this spec is run in isolation to build a settings catalog
1380
+ # it will not be able to autorequire and load types for the first time
1381
+ # on Windows with microsoft_windows? stubbed to false, because
1382
+ # Puppet::Util.path_to_uri is called to generate a URI to load code
1383
+ # and it manipulates the path based on OS
1384
+ # so instead we forcefully "prime" the cached types
1385
+ Puppet::Type.type(:user).new(:name => 'foo')
1386
+ Puppet::Type.type(:group).new(:name => 'bar')
1387
+ Puppet::Type.type(:file).new(:name => Dir.pwd) # appropriate for OS
1388
+ end
1389
+
1378
1390
  before do
1379
1391
  Puppet.features.stubs(:root?).returns true
1392
+ # stubbed to false, as Windows catalogs don't add users / groups
1380
1393
  Puppet.features.stubs(:microsoft_windows?).returns false
1381
1394
 
1382
1395
  @settings.define_settings :foo,
@@ -125,8 +125,8 @@ describe Puppet::SSL::CertificateAuthority::Interface do
125
125
  it "should call :generate on the CA for each host specified" do
126
126
  @applier = @class.new(:generate, :to => %w{host1 host2})
127
127
 
128
- @ca.expects(:generate).with("host1", {})
129
- @ca.expects(:generate).with("host2", {})
128
+ @ca.expects(:generate).with() {|*args| args.first == "host1" }
129
+ @ca.expects(:generate).with() {|*args| args.first == "host2" }
130
130
 
131
131
  @applier.apply(@ca)
132
132
  end
@@ -156,23 +156,79 @@ describe Puppet::SSL::CertificateAuthority::Interface do
156
156
  end
157
157
 
158
158
  describe ":sign" do
159
+ before do
160
+ @csr1 = Puppet::SSL::CertificateRequest.new 'baz'
161
+ end
162
+
163
+ describe "when run in interactive mode" do
164
+ before do
165
+ Puppet::SSL::CertificateRequest.indirection.stubs(:find).with("csr1").returns @csr1
166
+
167
+ @ca.stubs(:waiting?).returns(%w{csr1})
168
+ @ca.stubs(:check_internal_signing_policies).returns(true)
169
+ end
170
+
171
+ it "should prompt before signing cert" do
172
+ @applier = @class.new(:sign, :to => :all, :interactive => true)
173
+ @applier.stubs(:format_host).returns("(host info)")
174
+
175
+ @applier.expects(:puts).
176
+ with("Signing Certificate Request for:\n(host info)")
177
+
178
+ STDOUT.expects(:print).with("Sign Certificate Request? [y/N] ")
179
+
180
+ STDIN.stubs(:gets).returns('y')
181
+ @ca.expects(:sign).with("csr1", {})
182
+
183
+ @applier.apply(@ca)
184
+ end
185
+
186
+ it "a yes answer can be assumed via options" do
187
+ @applier = @class.new(:sign, :to => :all, :interactive => true, :yes => true)
188
+ @applier.stubs(:format_host).returns("(host info)")
189
+
190
+ @applier.expects(:puts).
191
+ with("Signing Certificate Request for:\n(host info)")
192
+
193
+ STDOUT.expects(:print).with("Sign Certificate Request? [y/N] ")
194
+
195
+ @applier.expects(:puts).
196
+ with("Assuming YES from `-y' or `--assume-yes' flag")
197
+
198
+ @ca.expects(:sign).with("csr1", {})
199
+
200
+ @applier.apply(@ca)
201
+ end
202
+ end
203
+
159
204
  describe "and an array of names was provided" do
205
+ before do
206
+ Puppet::SSL::CertificateRequest.indirection.stubs(:find).with("host1").returns @csr1
207
+ Puppet::SSL::CertificateRequest.indirection.stubs(:find).with("host2").returns @csr1
208
+ end
209
+
160
210
  let(:applier) { @class.new(:sign, @options.merge(:to => %w{host1 host2})) }
161
211
 
162
212
  it "should sign the specified waiting certificate requests" do
163
213
  @options = {:allow_dns_alt_names => false}
214
+ applier.stubs(:format_host).returns("")
215
+ applier.stubs(:puts)
216
+ @ca.stubs(:check_internal_signing_policies).returns(true)
164
217
 
165
- @ca.expects(:sign).with("host1", false)
166
- @ca.expects(:sign).with("host2", false)
218
+ @ca.expects(:sign).with("host1", @options)
219
+ @ca.expects(:sign).with("host2", @options)
167
220
 
168
221
  applier.apply(@ca)
169
222
  end
170
223
 
171
224
  it "should sign the certificate requests with alt names if specified" do
172
225
  @options = {:allow_dns_alt_names => true}
226
+ applier.stubs(:format_host).returns("")
227
+ applier.stubs(:puts)
228
+ @ca.stubs(:check_internal_signing_policies).returns(true)
173
229
 
174
- @ca.expects(:sign).with("host1", true)
175
- @ca.expects(:sign).with("host2", true)
230
+ @ca.expects(:sign).with("host1", @options)
231
+ @ca.expects(:sign).with("host2", @options)
176
232
 
177
233
  applier.apply(@ca)
178
234
  end
@@ -181,11 +237,16 @@ describe Puppet::SSL::CertificateAuthority::Interface do
181
237
  describe "and :all was provided" do
182
238
  it "should sign all waiting certificate requests" do
183
239
  @ca.stubs(:waiting?).returns(%w{cert1 cert2})
240
+ Puppet::SSL::CertificateRequest.indirection.stubs(:find).with("cert1").returns @csr1
241
+ Puppet::SSL::CertificateRequest.indirection.stubs(:find).with("cert2").returns @csr1
242
+ @ca.stubs(:check_internal_signing_policies).returns(true)
184
243
 
185
- @ca.expects(:sign).with("cert1", nil)
186
- @ca.expects(:sign).with("cert2", nil)
244
+ @ca.expects(:sign).with("cert1", {})
245
+ @ca.expects(:sign).with("cert2", {})
187
246
 
188
247
  @applier = @class.new(:sign, :to => :all)
248
+ @applier.stubs(:format_host).returns("")
249
+ @applier.stubs(:puts)
189
250
  @applier.apply(@ca)
190
251
  end
191
252
 
@@ -199,18 +260,33 @@ describe Puppet::SSL::CertificateAuthority::Interface do
199
260
  end
200
261
 
201
262
  describe ":list" do
263
+ let(:signed_alt_names) { [] }
264
+ let(:request_alt_names) { [] }
265
+ let(:custom_attrs) { [] }
266
+ let(:ext_requests) { [] }
267
+ let(:custom_exts) { [] }
268
+
202
269
  before :each do
203
270
  @cert = Puppet::SSL::Certificate.new 'foo'
204
271
  @csr = Puppet::SSL::CertificateRequest.new 'bar'
205
272
 
206
- @cert.stubs(:subject_alt_names).returns []
207
- @csr.stubs(:subject_alt_names).returns []
273
+ @cert.stubs(:subject_alt_names).returns signed_alt_names
274
+ @cert.stubs(:custom_extensions).returns custom_exts
275
+
276
+ @csr.stubs(:subject_alt_names).returns request_alt_names
277
+ @csr.stubs(:custom_attributes).returns custom_attrs
278
+ @csr.stubs(:request_extensions).returns ext_requests
208
279
 
209
280
  Puppet::SSL::Certificate.indirection.stubs(:find).returns @cert
210
281
  Puppet::SSL::CertificateRequest.indirection.stubs(:find).returns @csr
211
282
 
212
283
  @digest = mock("digest")
213
284
  @digest.stubs(:to_s).returns("(fingerprint)")
285
+
286
+ @expiration = mock('time')
287
+ @expiration.stubs(:iso8601).returns("(expiration)")
288
+ @cert.stubs(:expiration).returns(@expiration)
289
+
214
290
  @ca.expects(:waiting?).returns %w{host1 host2 host3}
215
291
  @ca.expects(:list).returns(%w{host4 host5 host6}).at_most(1)
216
292
  @csr.stubs(:digest).returns @digest
@@ -293,6 +369,96 @@ describe Puppet::SSL::CertificateAuthority::Interface do
293
369
  applier.apply(@ca)
294
370
  end
295
371
  end
372
+
373
+ describe "with custom attrbutes and extensions" do
374
+ let(:custom_attrs) { [{'oid' => 'customAttr', 'value' => 'attrValue'}] }
375
+ let(:ext_requests) { [{'oid' => 'customExt', 'value' => 'reqExtValue'}] }
376
+ let(:custom_exts) { [{'oid' => 'extName', 'value' => 'extValue'}] }
377
+ let(:signed_alt_names) { ["DNS:puppet", "DNS:puppet.example.com"] }
378
+
379
+ before do
380
+ @ca.unstub(:waiting?)
381
+ @ca.unstub(:list)
382
+ @ca.expects(:waiting?).returns %w{ext3}
383
+ @ca.expects(:list).returns(%w{ext1 ext2}).at_most(1)
384
+
385
+ @ca.stubs(:verify).with("ext2").
386
+ raises(Puppet::SSL::CertificateAuthority::CertificateVerificationError.new(23),
387
+ "certificate revoked")
388
+
389
+ Puppet::SSL::Certificate.indirection.stubs(:find).returns @cert
390
+ Puppet::SSL::CertificateRequest.indirection.stubs(:find).returns @csr
391
+ end
392
+
393
+ describe "using legacy format" do
394
+ it "should append astrisks to end of line to denote additional information available" do
395
+ applier = @class.new(:list, :to => %w{ext1 ext2 ext3})
396
+
397
+ applier.expects(:puts).with(<<-OUTPUT.chomp)
398
+ "ext3" (fingerprint) **
399
+ + "ext1" (fingerprint) (alt names: "DNS:puppet", "DNS:puppet.example.com") **
400
+ - "ext2" (fingerprint) (certificate revoked)
401
+ OUTPUT
402
+
403
+ applier.apply(@ca)
404
+ end
405
+
406
+ it "should append attributes and extensions to end of line when running :verbose" do
407
+ applier = @class.new(:list, :to => %w{ext1 ext2 ext3}, :verbose => true)
408
+
409
+ applier.expects(:puts).with(<<-OUTPUT.chomp)
410
+ "ext3" (fingerprint) (customAttr: "attrValue", customExt: "reqExtValue")
411
+ + "ext1" (fingerprint) (expiration) (alt names: "DNS:puppet", "DNS:puppet.example.com", extName: "extValue")
412
+ - "ext2" (fingerprint) (certificate revoked)
413
+ OUTPUT
414
+
415
+ applier.apply(@ca)
416
+ end
417
+ end
418
+
419
+ describe "using line-wise format" do
420
+ it "use the same format as :verbose legacy format" do
421
+ applier = @class.new(:list, :to => %w{ext1 ext2 ext3}, :format => :machine)
422
+
423
+ applier.expects(:puts).with(<<-OUTPUT.chomp)
424
+ "ext3" (fingerprint) (customAttr: "attrValue", customExt: "reqExtValue")
425
+ + "ext1" (fingerprint) (expiration) (alt names: "DNS:puppet", "DNS:puppet.example.com", extName: "extValue")
426
+ - "ext2" (fingerprint) (certificate revoked)
427
+ OUTPUT
428
+
429
+ applier.apply(@ca)
430
+ end
431
+ end
432
+
433
+ describe "using human friendly format" do
434
+ it "should break attributes and extensions to separate lines" do
435
+ applier = @class.new(:list, :to => %w{ext1 ext2 ext3}, :format => :human)
436
+
437
+ applier.expects(:puts).with(<<-OUTPUT)
438
+ "ext3"
439
+ (fingerprint)
440
+ Status: Request Pending
441
+ Extensions:
442
+ customAttr: "attrValue"
443
+ customExt: "reqExtValue"
444
+
445
+ + "ext1"
446
+ (fingerprint)
447
+ Status: Signed
448
+ Expiration: (expiration)
449
+ Extensions:
450
+ alt names: "DNS:puppet", "DNS:puppet.example.com"
451
+ extName: "extValue"
452
+
453
+ - "ext2"
454
+ (fingerprint)
455
+ Status: Invalid - (certificate revoked)
456
+ OUTPUT
457
+
458
+ applier.apply(@ca)
459
+ end
460
+ end
461
+ end
296
462
  end
297
463
 
298
464
  describe ":print" do
@@ -192,7 +192,8 @@ describe Puppet::SSL::CertificateAuthority do
192
192
  request.expects(:generate).with(@ca.host.key)
193
193
  request.stubs(:request_extensions => [])
194
194
 
195
- @ca.expects(:sign).with(@host.name, false, request)
195
+ @ca.expects(:sign).with(@host.name, {allow_dns_alt_names: false,
196
+ self_signing_csr: request})
196
197
 
197
198
  @ca.stubs :generate_password
198
199
 
@@ -256,49 +257,56 @@ describe Puppet::SSL::CertificateAuthority do
256
257
  it "should not look up a certificate request for the host" do
257
258
  Puppet::SSL::CertificateRequest.indirection.expects(:find).never
258
259
 
259
- @ca.sign(@name, true, @request)
260
+ @ca.sign(@name, {allow_dns_alt_names: true,
261
+ self_signing_csr: @request})
260
262
  end
261
263
 
262
264
  it "should use a certificate type of :ca" do
263
265
  Puppet::SSL::CertificateFactory.expects(:build).with do |*args|
264
266
  expect(args[0]).to eq(:ca)
265
267
  end.returns @cert.content
266
- @ca.sign(@name, :ca, @request)
268
+ @ca.sign(@name, {allow_dns_alt_names: true,
269
+ self_signing_csr: @request})
267
270
  end
268
271
 
269
272
  it "should pass the provided CSR as the CSR" do
270
273
  Puppet::SSL::CertificateFactory.expects(:build).with do |*args|
271
274
  expect(args[1]).to eq(@request)
272
275
  end.returns @cert.content
273
- @ca.sign(@name, :ca, @request)
276
+ @ca.sign(@name, {allow_dns_alt_names: true,
277
+ self_signing_csr: @request})
274
278
  end
275
279
 
276
280
  it "should use the provided CSR's content as the issuer" do
277
281
  Puppet::SSL::CertificateFactory.expects(:build).with do |*args|
278
282
  expect(args[2].subject.to_s).to eq("/CN=myhost")
279
283
  end.returns @cert.content
280
- @ca.sign(@name, :ca, @request)
284
+ @ca.sign(@name, {allow_dns_alt_names: true,
285
+ self_signing_csr: @request})
281
286
  end
282
287
 
283
288
  it "should pass the next serial as the serial number" do
284
289
  Puppet::SSL::CertificateFactory.expects(:build).with do |*args|
285
290
  expect(args[3]).to eq(@serial)
286
291
  end.returns @cert.content
287
- @ca.sign(@name, :ca, @request)
292
+ @ca.sign(@name, {allow_dns_alt_names: true,
293
+ self_signing_csr: @request})
288
294
  end
289
295
 
290
296
  it "should sign the certificate request even if it contains alt names" do
291
297
  @request.stubs(:subject_alt_names).returns %w[DNS:foo DNS:bar DNS:baz]
292
298
 
293
299
  expect do
294
- @ca.sign(@name, false, @request)
300
+ @ca.sign(@name, {allow_dns_alt_names: false,
301
+ self_signing_csr: @request})
295
302
  end.not_to raise_error
296
303
  end
297
304
 
298
305
  it "should save the resulting certificate" do
299
306
  Puppet::SSL::Certificate.indirection.expects(:save).with(@cert)
300
307
 
301
- @ca.sign(@name, :ca, @request)
308
+ @ca.sign(@name, {allow_dns_alt_names: true,
309
+ self_signing_csr: @request})
302
310
  end
303
311
  end
304
312
 
@@ -339,17 +347,37 @@ describe Puppet::SSL::CertificateAuthority do
339
347
  }.to raise_error(/CSR has request extensions that are not permitted/)
340
348
  end
341
349
 
350
+ it "should reject auth extensions" do
351
+ @request.stubs :request_extensions => [{"oid" => "1.3.6.1.4.1.34380.1.3.1",
352
+ "value" => "true"},
353
+ {"oid" => "1.3.6.1.4.1.34380.1.3.13",
354
+ "value" => "com"}]
355
+
356
+ expect {
357
+ @ca.sign(@name)
358
+ }.to raise_error(Puppet::SSL::CertificateAuthority::CertificateSigningError,
359
+ /CSR '#{@name}' contains authorization extensions (.*?, .*?).*/)
360
+ end
361
+
362
+ it "should not fail if the CSR contains auth extensions and they're allowed" do
363
+ @request.stubs :request_extensions => [{"oid" => "1.3.6.1.4.1.34380.1.3.1",
364
+ "value" => "true"},
365
+ {"oid" => "1.3.6.1.4.1.34380.1.3.13",
366
+ "value" => "com"}]
367
+ expect { @ca.sign(@name, {allow_authorization_extensions: true})}.to_not raise_error
368
+ end
369
+
342
370
  it "should fail if the CSR contains alt names and they are not expected" do
343
371
  @request.stubs(:subject_alt_names).returns %w[DNS:foo DNS:bar DNS:baz]
344
372
 
345
373
  expect do
346
- @ca.sign(@name, false)
374
+ @ca.sign(@name, {allow_dns_alt_names: false})
347
375
  end.to raise_error(Puppet::SSL::CertificateAuthority::CertificateSigningError, /CSR '#{@name}' contains subject alternative names \(.*?\), which are disallowed. Use `puppet cert --allow-dns-alt-names sign #{@name}` to sign this request./)
348
376
  end
349
377
 
350
378
  it "should not fail if the CSR does not contain alt names and they are expected" do
351
379
  @request.stubs(:subject_alt_names).returns []
352
- expect { @ca.sign(@name, true) }.to_not raise_error
380
+ expect { @ca.sign(@name, {allow_dns_alt_names: true}) }.to_not raise_error
353
381
  end
354
382
 
355
383
  it "should reject alt names by default" do
@@ -421,7 +449,7 @@ describe Puppet::SSL::CertificateAuthority do
421
449
  csr.generate(key)
422
450
 
423
451
  expect do
424
- @ca.check_internal_signing_policies('not_the_certname', csr, false)
452
+ @ca.check_internal_signing_policies('not_the_certname', csr)
425
453
  end.to raise_error(
426
454
  Puppet::SSL::CertificateAuthority::CertificateSigningError,
427
455
  /common name "the_certname" does not match expected certname "not_the_certname"/
@@ -449,7 +477,7 @@ describe Puppet::SSL::CertificateAuthority do
449
477
  csr = Puppet::SSL::CertificateRequest.new(name)
450
478
  csr.generate(@signing_key)
451
479
 
452
- @ca.check_internal_signing_policies(name, csr, false)
480
+ @ca.check_internal_signing_policies(name, csr)
453
481
  end
454
482
  end
455
483
 
@@ -468,7 +496,7 @@ describe Puppet::SSL::CertificateAuthority do
468
496
  csr.generate(@signing_key)
469
497
 
470
498
  expect do
471
- @ca.check_internal_signing_policies(name, csr, false)
499
+ @ca.check_internal_signing_policies(name, csr)
472
500
  end.to raise_error(
473
501
  Puppet::SSL::CertificateAuthority::CertificateSigningError,
474
502
  /subject contains unprintable or non-ASCII characters/
@@ -484,7 +512,7 @@ describe Puppet::SSL::CertificateAuthority do
484
512
  @request.stubs(:request_extensions).returns exts
485
513
 
486
514
  expect {
487
- @ca.check_internal_signing_policies(@name, @request, false)
515
+ @ca.check_internal_signing_policies(@name, @request)
488
516
  }.to_not raise_error
489
517
  end
490
518
 
@@ -495,7 +523,7 @@ describe Puppet::SSL::CertificateAuthority do
495
523
  @request.stubs(:request_extensions).returns exts
496
524
 
497
525
  expect {
498
- @ca.check_internal_signing_policies(@name, @request, false)
526
+ @ca.check_internal_signing_policies(@name, @request)
499
527
  }.to_not raise_error
500
528
  end
501
529
 
@@ -506,7 +534,7 @@ describe Puppet::SSL::CertificateAuthority do
506
534
  @request.stubs(:request_extensions).returns exts
507
535
 
508
536
  expect {
509
- @ca.check_internal_signing_policies(@name, @request, false)
537
+ @ca.check_internal_signing_policies(@name, @request)
510
538
  }.to_not raise_error
511
539
  end
512
540
 
@@ -515,7 +543,7 @@ describe Puppet::SSL::CertificateAuthority do
515
543
  @request.stubs(:request_extensions).returns [{ "oid" => "banana",
516
544
  "value" => "yumm",
517
545
  "critical" => true }]
518
- expect { @ca.check_internal_signing_policies(@name, @request, false) }.to raise_error(
546
+ expect { @ca.check_internal_signing_policies(@name, @request) }.to raise_error(
519
547
  Puppet::SSL::CertificateAuthority::CertificateSigningError,
520
548
  /request extensions that are not permitted/
521
549
  )
@@ -525,7 +553,7 @@ describe Puppet::SSL::CertificateAuthority do
525
553
  @request.stubs(:request_extensions).returns [{ "oid" => "peach",
526
554
  "value" => "meh",
527
555
  "critical" => false }]
528
- expect { @ca.check_internal_signing_policies(@name, @request, false) }.to raise_error(
556
+ expect { @ca.check_internal_signing_policies(@name, @request) }.to raise_error(
529
557
  Puppet::SSL::CertificateAuthority::CertificateSigningError,
530
558
  /request extensions that are not permitted/
531
559
  )
@@ -538,7 +566,7 @@ describe Puppet::SSL::CertificateAuthority do
538
566
  { "oid" => "subjectAltName",
539
567
  "value" => "DNS:foo",
540
568
  "critical" => true }]
541
- expect { @ca.check_internal_signing_policies(@name, @request, false) }.to raise_error(
569
+ expect { @ca.check_internal_signing_policies(@name, @request) }.to raise_error(
542
570
  Puppet::SSL::CertificateAuthority::CertificateSigningError,
543
571
  /request extensions that are not permitted/
544
572
  )
@@ -546,17 +574,28 @@ describe Puppet::SSL::CertificateAuthority do
546
574
 
547
575
  it "should reject a subjectAltName for a non-DNS value" do
548
576
  @request.stubs(:subject_alt_names).returns ['DNS:foo', 'email:bar@example.com']
549
- expect { @ca.check_internal_signing_policies(@name, @request, true) }.to raise_error(
577
+ expect {
578
+ @ca.check_internal_signing_policies(@name, @request, {allow_dns_alt_names: true})
579
+ }.to raise_error(
550
580
  Puppet::SSL::CertificateAuthority::CertificateSigningError,
551
581
  /subjectAltName outside the DNS label space/
552
582
  )
553
583
  end
554
584
 
585
+ it "should allow a subjectAltName if subject matches CA's certname" do
586
+ @request.stubs(:subject_alt_names).returns ['DNS:foo']
587
+ Puppet[:certname] = @name
588
+
589
+ expect {
590
+ @ca.check_internal_signing_policies(@name, @request, {allow_dns_alt_names: false})
591
+ }.to_not raise_error
592
+ end
593
+
555
594
  it "should reject a wildcard subject" do
556
595
  @request.content.stubs(:subject).
557
596
  returns(OpenSSL::X509::Name.new([["CN", "*.local"]]))
558
597
 
559
- expect { @ca.check_internal_signing_policies('*.local', @request, false) }.to raise_error(
598
+ expect { @ca.check_internal_signing_policies('*.local', @request) }.to raise_error(
560
599
  Puppet::SSL::CertificateAuthority::CertificateSigningError,
561
600
  /subject contains a wildcard/
562
601
  )
@@ -564,7 +603,9 @@ describe Puppet::SSL::CertificateAuthority do
564
603
 
565
604
  it "should reject a wildcard subjectAltName" do
566
605
  @request.stubs(:subject_alt_names).returns ['DNS:foo', 'DNS:*.bar']
567
- expect { @ca.check_internal_signing_policies(@name, @request, true) }.to raise_error(
606
+ expect {
607
+ @ca.check_internal_signing_policies(@name, @request, {allow_dns_alt_names: true})
608
+ }.to raise_error(
568
609
  Puppet::SSL::CertificateAuthority::CertificateSigningError,
569
610
  /subjectAltName contains a wildcard/
570
611
  )