puppet 5.3.5 → 5.3.6

data/spec/unit/parser/compiler_spec.rb

@@ -279,6 +279,14 @@ describe Puppet::Parser::Compiler do
       expect(@compiler.topscope['wat']).to eq('this is how the sausage is made')
     end
 
+    it "sets the environment based on node.environment instead of the parameters" do
+      compile_stub(:set_node_parameters)
+      @node.parameters['environment'] = "Not actually #{@node.environment.name}"
+
+      @compiler.compile
+      expect(@compiler.topscope['environment']).to eq('testing')
+    end
+
     it "should set the client and server versions on the catalog" do
       params = {"clientversion" => "2", "serverversion" => "3"}
       @node.stubs(:parameters).returns(params)

data/spec/unit/provider/group/windows_adsi_spec.rb

@@ -40,23 +40,36 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
     let(:invalid_user) { SecureRandom.uuid }
 
     before :each do
-      Puppet::Util::Windows::SID.stubs(:name_to_sid_object).with('user1').returns(user1)
-      Puppet::Util::Windows::SID.stubs(:name_to_sid_object).with('user2').returns(user2)
-      Puppet::Util::Windows::SID.stubs(:name_to_sid_object).with('user3').returns(user3)
-      Puppet::Util::Windows::SID.stubs(:name_to_sid_object).with(invalid_user).returns(nil)
+      Puppet::Util::Windows::SID.stubs(:name_to_principal).with('user1').returns(user1)
+      Puppet::Util::Windows::SID.stubs(:name_to_principal).with('user2').returns(user2)
+      Puppet::Util::Windows::SID.stubs(:name_to_principal).with('user3').returns(user3)
+      Puppet::Util::Windows::SID.stubs(:name_to_principal).with(invalid_user).returns(nil)
     end
 
     describe "#members_insync?" do
       it "should return true for same lists of members" do
-        expect(provider.members_insync?(['user1', 'user2'], ['user1', 'user2'])).to be_truthy
+        current = [
+          Puppet::Util::Windows::SID.name_to_principal('user1'),
+          Puppet::Util::Windows::SID.name_to_principal('user2'),
+        ]
+        expect(provider.members_insync?(current, ['user1', 'user2'])).to be_truthy
       end
 
       it "should return true for same lists of unordered members" do
-        expect(provider.members_insync?(['user1', 'user2'], ['user2', 'user1'])).to be_truthy
+        current = [
+          Puppet::Util::Windows::SID.name_to_principal('user1'),
+          Puppet::Util::Windows::SID.name_to_principal('user2'),
+        ]
+        expect(provider.members_insync?(current, ['user2', 'user1'])).to be_truthy
       end
 
       it "should return true for same lists of members irrespective of duplicates" do
-        expect(provider.members_insync?(['user1', 'user2', 'user2'], ['user2', 'user1', 'user1'])).to be_truthy
+        current = [
+          Puppet::Util::Windows::SID.name_to_principal('user1'),
+          Puppet::Util::Windows::SID.name_to_principal('user2'),
+          Puppet::Util::Windows::SID.name_to_principal('user2'),
+        ]
+        expect(provider.members_insync?(current, ['user2', 'user1', 'user1'])).to be_truthy
       end
 
       it "should return true when current and should members are empty lists" do
@@ -77,7 +90,12 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
         end
 
         it "should return true when current and should contain the same users in a different order" do
-          expect(provider.members_insync?(['user1', 'user2', 'user3'], ['user3', 'user1', 'user2'])).to be_truthy
+          current = [
+            Puppet::Util::Windows::SID.name_to_principal('user1'),
+            Puppet::Util::Windows::SID.name_to_principal('user2'),
+            Puppet::Util::Windows::SID.name_to_principal('user3'),
+          ]
+          expect(provider.members_insync?(current, ['user3', 'user1', 'user2'])).to be_truthy
         end
 
         it "should return false when current is nil" do
@@ -85,15 +103,24 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
         end
 
         it "should return false when should is nil" do
-          expect(provider.members_insync?(['user1'], nil)).to be_falsey
+          current = [
+            Puppet::Util::Windows::SID.name_to_principal('user1'),
+          ]
+          expect(provider.members_insync?(current, nil)).to be_falsey
         end
 
         it "should return false when current contains different users than should" do
-          expect(provider.members_insync?(['user1'], ['user2'])).to be_falsey
+          current = [
+            Puppet::Util::Windows::SID.name_to_principal('user1'),
+          ]
+          expect(provider.members_insync?(current, ['user2'])).to be_falsey
         end
 
         it "should return false when current contains members and should is empty" do
-          expect(provider.members_insync?(['user1'], [])).to be_falsey
+          current = [
+            Puppet::Util::Windows::SID.name_to_principal('user1'),
+          ]
+          expect(provider.members_insync?(current, [])).to be_falsey
         end
 
         it "should return false when current is empty and should contains members" do
@@ -101,11 +128,19 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
         end
 
         it "should return false when should user(s) are not the only items in the current" do
-          expect(provider.members_insync?(['user1', 'user2'], ['user1'])).to be_falsey
+          current = [
+            Puppet::Util::Windows::SID.name_to_principal('user1'),
+            Puppet::Util::Windows::SID.name_to_principal('user2'),
+          ]
+          expect(provider.members_insync?(current, ['user1'])).to be_falsey
         end
 
         it "should return false when current user(s) is not empty and should is an empty list" do
-          expect(provider.members_insync?(['user1','user2'], [])).to be_falsey
+          current = [
+            Puppet::Util::Windows::SID.name_to_principal('user1'),
+            Puppet::Util::Windows::SID.name_to_principal('user2'),
+          ]
+          expect(provider.members_insync?(current, [])).to be_falsey
         end
       end
 
@@ -120,15 +155,24 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
         end
 
         it "should return true when should is nil" do
-          expect(provider.members_insync?(['user1'], nil)).to be_truthy
+          current = [
+            Puppet::Util::Windows::SID.name_to_principal('user1'),
+          ]
+          expect(provider.members_insync?(current, nil)).to be_truthy
         end
 
         it "should return false when current contains different users than should" do
-          expect(provider.members_insync?(['user1'], ['user2'])).to be_falsey
+          current = [
+            Puppet::Util::Windows::SID.name_to_principal('user1'),
+          ]
+          expect(provider.members_insync?(current, ['user2'])).to be_falsey
         end
 
         it "should return true when current contains members and should is empty" do
-          expect(provider.members_insync?(['user1'], [])).to be_truthy
+          current = [
+            Puppet::Util::Windows::SID.name_to_principal('user1'),
+          ]
+          expect(provider.members_insync?(current, [])).to be_truthy
         end
 
         it "should return false when current is empty and should contains members" do
@@ -136,15 +180,28 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
         end
 
         it "should return true when current user(s) contains at least the should list" do
-          expect(provider.members_insync?(['user1','user2'], ['user1'])).to be_truthy
+          current = [
+            Puppet::Util::Windows::SID.name_to_principal('user1'),
+            Puppet::Util::Windows::SID.name_to_principal('user2'),
+          ]
+          expect(provider.members_insync?(current, ['user1'])).to be_truthy
         end
 
         it "should return true when current user(s) is not empty and should is an empty list" do
-          expect(provider.members_insync?(['user1','user2'], [])).to be_truthy
+          current = [
+            Puppet::Util::Windows::SID.name_to_principal('user1'),
+            Puppet::Util::Windows::SID.name_to_principal('user2'),
+          ]
+          expect(provider.members_insync?(current, [])).to be_truthy
         end
 
         it "should return true when current user(s) contains at least the should list, even unordered" do
-          expect(provider.members_insync?(['user3','user1','user2'], ['user2','user1'])).to be_truthy
+          current = [
+            Puppet::Util::Windows::SID.name_to_principal('user3'),
+            Puppet::Util::Windows::SID.name_to_principal('user1'),
+            Puppet::Util::Windows::SID.name_to_principal('user2'),
+          ]
+          expect(provider.members_insync?(current, ['user2','user1'])).to be_truthy
         end
       end
     end
@@ -196,8 +253,8 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
 
       provider.group.stubs(:member_sids).returns(member_sids[0..1])
 
-      Puppet::Util::Windows::SID.expects(:name_to_sid_object).with('user2').returns(member_sids[1])
-      Puppet::Util::Windows::SID.expects(:name_to_sid_object).with('user3').returns(member_sids[2])
+      Puppet::Util::Windows::SID.expects(:name_to_principal).with('user2').returns(member_sids[1])
+      Puppet::Util::Windows::SID.expects(:name_to_principal).with('user3').returns(member_sids[2])
 
       provider.group.expects(:remove_member_sids).with(member_sids[0])
       provider.group.expects(:add_member_sids).with(member_sids[2])
@@ -247,7 +304,7 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
   end
 
   it "should be able to test whether a group exists" do
-    Puppet::Util::Windows::SID.stubs(:name_to_sid_object).returns(nil)
+    Puppet::Util::Windows::SID.stubs(:name_to_principal).returns(nil)
     Puppet::Util::Windows::ADSI.stubs(:connect).returns stub('connection', :Class => 'Group')
     expect(provider).to be_exists
 

data/spec/unit/provider/service/systemd_spec.rb

@@ -126,7 +126,7 @@ describe Puppet::Type.type(:service).provider(:systemd) do
     expect(described_class).not_to be_default
   end
 
-  [ '15.04', '15.10', '16.04', '16.10' ].each do |ver|
+  [ '15.04', '15.10', '16.04', '16.10', '17.04', '17.10', '18.04' ].each do |ver|
     it "should be the default provider on ubuntu#{ver}" do
       Facter.stubs(:value).with(:osfamily).returns(:debian)
       Facter.stubs(:value).with(:operatingsystem).returns(:ubuntu)

data/spec/unit/provider/user/windows_adsi_spec.rb

@@ -81,9 +81,9 @@ describe Puppet::Type.type(:user).provider(:windows_adsi), :if => Puppet.feature
     let(:group3) { stub(:account => 'group3', :domain => '.', :sid => 'group3sid') }
 
     before :each do
-      Puppet::Util::Windows::SID.stubs(:name_to_sid_object).with('group1').returns(group1)
-      Puppet::Util::Windows::SID.stubs(:name_to_sid_object).with('group2').returns(group2)
-      Puppet::Util::Windows::SID.stubs(:name_to_sid_object).with('group3').returns(group3)
+      Puppet::Util::Windows::SID.stubs(:name_to_principal).with('group1').returns(group1)
+      Puppet::Util::Windows::SID.stubs(:name_to_principal).with('group2').returns(group2)
+      Puppet::Util::Windows::SID.stubs(:name_to_principal).with('group3').returns(group3)
     end
 
     it "should return true for same lists of members" do
@@ -267,7 +267,7 @@ describe Puppet::Type.type(:user).provider(:windows_adsi), :if => Puppet.feature
   end
 
   it 'should be able to test whether a user exists' do
-    Puppet::Util::Windows::SID.stubs(:name_to_sid_object).returns(nil)
+    Puppet::Util::Windows::SID.stubs(:name_to_principal).returns(nil)
     Puppet::Util::Windows::ADSI.stubs(:connect).returns stub('connection', :Class => 'User')
     expect(provider).to be_exists
 

data/spec/unit/util/plist_spec.rb

@@ -92,7 +92,7 @@ describe Puppet::Util::Plist, :if => Puppet.features.cfpropertylist? do
       subject.stubs(:open_file_with_args).with(plist_path, 'r:UTF-8').returns(invalid_xml_plist)
       Puppet.expects(:debug).with(regexp_matches(/^Failed with CFFormatError/))
       Puppet.expects(:debug).with("Plist #{plist_path} ill-formatted, converting with plutil")
-      Puppet::Util::Execution.expects(:execute).with(['/usr/bin/plutil', '-convert', 'xml1', '-o', '/dev/stdout', plist_path],
+      Puppet::Util::Execution.expects(:execute).with(['/usr/bin/plutil', '-convert', 'xml1', '-o', '-', plist_path],
                                                      {:failonfail => true, :combine => true}).returns(valid_xml_plist)
       expect(subject.read_plist_file(plist_path)).to eq(valid_xml_plist_hash)
     end
@@ -101,7 +101,7 @@ describe Puppet::Util::Plist, :if => Puppet.features.cfpropertylist? do
       subject.stubs(:open_file_with_args).with(plist_path, 'r:UTF-8').returns(non_plist_data)
       Puppet.expects(:debug).with(regexp_matches(/^Failed with (CFFormatError|NoMethodError)/))
       Puppet.expects(:debug).with("Plist #{plist_path} ill-formatted, converting with plutil")
-      Puppet::Util::Execution.expects(:execute).with(['/usr/bin/plutil', '-convert', 'xml1', '-o', '/dev/stdout', plist_path],
+      Puppet::Util::Execution.expects(:execute).with(['/usr/bin/plutil', '-convert', 'xml1', '-o', '-', plist_path],
                                                      {:failonfail => true, :combine => true}).raises(Puppet::ExecutionFailure, 'boom')
       expect(subject.read_plist_file(plist_path)).to eq(nil)
     end
@@ -110,7 +110,7 @@ describe Puppet::Util::Plist, :if => Puppet.features.cfpropertylist? do
       subject.stubs(:open_file_with_args).with(plist_path, 'r:UTF-8').returns(binary_data)
       Puppet.expects(:debug).with(regexp_matches(/^Failed with (CFFormatError|ArgumentError)/))
       Puppet.expects(:debug).with("Plist #{plist_path} ill-formatted, converting with plutil")
-      Puppet::Util::Execution.expects(:execute).with(['/usr/bin/plutil', '-convert', 'xml1', '-o', '/dev/stdout', plist_path],
+      Puppet::Util::Execution.expects(:execute).with(['/usr/bin/plutil', '-convert', 'xml1', '-o', '-', plist_path],
                                                      {:failonfail => true, :combine => true}).raises(Puppet::ExecutionFailure, 'boom')
       expect(subject.read_plist_file(plist_path)).to eq(nil)
     end

data/spec/unit/util/windows/adsi_spec.rb

@@ -106,14 +106,14 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
     end
 
     it "should be able to check the existence of a user" do
-      Puppet::Util::Windows::SID.expects(:name_to_sid_object).with(username).returns nil
+      Puppet::Util::Windows::SID.expects(:name_to_principal).with(username).returns nil
       Puppet::Util::Windows::ADSI.expects(:connect).with("WinNT://./#{username},user").returns connection
       connection.expects(:Class).returns('User')
       expect(Puppet::Util::Windows::ADSI::User.exists?(username)).to be_truthy
     end
 
     it "should be able to check the existence of a domain user" do
-      Puppet::Util::Windows::SID.expects(:name_to_sid_object).with("#{domain}\\#{username}").returns nil
+      Puppet::Util::Windows::SID.expects(:name_to_principal).with("#{domain}\\#{username}").returns nil
       Puppet::Util::Windows::ADSI.expects(:connect).with("WinNT://#{domain}/#{username},user").returns connection
       connection.expects(:Class).returns('User')
       expect(Puppet::Util::Windows::ADSI::User.exists?(domain_username)).to be_truthy
@@ -213,7 +213,7 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
       end
 
       it "should generate the correct URI" do
-        Puppet::Util::Windows::SID.stubs(:octet_string_to_sid_object).returns(sid)
+        Puppet::Util::Windows::SID.stubs(:octet_string_to_principal).returns(sid)
         expect(user.uri).to eq("WinNT://testcomputername/#{username},user")
       end
 
@@ -276,8 +276,8 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
       let(:someone_sid){ stub(:account => 'someone', :domain => 'testcomputername')}
 
       describe "should be able to use SID objects" do
-        let(:system)     { Puppet::Util::Windows::SID.name_to_sid_object('SYSTEM') }
-        let(:invalid)    { Puppet::Util::Windows::SID.name_to_sid_object('foobar') }
+        let(:system)     { Puppet::Util::Windows::SID.name_to_principal('SYSTEM') }
+        let(:invalid)    { Puppet::Util::Windows::SID.name_to_principal('foobar') }
 
         it "to add a member" do
           adsi_group.expects(:Add).with("WinNT://S-1-5-18")
@@ -303,11 +303,14 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
       it "should provide its groups as a list of names" do
         names = ['user1', 'user2']
 
-        users = names.map { |name| stub('user', :Name => name) }
+        users = names.map { |name| stub('user', :Name => name, :objectSID => name, :ole_respond_to? => true) }
 
         adsi_group.expects(:Members).returns(users)
 
-        expect(group.members).to match(names)
+        Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with('user1').returns(stub(:domain_account => 'HOSTNAME\user1'))
+        Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with('user2').returns(stub(:domain_account => 'HOSTNAME\user2'))
+
+        expect(group.members.map(&:domain_account)).to match(['HOSTNAME\user1', 'HOSTNAME\user2'])
       end
 
       context "calling .set_members" do
@@ -320,16 +323,16 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
           ]
 
           # use stubbed objectSid on member to return stubbed SID
-          Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([0]).returns(sids[0])
-          Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([1]).returns(sids[1])
+          Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([0]).returns(sids[0])
+          Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([1]).returns(sids[1])
 
-          Puppet::Util::Windows::SID.expects(:name_to_sid_object).with('user2').returns(sids[1])
-          Puppet::Util::Windows::SID.expects(:name_to_sid_object).with('DOMAIN2\user3').returns(sids[2])
+          Puppet::Util::Windows::SID.expects(:name_to_principal).with('user2').returns(sids[1])
+          Puppet::Util::Windows::SID.expects(:name_to_principal).with('DOMAIN2\user3').returns(sids[2])
 
           Puppet::Util::Windows::ADSI.expects(:sid_uri).with(sids[0]).returns("WinNT://DOMAIN/user1,user")
           Puppet::Util::Windows::ADSI.expects(:sid_uri).with(sids[2]).returns("WinNT://DOMAIN2/user3,user")
 
-          members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i])}
+          members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i], :ole_respond_to? => true)}
           adsi_group.expects(:Members).returns members
 
           adsi_group.expects(:Remove).with('WinNT://DOMAIN/user1,user')
@@ -347,15 +350,15 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
           ]
 
           # use stubbed objectSid on member to return stubbed SID
-          Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([0]).returns(sids[0])
-          Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([1]).returns(sids[1])
+          Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([0]).returns(sids[0])
+          Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([1]).returns(sids[1])
 
-          Puppet::Util::Windows::SID.expects(:name_to_sid_object).with('user2').returns(sids[1])
-          Puppet::Util::Windows::SID.expects(:name_to_sid_object).with('DOMAIN2\user3').returns(sids[2])
+          Puppet::Util::Windows::SID.expects(:name_to_principal).with('user2').returns(sids[1])
+          Puppet::Util::Windows::SID.expects(:name_to_principal).with('DOMAIN2\user3').returns(sids[2])
 
           Puppet::Util::Windows::ADSI.expects(:sid_uri).with(sids[2]).returns("WinNT://DOMAIN2/user3,user")
 
-          members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i])}
+          members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i], :ole_respond_to? => true)}
           adsi_group.expects(:Members).returns members
 
           adsi_group.expects(:Remove).with('WinNT://DOMAIN/user1,user').never
@@ -382,13 +385,13 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
           ]
 
           # use stubbed objectSid on member to return stubbed SID
-          Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([0]).returns(sids[0])
-          Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([1]).returns(sids[1])
+          Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([0]).returns(sids[0])
+          Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([1]).returns(sids[1])
 
           Puppet::Util::Windows::ADSI.expects(:sid_uri).with(sids[0]).returns("WinNT://DOMAIN/user1,user")
           Puppet::Util::Windows::ADSI.expects(:sid_uri).with(sids[1]).returns("WinNT://testcomputername/user2,user")
 
-          members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i])}
+          members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i], :ole_respond_to? => true)}
           adsi_group.expects(:Members).returns members
 
           adsi_group.expects(:Remove).with('WinNT://DOMAIN/user1,user')
@@ -404,10 +407,10 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
               stub(:account => 'user2', :domain => 'testcomputername', :sid => 2 ),
           ]
           # use stubbed objectSid on member to return stubbed SID
-          Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([0]).returns(sids[0])
-          Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([1]).returns(sids[1])
+          Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([0]).returns(sids[0])
+          Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([1]).returns(sids[1])
 
-          members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i])}
+          members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i], :ole_respond_to? => true)}
           adsi_group.expects(:Members).returns members
 
           adsi_group.expects(:Remove).never
@@ -428,7 +431,7 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
         adsi_group.expects(:objectSID).returns([0])
         Socket.expects(:gethostname).returns('TESTcomputerNAME')
         computer_sid = stub(:account => groupname,:domain => 'testcomputername')
-        Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([0]).returns(computer_sid)
+        Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([0]).returns(computer_sid)
         expect(group.uri).to eq("WinNT://./#{groupname},group")
       end
     end
@@ -458,7 +461,7 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
     end
 
     it "should be able to confirm the existence of a group" do
-      Puppet::Util::Windows::SID.expects(:name_to_sid_object).with(groupname).returns nil
+      Puppet::Util::Windows::SID.expects(:name_to_principal).with(groupname).returns nil
       Puppet::Util::Windows::ADSI.expects(:connect).with("WinNT://./#{groupname},group").returns connection
       connection.expects(:Class).returns('Group')
 
@@ -500,13 +503,14 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
       Puppet::Util::Windows::ADSI.expects(:execquery).with('select name from win32_group where localaccount = "TRUE"').returns(wmi_groups)
 
       native_group = stub('IADsGroup')
-      native_group.expects(:Members).returns([stub(:Name => 'Administrator')])
+      Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([]).returns(stub(:domain_account => '.\Administrator'))
+      native_group.expects(:Members).returns([stub(:Name => 'Administrator', :objectSID => [], :ole_respond_to? => true)])
       Puppet::Util::Windows::ADSI.expects(:connect).with("WinNT://./#{name},group").returns(native_group)
 
       groups = Puppet::Util::Windows::ADSI::Group.to_a
       expect(groups.length).to eq(1)
       expect(groups[0].name).to eq(name)
-      expect(groups[0].members).to eq(['Administrator'])
+      expect(groups[0].members.map(&:domain_account)).to eq(['.\Administrator'])
     end
   end
 

data/spec/unit/util/windows/sid_spec.rb

@@ -13,10 +13,10 @@ describe "Puppet::Util::Windows::SID", :if => Puppet.features.microsoft_windows?
   let(:null_sid)     { 'S-1-0-0' }
   let(:unknown_name) { 'chewbacca' }
 
-  context "#octet_string_to_sid_object" do
+  context "#octet_string_to_principal" do
     it "should properly convert an array of bytes for a well-known non-localized SID" do
       bytes = [1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
-      converted = subject.octet_string_to_sid_object(bytes)
+      converted = subject.octet_string_to_principal(bytes)
 
       expect(converted).to be_an_instance_of Puppet::Util::Windows::SID::Principal
       expect(converted.sid_bytes).to eq(bytes)
@@ -28,13 +28,13 @@ describe "Puppet::Util::Windows::SID", :if => Puppet.features.microsoft_windows?
 
     it "should raise an error for non-array input" do
       expect {
-        subject.octet_string_to_sid_object(invalid_sid)
+        subject.octet_string_to_principal(invalid_sid)
       }.to raise_error(Puppet::Error, /Octet string must be an array of bytes/)
     end
 
     it "should raise an error for an empty byte array" do
       expect {
-        subject.octet_string_to_sid_object([])
+        subject.octet_string_to_principal([])
       }.to raise_error(Puppet::Error, /Octet string must be an array of bytes/)
     end
 
@@ -42,7 +42,7 @@ describe "Puppet::Util::Windows::SID", :if => Puppet.features.microsoft_windows?
       expect {
         # S-1-1-1 which is not a valid account
         valid_octet_invalid_user =[1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0]
-        subject.octet_string_to_sid_object(valid_octet_invalid_user)
+        subject.octet_string_to_principal(valid_octet_invalid_user)
       }.to raise_error do |error|
         expect(error).to be_a(Puppet::Util::Windows::Error)
         expect(error.code).to eq(1332) # ERROR_NONE_MAPPED
@@ -52,7 +52,7 @@ describe "Puppet::Util::Windows::SID", :if => Puppet.features.microsoft_windows?
     it "should raise an error for a malformed byte array" do
       expect {
         invalid_octet = [2]
-        subject.octet_string_to_sid_object(invalid_octet)
+        subject.octet_string_to_principal(invalid_octet)
       }.to raise_error do |error|
         expect(error).to be_a(Puppet::Util::Windows::Error)
         expect(error.code).to eq(87) # ERROR_INVALID_PARAMETER
@@ -72,12 +72,12 @@ describe "Puppet::Util::Windows::SID", :if => Puppet.features.microsoft_windows?
     end
 
     it "should return a SID for a passed user or group name" do
-      subject.expects(:name_to_sid_object).with('testers').returns stub(:sid => 'S-1-5-32-547')
+      subject.expects(:name_to_principal).with('testers').returns stub(:sid => 'S-1-5-32-547')
       expect(subject.name_to_sid('testers')).to eq('S-1-5-32-547')
     end
 
     it "should return a SID for a passed fully-qualified user or group name" do
-      subject.expects(:name_to_sid_object).with('MACHINE\testers').returns stub(:sid => 'S-1-5-32-547')
+      subject.expects(:name_to_principal).with('MACHINE\testers').returns stub(:sid => 'S-1-5-32-547')
       expect(subject.name_to_sid('MACHINE\testers')).to eq('S-1-5-32-547')
     end
 
@@ -128,37 +128,108 @@ describe "Puppet::Util::Windows::SID", :if => Puppet.features.microsoft_windows?
     end
   end
 
-  context "#name_to_sid_object" do
+  context "#name_to_principal" do
     it "should return nil if the account does not exist" do
-      expect(subject.name_to_sid_object(unknown_name)).to be_nil
+      expect(subject.name_to_principal(unknown_name)).to be_nil
     end
 
     it "should return a Puppet::Util::Windows::SID::Principal instance for any valid sid" do
-      expect(subject.name_to_sid_object(sid)).to be_an_instance_of(Puppet::Util::Windows::SID::Principal)
+      expect(subject.name_to_principal(sid)).to be_an_instance_of(Puppet::Util::Windows::SID::Principal)
     end
 
     it "should accept unqualified account name" do
       # NOTE: lookup by name works in localized environments only for a few instances
       # this works in French Windows, even though the account is really Syst\u00E8me
-      expect(subject.name_to_sid_object('SYSTEM').sid).to eq(sid)
+      expect(subject.name_to_principal('SYSTEM').sid).to eq(sid)
     end
 
     it "should be case-insensitive" do
       # NOTE: lookup by name works in localized environments only for a few instances
       # this works in French Windows, even though the account is really Syst\u00E8me
-      expect(subject.name_to_sid_object('SYSTEM')).to eq(subject.name_to_sid_object('system'))
+      expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal('system'))
     end
 
     it "should be leading and trailing whitespace-insensitive" do
       # NOTE: lookup by name works in localized environments only for a few instances
       # this works in French Windows, even though the account is really Syst\u00E8me
-      expect(subject.name_to_sid_object('SYSTEM')).to eq(subject.name_to_sid_object(' SYSTEM '))
+      expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal(' SYSTEM '))
     end
 
     it "should accept domain qualified account names" do
       # NOTE: lookup by name works in localized environments only for a few instances
       # this works in French Windows, even though the account is really AUTORITE NT\\Syst\u00E8me
-      expect(subject.name_to_sid_object('NT AUTHORITY\SYSTEM').sid).to eq(sid)
+      expect(subject.name_to_principal('NT AUTHORITY\SYSTEM').sid).to eq(sid)
+    end
+  end
+
+  context "#ads_to_principal" do
+    it "should raise an error for non-WIN32OLE input" do
+      expect {
+        subject.ads_to_principal(stub('WIN32OLE', { :Name => 'foo' }))
+      }.to raise_error(Puppet::Error, /ads_object must be an IAdsUser or IAdsGroup instance/)
+    end
+
+    it "should raise an error for an empty byte array in the objectSID property" do
+      expect {
+        subject.ads_to_principal(stub('WIN32OLE', { :objectSID => [], :Name => '', :ole_respond_to? => true }))
+      }.to raise_error(Puppet::Error, /Octet string must be an array of bytes/)
+    end
+
+    it "should raise an error for a malformed byte array" do
+      expect {
+        invalid_octet = [2]
+        subject.ads_to_principal(stub('WIN32OLE', { :objectSID => invalid_octet, :Name => '', :ole_respond_to? => true }))
+      }.to raise_error do |error|
+        expect(error).to be_a(Puppet::Util::Windows::Error)
+        expect(error.code).to eq(87) # ERROR_INVALID_PARAMETER
+      end
+    end
+
+    it "should raise an error when a valid byte array for SID is unresolvable and its Name does not match" do
+      expect {
+        # S-1-1-1 is a valid SID that will not resolve
+        valid_octet_invalid_user = [1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0]
+        subject.ads_to_principal(stub('WIN32OLE', { :objectSID => valid_octet_invalid_user, :Name => unknown_name, :ole_respond_to? => true }))
+      }.to raise_error do |error|
+        expect(error).to be_a(Puppet::Error)
+        expect(error.cause.code).to eq(1332) # ERROR_NONE_MAPPED
+      end
+    end
+
+    it "should return a Principal object even when the SID is unresolvable, as long as the Name matches" do
+      # S-1-1-1 is a valid SID that will not resolve
+      valid_octet_invalid_user = [1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0]
+      unresolvable_user = stub('WIN32OLE', { :objectSID => valid_octet_invalid_user, :Name => 'S-1-1-1', :ole_respond_to? => true })
+      principal = subject.ads_to_principal(unresolvable_user)
+
+      expect(principal).to be_an_instance_of(Puppet::Util::Windows::SID::Principal)
+      expect(principal.account).to eq('S-1-1-1 (unresolvable)')
+      expect(principal.domain).to eq(nil)
+      expect(principal.domain_account).to eq('S-1-1-1 (unresolvable)')
+      expect(principal.sid).to eq('S-1-1-1')
+      expect(principal.sid_bytes).to eq(valid_octet_invalid_user)
+      expect(principal.account_type).to eq(:SidTypeUnknown)
+    end
+
+    it "should return a Puppet::Util::Windows::SID::Principal instance for any valid sid" do
+      system_bytes = [1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0]
+      adsuser = stub('WIN32OLE', { :objectSID => system_bytes, :Name => 'SYSTEM', :ole_respond_to? => true })
+      expect(subject.ads_to_principal(adsuser)).to be_an_instance_of(Puppet::Util::Windows::SID::Principal)
+    end
+
+    it "should properly convert an array of bytes for a well-known non-localized SID, ignoring the Name from the WIN32OLE object" do
+      bytes = [1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+      adsuser = stub('WIN32OLE', { :objectSID => bytes, :Name => unknown_name, :ole_respond_to? => true })
+      converted = subject.ads_to_principal(adsuser)
+
+      expect(converted).to be_an_instance_of Puppet::Util::Windows::SID::Principal
+      expect(converted.sid_bytes).to eq(bytes)
+      expect(converted.sid).to eq(null_sid)
+
+      # carefully select a SID here that is not localized on international Windows
+      expect(converted.account).to eq('NULL SID')
+      # garbage name supplied does not carry forward as SID is looked up again
+      expect(converted.account).to_not eq(adsuser.Name)
     end
   end