puppet 5.3.5 → 5.3.6

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (71) hide show
  1. data/lib/puppet/application/cert.rb +3 -1
  2. data/lib/puppet/application/device.rb +99 -12
  3. data/lib/puppet/application/lookup.rb +11 -1
  4. data/lib/puppet/context.rb +1 -1
  5. data/lib/puppet/functions/map.rb +1 -1
  6. data/lib/puppet/indirector/request.rb +6 -10
  7. data/lib/puppet/indirector/rest.rb +9 -9
  8. data/lib/puppet/network/http/connection.rb +8 -0
  9. data/lib/puppet/parser/compiler.rb +7 -0
  10. data/lib/puppet/parser/functions/new.rb +31 -46
  11. data/lib/puppet/parser/functions/return.rb +22 -1
  12. data/lib/puppet/provider/group/windows_adsi.rb +4 -7
  13. data/lib/puppet/provider/service/systemd.rb +1 -1
  14. data/lib/puppet/provider/user/aix.rb +1 -1
  15. data/lib/puppet/provider/user/windows_adsi.rb +1 -1
  16. data/lib/puppet/reference/configuration.rb +2 -0
  17. data/lib/puppet/resource/catalog.rb +1 -1
  18. data/lib/puppet/type/user.rb +34 -3
  19. data/lib/puppet/util/plist.rb +1 -1
  20. data/lib/puppet/util/reference.rb +1 -8
  21. data/lib/puppet/util/windows/adsi.rb +15 -18
  22. data/lib/puppet/util/windows/principal.rb +7 -6
  23. data/lib/puppet/util/windows/sid.rb +60 -7
  24. data/lib/puppet/version.rb +1 -1
  25. data/locales/ja/puppet.po +163 -140
  26. data/locales/puppet.pot +94 -76
  27. data/man/man5/puppet.conf.5 +91 -16
  28. data/man/man8/puppet-agent.8 +6 -2
  29. data/man/man8/puppet-apply.8 +2 -2
  30. data/man/man8/puppet-ca.8 +1 -1
  31. data/man/man8/puppet-catalog.8 +1 -1
  32. data/man/man8/puppet-cert.8 +1 -1
  33. data/man/man8/puppet-certificate.8 +1 -1
  34. data/man/man8/puppet-certificate_request.8 +1 -1
  35. data/man/man8/puppet-certificate_revocation_list.8 +1 -1
  36. data/man/man8/puppet-config.8 +1 -1
  37. data/man/man8/puppet-describe.8 +1 -1
  38. data/man/man8/puppet-device.8 +33 -11
  39. data/man/man8/puppet-doc.8 +1 -1
  40. data/man/man8/puppet-epp.8 +1 -1
  41. data/man/man8/puppet-facts.8 +1 -1
  42. data/man/man8/puppet-filebucket.8 +22 -4
  43. data/man/man8/puppet-generate.8 +1 -1
  44. data/man/man8/puppet-help.8 +1 -1
  45. data/man/man8/puppet-key.8 +1 -1
  46. data/man/man8/puppet-lookup.8 +1 -1
  47. data/man/man8/puppet-man.8 +1 -1
  48. data/man/man8/puppet-master.8 +1 -1
  49. data/man/man8/puppet-module.8 +11 -2
  50. data/man/man8/puppet-node.8 +1 -1
  51. data/man/man8/puppet-parser.8 +1 -1
  52. data/man/man8/puppet-plugin.8 +1 -1
  53. data/man/man8/puppet-report.8 +1 -1
  54. data/man/man8/puppet-resource.8 +1 -1
  55. data/man/man8/puppet-status.8 +1 -1
  56. data/man/man8/puppet.8 +2 -2
  57. data/spec/integration/application/lookup_spec.rb +21 -0
  58. data/spec/integration/util/windows/adsi_spec.rb +86 -1
  59. data/spec/integration/util/windows/principal_spec.rb +10 -1
  60. data/spec/unit/application/cert_spec.rb +17 -5
  61. data/spec/unit/application/device_spec.rb +96 -2
  62. data/spec/unit/indirector/rest_spec.rb +43 -0
  63. data/spec/unit/parser/compiler_spec.rb +8 -0
  64. data/spec/unit/provider/group/windows_adsi_spec.rb +79 -22
  65. data/spec/unit/provider/service/systemd_spec.rb +1 -1
  66. data/spec/unit/provider/user/windows_adsi_spec.rb +4 -4
  67. data/spec/unit/util/plist_spec.rb +3 -3
  68. data/spec/unit/util/windows/adsi_spec.rb +31 -27
  69. data/spec/unit/util/windows/sid_spec.rb +86 -15
  70. data/tasks/manpages.rake +1 -1
  71. metadata +3415 -3415
@@ -279,6 +279,14 @@ describe Puppet::Parser::Compiler do
279
279
  expect(@compiler.topscope['wat']).to eq('this is how the sausage is made')
280
280
  end
281
281
 
282
+ it "sets the environment based on node.environment instead of the parameters" do
283
+ compile_stub(:set_node_parameters)
284
+ @node.parameters['environment'] = "Not actually #{@node.environment.name}"
285
+
286
+ @compiler.compile
287
+ expect(@compiler.topscope['environment']).to eq('testing')
288
+ end
289
+
282
290
  it "should set the client and server versions on the catalog" do
283
291
  params = {"clientversion" => "2", "serverversion" => "3"}
284
292
  @node.stubs(:parameters).returns(params)
@@ -40,23 +40,36 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
40
40
  let(:invalid_user) { SecureRandom.uuid }
41
41
 
42
42
  before :each do
43
- Puppet::Util::Windows::SID.stubs(:name_to_sid_object).with('user1').returns(user1)
44
- Puppet::Util::Windows::SID.stubs(:name_to_sid_object).with('user2').returns(user2)
45
- Puppet::Util::Windows::SID.stubs(:name_to_sid_object).with('user3').returns(user3)
46
- Puppet::Util::Windows::SID.stubs(:name_to_sid_object).with(invalid_user).returns(nil)
43
+ Puppet::Util::Windows::SID.stubs(:name_to_principal).with('user1').returns(user1)
44
+ Puppet::Util::Windows::SID.stubs(:name_to_principal).with('user2').returns(user2)
45
+ Puppet::Util::Windows::SID.stubs(:name_to_principal).with('user3').returns(user3)
46
+ Puppet::Util::Windows::SID.stubs(:name_to_principal).with(invalid_user).returns(nil)
47
47
  end
48
48
 
49
49
  describe "#members_insync?" do
50
50
  it "should return true for same lists of members" do
51
- expect(provider.members_insync?(['user1', 'user2'], ['user1', 'user2'])).to be_truthy
51
+ current = [
52
+ Puppet::Util::Windows::SID.name_to_principal('user1'),
53
+ Puppet::Util::Windows::SID.name_to_principal('user2'),
54
+ ]
55
+ expect(provider.members_insync?(current, ['user1', 'user2'])).to be_truthy
52
56
  end
53
57
 
54
58
  it "should return true for same lists of unordered members" do
55
- expect(provider.members_insync?(['user1', 'user2'], ['user2', 'user1'])).to be_truthy
59
+ current = [
60
+ Puppet::Util::Windows::SID.name_to_principal('user1'),
61
+ Puppet::Util::Windows::SID.name_to_principal('user2'),
62
+ ]
63
+ expect(provider.members_insync?(current, ['user2', 'user1'])).to be_truthy
56
64
  end
57
65
 
58
66
  it "should return true for same lists of members irrespective of duplicates" do
59
- expect(provider.members_insync?(['user1', 'user2', 'user2'], ['user2', 'user1', 'user1'])).to be_truthy
67
+ current = [
68
+ Puppet::Util::Windows::SID.name_to_principal('user1'),
69
+ Puppet::Util::Windows::SID.name_to_principal('user2'),
70
+ Puppet::Util::Windows::SID.name_to_principal('user2'),
71
+ ]
72
+ expect(provider.members_insync?(current, ['user2', 'user1', 'user1'])).to be_truthy
60
73
  end
61
74
 
62
75
  it "should return true when current and should members are empty lists" do
@@ -77,7 +90,12 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
77
90
  end
78
91
 
79
92
  it "should return true when current and should contain the same users in a different order" do
80
- expect(provider.members_insync?(['user1', 'user2', 'user3'], ['user3', 'user1', 'user2'])).to be_truthy
93
+ current = [
94
+ Puppet::Util::Windows::SID.name_to_principal('user1'),
95
+ Puppet::Util::Windows::SID.name_to_principal('user2'),
96
+ Puppet::Util::Windows::SID.name_to_principal('user3'),
97
+ ]
98
+ expect(provider.members_insync?(current, ['user3', 'user1', 'user2'])).to be_truthy
81
99
  end
82
100
 
83
101
  it "should return false when current is nil" do
@@ -85,15 +103,24 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
85
103
  end
86
104
 
87
105
  it "should return false when should is nil" do
88
- expect(provider.members_insync?(['user1'], nil)).to be_falsey
106
+ current = [
107
+ Puppet::Util::Windows::SID.name_to_principal('user1'),
108
+ ]
109
+ expect(provider.members_insync?(current, nil)).to be_falsey
89
110
  end
90
111
 
91
112
  it "should return false when current contains different users than should" do
92
- expect(provider.members_insync?(['user1'], ['user2'])).to be_falsey
113
+ current = [
114
+ Puppet::Util::Windows::SID.name_to_principal('user1'),
115
+ ]
116
+ expect(provider.members_insync?(current, ['user2'])).to be_falsey
93
117
  end
94
118
 
95
119
  it "should return false when current contains members and should is empty" do
96
- expect(provider.members_insync?(['user1'], [])).to be_falsey
120
+ current = [
121
+ Puppet::Util::Windows::SID.name_to_principal('user1'),
122
+ ]
123
+ expect(provider.members_insync?(current, [])).to be_falsey
97
124
  end
98
125
 
99
126
  it "should return false when current is empty and should contains members" do
@@ -101,11 +128,19 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
101
128
  end
102
129
 
103
130
  it "should return false when should user(s) are not the only items in the current" do
104
- expect(provider.members_insync?(['user1', 'user2'], ['user1'])).to be_falsey
131
+ current = [
132
+ Puppet::Util::Windows::SID.name_to_principal('user1'),
133
+ Puppet::Util::Windows::SID.name_to_principal('user2'),
134
+ ]
135
+ expect(provider.members_insync?(current, ['user1'])).to be_falsey
105
136
  end
106
137
 
107
138
  it "should return false when current user(s) is not empty and should is an empty list" do
108
- expect(provider.members_insync?(['user1','user2'], [])).to be_falsey
139
+ current = [
140
+ Puppet::Util::Windows::SID.name_to_principal('user1'),
141
+ Puppet::Util::Windows::SID.name_to_principal('user2'),
142
+ ]
143
+ expect(provider.members_insync?(current, [])).to be_falsey
109
144
  end
110
145
  end
111
146
 
@@ -120,15 +155,24 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
120
155
  end
121
156
 
122
157
  it "should return true when should is nil" do
123
- expect(provider.members_insync?(['user1'], nil)).to be_truthy
158
+ current = [
159
+ Puppet::Util::Windows::SID.name_to_principal('user1'),
160
+ ]
161
+ expect(provider.members_insync?(current, nil)).to be_truthy
124
162
  end
125
163
 
126
164
  it "should return false when current contains different users than should" do
127
- expect(provider.members_insync?(['user1'], ['user2'])).to be_falsey
165
+ current = [
166
+ Puppet::Util::Windows::SID.name_to_principal('user1'),
167
+ ]
168
+ expect(provider.members_insync?(current, ['user2'])).to be_falsey
128
169
  end
129
170
 
130
171
  it "should return true when current contains members and should is empty" do
131
- expect(provider.members_insync?(['user1'], [])).to be_truthy
172
+ current = [
173
+ Puppet::Util::Windows::SID.name_to_principal('user1'),
174
+ ]
175
+ expect(provider.members_insync?(current, [])).to be_truthy
132
176
  end
133
177
 
134
178
  it "should return false when current is empty and should contains members" do
@@ -136,15 +180,28 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
136
180
  end
137
181
 
138
182
  it "should return true when current user(s) contains at least the should list" do
139
- expect(provider.members_insync?(['user1','user2'], ['user1'])).to be_truthy
183
+ current = [
184
+ Puppet::Util::Windows::SID.name_to_principal('user1'),
185
+ Puppet::Util::Windows::SID.name_to_principal('user2'),
186
+ ]
187
+ expect(provider.members_insync?(current, ['user1'])).to be_truthy
140
188
  end
141
189
 
142
190
  it "should return true when current user(s) is not empty and should is an empty list" do
143
- expect(provider.members_insync?(['user1','user2'], [])).to be_truthy
191
+ current = [
192
+ Puppet::Util::Windows::SID.name_to_principal('user1'),
193
+ Puppet::Util::Windows::SID.name_to_principal('user2'),
194
+ ]
195
+ expect(provider.members_insync?(current, [])).to be_truthy
144
196
  end
145
197
 
146
198
  it "should return true when current user(s) contains at least the should list, even unordered" do
147
- expect(provider.members_insync?(['user3','user1','user2'], ['user2','user1'])).to be_truthy
199
+ current = [
200
+ Puppet::Util::Windows::SID.name_to_principal('user3'),
201
+ Puppet::Util::Windows::SID.name_to_principal('user1'),
202
+ Puppet::Util::Windows::SID.name_to_principal('user2'),
203
+ ]
204
+ expect(provider.members_insync?(current, ['user2','user1'])).to be_truthy
148
205
  end
149
206
  end
150
207
  end
@@ -196,8 +253,8 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
196
253
 
197
254
  provider.group.stubs(:member_sids).returns(member_sids[0..1])
198
255
 
199
- Puppet::Util::Windows::SID.expects(:name_to_sid_object).with('user2').returns(member_sids[1])
200
- Puppet::Util::Windows::SID.expects(:name_to_sid_object).with('user3').returns(member_sids[2])
256
+ Puppet::Util::Windows::SID.expects(:name_to_principal).with('user2').returns(member_sids[1])
257
+ Puppet::Util::Windows::SID.expects(:name_to_principal).with('user3').returns(member_sids[2])
201
258
 
202
259
  provider.group.expects(:remove_member_sids).with(member_sids[0])
203
260
  provider.group.expects(:add_member_sids).with(member_sids[2])
@@ -247,7 +304,7 @@ describe Puppet::Type.type(:group).provider(:windows_adsi), :if => Puppet.featur
247
304
  end
248
305
 
249
306
  it "should be able to test whether a group exists" do
250
- Puppet::Util::Windows::SID.stubs(:name_to_sid_object).returns(nil)
307
+ Puppet::Util::Windows::SID.stubs(:name_to_principal).returns(nil)
251
308
  Puppet::Util::Windows::ADSI.stubs(:connect).returns stub('connection', :Class => 'Group')
252
309
  expect(provider).to be_exists
253
310
 
@@ -126,7 +126,7 @@ describe Puppet::Type.type(:service).provider(:systemd) do
126
126
  expect(described_class).not_to be_default
127
127
  end
128
128
 
129
- [ '15.04', '15.10', '16.04', '16.10' ].each do |ver|
129
+ [ '15.04', '15.10', '16.04', '16.10', '17.04', '17.10', '18.04' ].each do |ver|
130
130
  it "should be the default provider on ubuntu#{ver}" do
131
131
  Facter.stubs(:value).with(:osfamily).returns(:debian)
132
132
  Facter.stubs(:value).with(:operatingsystem).returns(:ubuntu)
@@ -81,9 +81,9 @@ describe Puppet::Type.type(:user).provider(:windows_adsi), :if => Puppet.feature
81
81
  let(:group3) { stub(:account => 'group3', :domain => '.', :sid => 'group3sid') }
82
82
 
83
83
  before :each do
84
- Puppet::Util::Windows::SID.stubs(:name_to_sid_object).with('group1').returns(group1)
85
- Puppet::Util::Windows::SID.stubs(:name_to_sid_object).with('group2').returns(group2)
86
- Puppet::Util::Windows::SID.stubs(:name_to_sid_object).with('group3').returns(group3)
84
+ Puppet::Util::Windows::SID.stubs(:name_to_principal).with('group1').returns(group1)
85
+ Puppet::Util::Windows::SID.stubs(:name_to_principal).with('group2').returns(group2)
86
+ Puppet::Util::Windows::SID.stubs(:name_to_principal).with('group3').returns(group3)
87
87
  end
88
88
 
89
89
  it "should return true for same lists of members" do
@@ -267,7 +267,7 @@ describe Puppet::Type.type(:user).provider(:windows_adsi), :if => Puppet.feature
267
267
  end
268
268
 
269
269
  it 'should be able to test whether a user exists' do
270
- Puppet::Util::Windows::SID.stubs(:name_to_sid_object).returns(nil)
270
+ Puppet::Util::Windows::SID.stubs(:name_to_principal).returns(nil)
271
271
  Puppet::Util::Windows::ADSI.stubs(:connect).returns stub('connection', :Class => 'User')
272
272
  expect(provider).to be_exists
273
273
 
@@ -92,7 +92,7 @@ describe Puppet::Util::Plist, :if => Puppet.features.cfpropertylist? do
92
92
  subject.stubs(:open_file_with_args).with(plist_path, 'r:UTF-8').returns(invalid_xml_plist)
93
93
  Puppet.expects(:debug).with(regexp_matches(/^Failed with CFFormatError/))
94
94
  Puppet.expects(:debug).with("Plist #{plist_path} ill-formatted, converting with plutil")
95
- Puppet::Util::Execution.expects(:execute).with(['/usr/bin/plutil', '-convert', 'xml1', '-o', '/dev/stdout', plist_path],
95
+ Puppet::Util::Execution.expects(:execute).with(['/usr/bin/plutil', '-convert', 'xml1', '-o', '-', plist_path],
96
96
  {:failonfail => true, :combine => true}).returns(valid_xml_plist)
97
97
  expect(subject.read_plist_file(plist_path)).to eq(valid_xml_plist_hash)
98
98
  end
@@ -101,7 +101,7 @@ describe Puppet::Util::Plist, :if => Puppet.features.cfpropertylist? do
101
101
  subject.stubs(:open_file_with_args).with(plist_path, 'r:UTF-8').returns(non_plist_data)
102
102
  Puppet.expects(:debug).with(regexp_matches(/^Failed with (CFFormatError|NoMethodError)/))
103
103
  Puppet.expects(:debug).with("Plist #{plist_path} ill-formatted, converting with plutil")
104
- Puppet::Util::Execution.expects(:execute).with(['/usr/bin/plutil', '-convert', 'xml1', '-o', '/dev/stdout', plist_path],
104
+ Puppet::Util::Execution.expects(:execute).with(['/usr/bin/plutil', '-convert', 'xml1', '-o', '-', plist_path],
105
105
  {:failonfail => true, :combine => true}).raises(Puppet::ExecutionFailure, 'boom')
106
106
  expect(subject.read_plist_file(plist_path)).to eq(nil)
107
107
  end
@@ -110,7 +110,7 @@ describe Puppet::Util::Plist, :if => Puppet.features.cfpropertylist? do
110
110
  subject.stubs(:open_file_with_args).with(plist_path, 'r:UTF-8').returns(binary_data)
111
111
  Puppet.expects(:debug).with(regexp_matches(/^Failed with (CFFormatError|ArgumentError)/))
112
112
  Puppet.expects(:debug).with("Plist #{plist_path} ill-formatted, converting with plutil")
113
- Puppet::Util::Execution.expects(:execute).with(['/usr/bin/plutil', '-convert', 'xml1', '-o', '/dev/stdout', plist_path],
113
+ Puppet::Util::Execution.expects(:execute).with(['/usr/bin/plutil', '-convert', 'xml1', '-o', '-', plist_path],
114
114
  {:failonfail => true, :combine => true}).raises(Puppet::ExecutionFailure, 'boom')
115
115
  expect(subject.read_plist_file(plist_path)).to eq(nil)
116
116
  end
@@ -106,14 +106,14 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
106
106
  end
107
107
 
108
108
  it "should be able to check the existence of a user" do
109
- Puppet::Util::Windows::SID.expects(:name_to_sid_object).with(username).returns nil
109
+ Puppet::Util::Windows::SID.expects(:name_to_principal).with(username).returns nil
110
110
  Puppet::Util::Windows::ADSI.expects(:connect).with("WinNT://./#{username},user").returns connection
111
111
  connection.expects(:Class).returns('User')
112
112
  expect(Puppet::Util::Windows::ADSI::User.exists?(username)).to be_truthy
113
113
  end
114
114
 
115
115
  it "should be able to check the existence of a domain user" do
116
- Puppet::Util::Windows::SID.expects(:name_to_sid_object).with("#{domain}\\#{username}").returns nil
116
+ Puppet::Util::Windows::SID.expects(:name_to_principal).with("#{domain}\\#{username}").returns nil
117
117
  Puppet::Util::Windows::ADSI.expects(:connect).with("WinNT://#{domain}/#{username},user").returns connection
118
118
  connection.expects(:Class).returns('User')
119
119
  expect(Puppet::Util::Windows::ADSI::User.exists?(domain_username)).to be_truthy
@@ -213,7 +213,7 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
213
213
  end
214
214
 
215
215
  it "should generate the correct URI" do
216
- Puppet::Util::Windows::SID.stubs(:octet_string_to_sid_object).returns(sid)
216
+ Puppet::Util::Windows::SID.stubs(:octet_string_to_principal).returns(sid)
217
217
  expect(user.uri).to eq("WinNT://testcomputername/#{username},user")
218
218
  end
219
219
 
@@ -276,8 +276,8 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
276
276
  let(:someone_sid){ stub(:account => 'someone', :domain => 'testcomputername')}
277
277
 
278
278
  describe "should be able to use SID objects" do
279
- let(:system) { Puppet::Util::Windows::SID.name_to_sid_object('SYSTEM') }
280
- let(:invalid) { Puppet::Util::Windows::SID.name_to_sid_object('foobar') }
279
+ let(:system) { Puppet::Util::Windows::SID.name_to_principal('SYSTEM') }
280
+ let(:invalid) { Puppet::Util::Windows::SID.name_to_principal('foobar') }
281
281
 
282
282
  it "to add a member" do
283
283
  adsi_group.expects(:Add).with("WinNT://S-1-5-18")
@@ -303,11 +303,14 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
303
303
  it "should provide its groups as a list of names" do
304
304
  names = ['user1', 'user2']
305
305
 
306
- users = names.map { |name| stub('user', :Name => name) }
306
+ users = names.map { |name| stub('user', :Name => name, :objectSID => name, :ole_respond_to? => true) }
307
307
 
308
308
  adsi_group.expects(:Members).returns(users)
309
309
 
310
- expect(group.members).to match(names)
310
+ Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with('user1').returns(stub(:domain_account => 'HOSTNAME\user1'))
311
+ Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with('user2').returns(stub(:domain_account => 'HOSTNAME\user2'))
312
+
313
+ expect(group.members.map(&:domain_account)).to match(['HOSTNAME\user1', 'HOSTNAME\user2'])
311
314
  end
312
315
 
313
316
  context "calling .set_members" do
@@ -320,16 +323,16 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
320
323
  ]
321
324
 
322
325
  # use stubbed objectSid on member to return stubbed SID
323
- Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([0]).returns(sids[0])
324
- Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([1]).returns(sids[1])
326
+ Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([0]).returns(sids[0])
327
+ Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([1]).returns(sids[1])
325
328
 
326
- Puppet::Util::Windows::SID.expects(:name_to_sid_object).with('user2').returns(sids[1])
327
- Puppet::Util::Windows::SID.expects(:name_to_sid_object).with('DOMAIN2\user3').returns(sids[2])
329
+ Puppet::Util::Windows::SID.expects(:name_to_principal).with('user2').returns(sids[1])
330
+ Puppet::Util::Windows::SID.expects(:name_to_principal).with('DOMAIN2\user3').returns(sids[2])
328
331
 
329
332
  Puppet::Util::Windows::ADSI.expects(:sid_uri).with(sids[0]).returns("WinNT://DOMAIN/user1,user")
330
333
  Puppet::Util::Windows::ADSI.expects(:sid_uri).with(sids[2]).returns("WinNT://DOMAIN2/user3,user")
331
334
 
332
- members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i])}
335
+ members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i], :ole_respond_to? => true)}
333
336
  adsi_group.expects(:Members).returns members
334
337
 
335
338
  adsi_group.expects(:Remove).with('WinNT://DOMAIN/user1,user')
@@ -347,15 +350,15 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
347
350
  ]
348
351
 
349
352
  # use stubbed objectSid on member to return stubbed SID
350
- Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([0]).returns(sids[0])
351
- Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([1]).returns(sids[1])
353
+ Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([0]).returns(sids[0])
354
+ Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([1]).returns(sids[1])
352
355
 
353
- Puppet::Util::Windows::SID.expects(:name_to_sid_object).with('user2').returns(sids[1])
354
- Puppet::Util::Windows::SID.expects(:name_to_sid_object).with('DOMAIN2\user3').returns(sids[2])
356
+ Puppet::Util::Windows::SID.expects(:name_to_principal).with('user2').returns(sids[1])
357
+ Puppet::Util::Windows::SID.expects(:name_to_principal).with('DOMAIN2\user3').returns(sids[2])
355
358
 
356
359
  Puppet::Util::Windows::ADSI.expects(:sid_uri).with(sids[2]).returns("WinNT://DOMAIN2/user3,user")
357
360
 
358
- members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i])}
361
+ members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i], :ole_respond_to? => true)}
359
362
  adsi_group.expects(:Members).returns members
360
363
 
361
364
  adsi_group.expects(:Remove).with('WinNT://DOMAIN/user1,user').never
@@ -382,13 +385,13 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
382
385
  ]
383
386
 
384
387
  # use stubbed objectSid on member to return stubbed SID
385
- Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([0]).returns(sids[0])
386
- Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([1]).returns(sids[1])
388
+ Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([0]).returns(sids[0])
389
+ Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([1]).returns(sids[1])
387
390
 
388
391
  Puppet::Util::Windows::ADSI.expects(:sid_uri).with(sids[0]).returns("WinNT://DOMAIN/user1,user")
389
392
  Puppet::Util::Windows::ADSI.expects(:sid_uri).with(sids[1]).returns("WinNT://testcomputername/user2,user")
390
393
 
391
- members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i])}
394
+ members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i], :ole_respond_to? => true)}
392
395
  adsi_group.expects(:Members).returns members
393
396
 
394
397
  adsi_group.expects(:Remove).with('WinNT://DOMAIN/user1,user')
@@ -404,10 +407,10 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
404
407
  stub(:account => 'user2', :domain => 'testcomputername', :sid => 2 ),
405
408
  ]
406
409
  # use stubbed objectSid on member to return stubbed SID
407
- Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([0]).returns(sids[0])
408
- Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([1]).returns(sids[1])
410
+ Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([0]).returns(sids[0])
411
+ Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([1]).returns(sids[1])
409
412
 
410
- members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i])}
413
+ members = names.each_with_index.map{|n,i| stub(:Name => n, :objectSID => [i], :ole_respond_to? => true)}
411
414
  adsi_group.expects(:Members).returns members
412
415
 
413
416
  adsi_group.expects(:Remove).never
@@ -428,7 +431,7 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
428
431
  adsi_group.expects(:objectSID).returns([0])
429
432
  Socket.expects(:gethostname).returns('TESTcomputerNAME')
430
433
  computer_sid = stub(:account => groupname,:domain => 'testcomputername')
431
- Puppet::Util::Windows::SID.expects(:octet_string_to_sid_object).with([0]).returns(computer_sid)
434
+ Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([0]).returns(computer_sid)
432
435
  expect(group.uri).to eq("WinNT://./#{groupname},group")
433
436
  end
434
437
  end
@@ -458,7 +461,7 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
458
461
  end
459
462
 
460
463
  it "should be able to confirm the existence of a group" do
461
- Puppet::Util::Windows::SID.expects(:name_to_sid_object).with(groupname).returns nil
464
+ Puppet::Util::Windows::SID.expects(:name_to_principal).with(groupname).returns nil
462
465
  Puppet::Util::Windows::ADSI.expects(:connect).with("WinNT://./#{groupname},group").returns connection
463
466
  connection.expects(:Class).returns('Group')
464
467
 
@@ -500,13 +503,14 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet.features.microsoft_windows?
500
503
  Puppet::Util::Windows::ADSI.expects(:execquery).with('select name from win32_group where localaccount = "TRUE"').returns(wmi_groups)
501
504
 
502
505
  native_group = stub('IADsGroup')
503
- native_group.expects(:Members).returns([stub(:Name => 'Administrator')])
506
+ Puppet::Util::Windows::SID.expects(:octet_string_to_principal).with([]).returns(stub(:domain_account => '.\Administrator'))
507
+ native_group.expects(:Members).returns([stub(:Name => 'Administrator', :objectSID => [], :ole_respond_to? => true)])
504
508
  Puppet::Util::Windows::ADSI.expects(:connect).with("WinNT://./#{name},group").returns(native_group)
505
509
 
506
510
  groups = Puppet::Util::Windows::ADSI::Group.to_a
507
511
  expect(groups.length).to eq(1)
508
512
  expect(groups[0].name).to eq(name)
509
- expect(groups[0].members).to eq(['Administrator'])
513
+ expect(groups[0].members.map(&:domain_account)).to eq(['.\Administrator'])
510
514
  end
511
515
  end
512
516
 
@@ -13,10 +13,10 @@ describe "Puppet::Util::Windows::SID", :if => Puppet.features.microsoft_windows?
13
13
  let(:null_sid) { 'S-1-0-0' }
14
14
  let(:unknown_name) { 'chewbacca' }
15
15
 
16
- context "#octet_string_to_sid_object" do
16
+ context "#octet_string_to_principal" do
17
17
  it "should properly convert an array of bytes for a well-known non-localized SID" do
18
18
  bytes = [1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
19
- converted = subject.octet_string_to_sid_object(bytes)
19
+ converted = subject.octet_string_to_principal(bytes)
20
20
 
21
21
  expect(converted).to be_an_instance_of Puppet::Util::Windows::SID::Principal
22
22
  expect(converted.sid_bytes).to eq(bytes)
@@ -28,13 +28,13 @@ describe "Puppet::Util::Windows::SID", :if => Puppet.features.microsoft_windows?
28
28
 
29
29
  it "should raise an error for non-array input" do
30
30
  expect {
31
- subject.octet_string_to_sid_object(invalid_sid)
31
+ subject.octet_string_to_principal(invalid_sid)
32
32
  }.to raise_error(Puppet::Error, /Octet string must be an array of bytes/)
33
33
  end
34
34
 
35
35
  it "should raise an error for an empty byte array" do
36
36
  expect {
37
- subject.octet_string_to_sid_object([])
37
+ subject.octet_string_to_principal([])
38
38
  }.to raise_error(Puppet::Error, /Octet string must be an array of bytes/)
39
39
  end
40
40
 
@@ -42,7 +42,7 @@ describe "Puppet::Util::Windows::SID", :if => Puppet.features.microsoft_windows?
42
42
  expect {
43
43
  # S-1-1-1 which is not a valid account
44
44
  valid_octet_invalid_user =[1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0]
45
- subject.octet_string_to_sid_object(valid_octet_invalid_user)
45
+ subject.octet_string_to_principal(valid_octet_invalid_user)
46
46
  }.to raise_error do |error|
47
47
  expect(error).to be_a(Puppet::Util::Windows::Error)
48
48
  expect(error.code).to eq(1332) # ERROR_NONE_MAPPED
@@ -52,7 +52,7 @@ describe "Puppet::Util::Windows::SID", :if => Puppet.features.microsoft_windows?
52
52
  it "should raise an error for a malformed byte array" do
53
53
  expect {
54
54
  invalid_octet = [2]
55
- subject.octet_string_to_sid_object(invalid_octet)
55
+ subject.octet_string_to_principal(invalid_octet)
56
56
  }.to raise_error do |error|
57
57
  expect(error).to be_a(Puppet::Util::Windows::Error)
58
58
  expect(error.code).to eq(87) # ERROR_INVALID_PARAMETER
@@ -72,12 +72,12 @@ describe "Puppet::Util::Windows::SID", :if => Puppet.features.microsoft_windows?
72
72
  end
73
73
 
74
74
  it "should return a SID for a passed user or group name" do
75
- subject.expects(:name_to_sid_object).with('testers').returns stub(:sid => 'S-1-5-32-547')
75
+ subject.expects(:name_to_principal).with('testers').returns stub(:sid => 'S-1-5-32-547')
76
76
  expect(subject.name_to_sid('testers')).to eq('S-1-5-32-547')
77
77
  end
78
78
 
79
79
  it "should return a SID for a passed fully-qualified user or group name" do
80
- subject.expects(:name_to_sid_object).with('MACHINE\testers').returns stub(:sid => 'S-1-5-32-547')
80
+ subject.expects(:name_to_principal).with('MACHINE\testers').returns stub(:sid => 'S-1-5-32-547')
81
81
  expect(subject.name_to_sid('MACHINE\testers')).to eq('S-1-5-32-547')
82
82
  end
83
83
 
@@ -128,37 +128,108 @@ describe "Puppet::Util::Windows::SID", :if => Puppet.features.microsoft_windows?
128
128
  end
129
129
  end
130
130
 
131
- context "#name_to_sid_object" do
131
+ context "#name_to_principal" do
132
132
  it "should return nil if the account does not exist" do
133
- expect(subject.name_to_sid_object(unknown_name)).to be_nil
133
+ expect(subject.name_to_principal(unknown_name)).to be_nil
134
134
  end
135
135
 
136
136
  it "should return a Puppet::Util::Windows::SID::Principal instance for any valid sid" do
137
- expect(subject.name_to_sid_object(sid)).to be_an_instance_of(Puppet::Util::Windows::SID::Principal)
137
+ expect(subject.name_to_principal(sid)).to be_an_instance_of(Puppet::Util::Windows::SID::Principal)
138
138
  end
139
139
 
140
140
  it "should accept unqualified account name" do
141
141
  # NOTE: lookup by name works in localized environments only for a few instances
142
142
  # this works in French Windows, even though the account is really Syst\u00E8me
143
- expect(subject.name_to_sid_object('SYSTEM').sid).to eq(sid)
143
+ expect(subject.name_to_principal('SYSTEM').sid).to eq(sid)
144
144
  end
145
145
 
146
146
  it "should be case-insensitive" do
147
147
  # NOTE: lookup by name works in localized environments only for a few instances
148
148
  # this works in French Windows, even though the account is really Syst\u00E8me
149
- expect(subject.name_to_sid_object('SYSTEM')).to eq(subject.name_to_sid_object('system'))
149
+ expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal('system'))
150
150
  end
151
151
 
152
152
  it "should be leading and trailing whitespace-insensitive" do
153
153
  # NOTE: lookup by name works in localized environments only for a few instances
154
154
  # this works in French Windows, even though the account is really Syst\u00E8me
155
- expect(subject.name_to_sid_object('SYSTEM')).to eq(subject.name_to_sid_object(' SYSTEM '))
155
+ expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal(' SYSTEM '))
156
156
  end
157
157
 
158
158
  it "should accept domain qualified account names" do
159
159
  # NOTE: lookup by name works in localized environments only for a few instances
160
160
  # this works in French Windows, even though the account is really AUTORITE NT\\Syst\u00E8me
161
- expect(subject.name_to_sid_object('NT AUTHORITY\SYSTEM').sid).to eq(sid)
161
+ expect(subject.name_to_principal('NT AUTHORITY\SYSTEM').sid).to eq(sid)
162
+ end
163
+ end
164
+
165
+ context "#ads_to_principal" do
166
+ it "should raise an error for non-WIN32OLE input" do
167
+ expect {
168
+ subject.ads_to_principal(stub('WIN32OLE', { :Name => 'foo' }))
169
+ }.to raise_error(Puppet::Error, /ads_object must be an IAdsUser or IAdsGroup instance/)
170
+ end
171
+
172
+ it "should raise an error for an empty byte array in the objectSID property" do
173
+ expect {
174
+ subject.ads_to_principal(stub('WIN32OLE', { :objectSID => [], :Name => '', :ole_respond_to? => true }))
175
+ }.to raise_error(Puppet::Error, /Octet string must be an array of bytes/)
176
+ end
177
+
178
+ it "should raise an error for a malformed byte array" do
179
+ expect {
180
+ invalid_octet = [2]
181
+ subject.ads_to_principal(stub('WIN32OLE', { :objectSID => invalid_octet, :Name => '', :ole_respond_to? => true }))
182
+ }.to raise_error do |error|
183
+ expect(error).to be_a(Puppet::Util::Windows::Error)
184
+ expect(error.code).to eq(87) # ERROR_INVALID_PARAMETER
185
+ end
186
+ end
187
+
188
+ it "should raise an error when a valid byte array for SID is unresolvable and its Name does not match" do
189
+ expect {
190
+ # S-1-1-1 is a valid SID that will not resolve
191
+ valid_octet_invalid_user = [1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0]
192
+ subject.ads_to_principal(stub('WIN32OLE', { :objectSID => valid_octet_invalid_user, :Name => unknown_name, :ole_respond_to? => true }))
193
+ }.to raise_error do |error|
194
+ expect(error).to be_a(Puppet::Error)
195
+ expect(error.cause.code).to eq(1332) # ERROR_NONE_MAPPED
196
+ end
197
+ end
198
+
199
+ it "should return a Principal object even when the SID is unresolvable, as long as the Name matches" do
200
+ # S-1-1-1 is a valid SID that will not resolve
201
+ valid_octet_invalid_user = [1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0]
202
+ unresolvable_user = stub('WIN32OLE', { :objectSID => valid_octet_invalid_user, :Name => 'S-1-1-1', :ole_respond_to? => true })
203
+ principal = subject.ads_to_principal(unresolvable_user)
204
+
205
+ expect(principal).to be_an_instance_of(Puppet::Util::Windows::SID::Principal)
206
+ expect(principal.account).to eq('S-1-1-1 (unresolvable)')
207
+ expect(principal.domain).to eq(nil)
208
+ expect(principal.domain_account).to eq('S-1-1-1 (unresolvable)')
209
+ expect(principal.sid).to eq('S-1-1-1')
210
+ expect(principal.sid_bytes).to eq(valid_octet_invalid_user)
211
+ expect(principal.account_type).to eq(:SidTypeUnknown)
212
+ end
213
+
214
+ it "should return a Puppet::Util::Windows::SID::Principal instance for any valid sid" do
215
+ system_bytes = [1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0]
216
+ adsuser = stub('WIN32OLE', { :objectSID => system_bytes, :Name => 'SYSTEM', :ole_respond_to? => true })
217
+ expect(subject.ads_to_principal(adsuser)).to be_an_instance_of(Puppet::Util::Windows::SID::Principal)
218
+ end
219
+
220
+ it "should properly convert an array of bytes for a well-known non-localized SID, ignoring the Name from the WIN32OLE object" do
221
+ bytes = [1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
222
+ adsuser = stub('WIN32OLE', { :objectSID => bytes, :Name => unknown_name, :ole_respond_to? => true })
223
+ converted = subject.ads_to_principal(adsuser)
224
+
225
+ expect(converted).to be_an_instance_of Puppet::Util::Windows::SID::Principal
226
+ expect(converted.sid_bytes).to eq(bytes)
227
+ expect(converted.sid).to eq(null_sid)
228
+
229
+ # carefully select a SID here that is not localized on international Windows
230
+ expect(converted.account).to eq('NULL SID')
231
+ # garbage name supplied does not carry forward as SID is looked up again
232
+ expect(converted.account).to_not eq(adsuser.Name)
162
233
  end
163
234
  end
164
235