puppet 5.5.16-universal-darwin → 5.5.17-universal-darwin

data/spec/unit/provider/package/yum_spec.rb

@@ -23,6 +23,13 @@ describe Puppet::Type.type(:package).provider(:yum) do
 
     before { allow(described_class).to receive(:command).with(:cmd).and_return("/usr/bin/yum") }
 
+  describe 'provider features' do
+    it { is_expected.to be_versionable }
+    it { is_expected.to be_install_options }
+    it { is_expected.to be_virtual_packages }
+    it { is_expected.to be_install_only }
+  end
+
     context "when installing" do
       it "should use the supplied source as the explicit path to a package to install" do
         resource[:ensure] = :present

data/spec/unit/provider/service/launchd_spec.rb

@@ -125,6 +125,8 @@ describe Puppet::Type.type(:service).provider(:launchd) do
   end
 
   describe "when starting the service" do
+    let(:services) { "12345 0 #{joblabel}"  }
+
     it "should call any explicit 'start' command" do
       resource[:start] = "/bin/false"
       expect(subject).to receive(:texecute).with(:start, ["/bin/false"], true)
@@ -132,6 +134,7 @@ describe Puppet::Type.type(:service).provider(:launchd) do
     end
 
     it "should look for the relevant plist once" do
+      allow(provider).to receive(:launchctl).with(:list).and_return(services)
       expect(subject).to receive(:plist_from_label).and_return([joblabel, {}]).once
       expect(subject).to receive(:enabled?).and_return(:true)
       expect(subject).to receive(:execute).with([:launchctl, :load, "-w", joblabel])
@@ -139,6 +142,7 @@ describe Puppet::Type.type(:service).provider(:launchd) do
     end
 
     it "should execute 'launchctl load' once without writing to the plist if the job is enabled" do
+      allow(provider).to receive(:launchctl).with(:list).and_return(services)
       expect(subject).to receive(:plist_from_label).and_return([joblabel, {}])
       expect(subject).to receive(:enabled?).and_return(:true)
       expect(subject).to receive(:execute).with([:launchctl, :load, "-w", joblabel]).once
@@ -242,6 +246,30 @@ describe Puppet::Type.type(:service).provider(:launchd) do
     end
   end
 
+  describe "when a service is unavailable" do
+    let(:map) { {"some.random.job" => "/path/to/job.plist"} }
+    
+    before :each do
+      allow(provider).to receive(:make_label_to_path_map).and_return(map)
+    end
+
+    it "should fail when searching for the unavailable service" do
+      expect { provider.jobsearch("NOSUCH") }.to raise_error(Puppet::Error)
+    end
+
+    it "should return false when enabling the service" do
+      expect(subject.enabled?).to eq(:false)
+    end
+
+    it "should fail when starting the service" do
+      expect { subject.start }.to raise_error(Puppet::Error)
+    end
+
+    it "should fail when starting the service" do
+      expect { subject.stop }.to raise_error(Puppet::Error)
+    end
+  end
+
   [[10, "10.6"], [13, "10.9"]].each do |kernel, version|
     describe "when enabling the service on OS X #{version}" do
       it "should write to the global launchd overrides file once" do

data/spec/unit/provider/service/windows_spec.rb

@@ -148,6 +148,11 @@ describe Puppet::Type.type(:service).provider(:windows), :if => Puppet.features.
       expect(provider.enabled?).to eq(:manual)
     end
 
+    it "should report a service with a startup type of delayed as delayed" do
+      expect(service_util).to receive(:service_start_type).with(name).and_return(:SERVICE_DELAYED_AUTO_START)
+      expect(provider.enabled?).to eq(:delayed)
+    end
+
     it "should report a service with a startup type of disabled as false" do
       expect(service_util).to receive(:service_start_type).with(name).and_return(:SERVICE_DISABLED)
       expect(provider.enabled?).to eq(:false)
@@ -213,4 +218,19 @@ describe Puppet::Type.type(:service).provider(:windows), :if => Puppet.features.
       }.to raise_error(Puppet::Error, /Cannot enable #{name}/)
     end
   end
+
+  describe "#delayed_start" do
+    it "should set service start type to Service_Config_Delayed_Auto_Start (delayed) when delayed" do
+      expect(service_util).to receive(:set_startup_mode).with(name, :SERVICE_AUTO_START, true)
+      provider.delayed_start
+    end
+
+    it "raises an error if set_startup_mode fails" do
+      expect(service_util).to receive(:set_startup_mode).with(name, :SERVICE_AUTO_START, true).and_raise(Puppet::Error.new('foobar'))
+
+      expect {
+        provider.delayed_start
+      }.to raise_error(Puppet::Error, /Cannot enable #{name}/)
+    end
+  end
 end

data/spec/unit/provider/user/pw_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'open3'
 
 RSpec::Matchers.define_negated_matcher :excluding, :include
 
@@ -81,6 +82,23 @@ describe Puppet::Type.type(:user).provider(:pw) do
       provider.create
     end
 
+    it "should call execute with sensitive true when the password property is set" do
+      Puppet::Util::Log.level = :debug
+      resource[:password] = "abc123"
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
+      popen = double("popen", :puts => nil, :close => nil)
+      expect(Open3).to receive(:popen3).and_return(popen)
+      expect(popen).to receive(:puts).with("abc123")
+      provider.create
+      expect(@logs).not_to be_any {|log| log.level == :debug and log.message =~ /abc123/}
+    end
+
+    it "should call execute with sensitive false when a non-sensitive property is set" do
+      resource[:managehome] = true
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
+      provider.create
+    end
+
     it "should use -s with the correct argument when the shell property is set" do
       resource[:shell] = "/bin/sh"
       expect(provider).to receive(:execute).with(include("-s").and(include("/bin/sh")), kind_of(Hash))
@@ -209,5 +227,24 @@ describe Puppet::Type.type(:user).provider(:pw) do
       expect(provider).to receive(:execute).with(include("-u").and(include(54321)), hash_including(custom_environment: {}))
       provider.uid = 54321
     end
+
+    it "should print a debug message with sensitive data redacted when the password property is set" do
+      Puppet::Util::Log.level = :debug
+      resource[:password] = "*"
+      popen = double("popen", :puts => nil, :close => nil)
+      expect(Open3).to receive(:popen3).and_return(popen)
+      expect(popen).to receive(:puts).with("abc123")
+      provider.password = "abc123"
+
+      expect(@logs).not_to be_any {|log| log.level == :debug and log.message =~ /abc123/}
+     end
+
+    it "should call execute with sensitive false when a non-sensitive property is set" do
+      Puppet::Util::Log.level = :debug
+      resource[:home] = "/home/testuser"
+      resource[:managehome] = true
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
+      provider.home = "/newhome/testuser"
+    end
   end
 end

data/spec/unit/provider/user/useradd_spec.rb

@@ -44,6 +44,27 @@ describe Puppet::Type.type(:user).provider(:useradd) do
       allow(provider).to receive(:exists?).and_return(false)
     end
 
+    it "should not redact the command from debug logs if there is no password" do
+      described_class.has_feature :manages_passwords
+      resource[:ensure] = :present
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
+      provider.create
+    end
+
+    it "should redact the command from debug logs if there is a password" do
+      described_class.has_feature :manages_passwords
+      resource2 = Puppet::Type.type(:user).new(
+        :name       => 'myuser',
+        :password   => 'a pass word',
+        :managehome => :false,
+        :system     => :false,
+        :provider   => provider,
+      )
+      resource2[:ensure] = :present
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
+      provider.create
+    end
+
     it "should add -g when no gid is specified and group already exists" do
       allow(Puppet::Util).to receive(:gid).and_return(true)
       resource[:ensure] = :present
@@ -165,6 +186,27 @@ describe Puppet::Type.type(:user).provider(:useradd) do
     end
   end
 
+  describe 'when modifying the password' do
+    before do
+      described_class.has_feature :libuser
+      described_class.has_feature :manages_passwords
+      #Setting any resource value here initializes needed variables and methods in the resource and provider
+      #Setting a password value here initializes the existence and management of the password parameter itself
+      #Otherwise, this value would not need to be initialized for the test
+      resource[:password] = ''
+    end
+
+    it "should not call execute with sensitive if non-sensitive data is changed" do
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
+      provider.home = 'foo/bar'
+    end
+
+    it "should call execute with sensitive if sensitive data is changed" do
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
+      provider.password = 'bird bird bird'
+    end
+  end
+
   describe '#modify' do
     describe "on systems with the libuser and forcelocal=false" do
       before do

data/spec/unit/resource_spec.rb

@@ -747,7 +747,8 @@ describe Puppet::Resource do
       @resource = Puppet::Resource.new("one::two", "/my/file",
         :parameters => {
           :noop => true,
-          :foo => %w{one two},
+          :foo => [:one, "two"],
+          :bar => 'a\'b',
           :ensure => 'present',
         }
       )
@@ -757,10 +758,34 @@ describe Puppet::Resource do
       expect(@resource.to_hierayaml).to eq <<-HEREDOC.gsub(/^\s{8}/, '')
           /my/file:
             ensure: 'present'
+            bar   : 'a\\'b'
             foo   : ['one', 'two']
             noop  : true
       HEREDOC
     end
+
+    it "should convert some types to String" do
+      expect(@resource.to_hiera_hash).to eq(
+        "/my/file" => {
+          'ensure' => "present",
+          'bar'    => "a'b",
+          'foo'    => ["one", "two"],
+          'noop'   => true
+        }
+      )
+    end
+
+    it "accepts symbolic titles" do
+      res = Puppet::Resource.new(:file, "/my/file", :parameters => { 'ensure' => "present" })
+
+      expect(res.to_hiera_hash.keys).to eq(["/my/file"])
+    end
+
+    it "emits an empty parameters hash" do
+      res = Puppet::Resource.new(:file, "/my/file")
+
+      expect(res.to_hiera_hash).to eq({"/my/file" => {}})
+    end
   end
   describe "when converting to json" do
     # LAK:NOTE For all of these tests, we convert back to the resource so we can

data/spec/unit/transaction_spec.rb

@@ -778,6 +778,24 @@ describe Puppet::Transaction do
 
       transaction.evaluate
     end
+
+    it "should call Selinux.matchpathcon_fini in case Selinux is enabled ", :if => Puppet.features.posix? do
+      unless defined?(Selinux)
+        module Selinux
+          def self.is_selinux_enabled
+            true
+          end
+        end
+      end
+
+      resource = Puppet::Type.type(:file).new(:path => make_absolute("/tmp/foo"))
+      transaction = transaction_with_resource(resource)
+
+      expect(Selinux).to receive(:matchpathcon_fini)
+      expect(Puppet::Util::SELinux).to receive(:selinux_support?).and_return(true)
+
+      transaction.evaluate
+    end
   end
 
   describe 'when checking application run state' do

data/spec/unit/type/exec_spec.rb

@@ -755,6 +755,15 @@ RSpec.describe Puppet::Type.type(:exec) do
           expect(@test.check_all_attributes).to eq(true)
           expect(@logs.shift.message).to eq("test output")
         end
+
+        it "should not emit output to debug if sensitive is true" do
+          Puppet::Util::Log.level = :debug
+          @test[param] = @fail
+          allow(@test.parameters[param]).to receive(:sensitive).and_return(true)
+          expect(@test.check_all_attributes).to eq(true)
+          expect(@logs).not_to include(an_object_having_attributes(level: :debug, message: "test output"))
+          expect(@logs).to include(an_object_having_attributes(level: :debug, message: "[output redacted]"))
+        end
       end
     end
   end

data/spec/unit/type/file/source_spec.rb

@@ -34,11 +34,11 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
     it "should fail if the set values are not URLs" do
       expect(URI).to receive(:parse).with('foo').and_raise(RuntimeError)
 
-      expect(lambda { resource[:source] = %w{foo} }).to raise_error(Puppet::Error)
+      expect { resource[:source] = %w{foo} }.to raise_error(Puppet::Error)
     end
 
     it "should fail if the URI is not a local file, file URI, or puppet URI" do
-      expect(lambda { resource[:source] = %w{ftp://foo/bar} }).to raise_error(Puppet::Error, /Cannot use URLs of type 'ftp' as source for fileserving/)
+      expect { resource[:source] = %w{ftp://foo/bar} }.to raise_error(Puppet::Error, /Cannot use URLs of type 'ftp' as source for fileserving/)
     end
 
     it "should strip trailing forward slashes", :unless => Puppet.features.microsoft_windows? do
@@ -61,11 +61,11 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
     end
 
     it "should reject relative URI sources" do
-      expect(lambda { resource[:source] = 'foo/bar' }).to raise_error(Puppet::Error)
+      expect { resource[:source] = 'foo/bar' }.to raise_error(Puppet::Error)
     end
 
     it "should reject opaque sources" do
-      expect(lambda { resource[:source] = 'mailto:foo@com' }).to raise_error(Puppet::Error)
+      expect { resource[:source] = 'mailto:foo@com' }.to raise_error(Puppet::Error)
     end
 
     it "should accept URI authority component" do

data/spec/unit/type/schedule_spec.rb

@@ -446,7 +446,9 @@ describe Puppet::Type.type(:schedule) do
 
     it "should fail if the periodmatch is 'number'" do
       @schedule[:periodmatch] = :number
-      expect(proc { @schedule[:repeat] = 2 }).to raise_error(Puppet::Error)
+      expect {
+        @schedule[:repeat] = 2
+      }.to raise_error(Puppet::Error)
     end
 
     it "should match if the previous run was further away than the distance divided by the repeat" do

data/spec/unit/type/service_spec.rb

@@ -75,6 +75,13 @@ describe Puppet::Type.type(:service), "when validating attribute values" do
       expect(srv.should(:enable)).to eq(:manual)
     end
 
+    it "should support :delayed as a value on Windows" do
+      allow(Puppet.features).to receive(:microsoft_windows?).and_return(true)
+
+      srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed)
+      expect(srv.should(:enable)).to eq(:delayed)
+    end
+
     it "should not support :manual as a value when not on Windows" do
       allow(Puppet.features).to receive(:microsoft_windows?).and_return(false)
 
@@ -83,6 +90,15 @@ describe Puppet::Type.type(:service), "when validating attribute values" do
         /Setting enable to manual is only supported on Microsoft Windows\./
       )
     end
+
+    it "should not support :delayed as a value when not on Windows" do
+      allow(Puppet.features).to receive(:microsoft_windows?).and_return(false)
+
+      expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed) }.to raise_error(
+        Puppet::Error,
+        /Setting enable to delayed is only supported on Microsoft Windows\./
+      )
+    end
   end
 
   it "should support :true as a value to :hasstatus" do

data/spec/unit/type/user_spec.rb

@@ -323,24 +323,24 @@ describe Puppet::Type.type(:user) do
   end
 
   describe "when managing passwords" do
-    before do
-      @password = described_class.new(:name => 'foo', :password => 'mypass').parameter(:password)
-    end
+    let(:transaction) { Puppet::Transaction.new(Puppet::Resource::Catalog.new, nil, nil) }
+    let(:harness) { Puppet::Transaction::ResourceHarness.new(transaction) }
+    let(:provider) { @provider_class.new(:name => 'foo', :ensure => :present) }
+    let(:resource) { described_class.new(:name => 'foo', :ensure => :present, :password => 'top secret', :provider => provider) }
 
     it "should not include the password in the change log when adding the password" do
-      expect(@password.change_to_s(:absent, "mypass")).not_to be_include("mypass")
+      status = harness.evaluate(resource)
+      sync_event = status.events[0]
+      expect(sync_event.message).not_to include('top secret')
+      expect(sync_event.message).to eql('changed [redacted] to [redacted]')
     end
 
     it "should not include the password in the change log when changing the password" do
-      expect(@password.change_to_s("other", "mypass")).not_to be_include("mypass")
-    end
-
-    it "should redact the password when displaying the old value" do
-      expect(@password.is_to_s("currentpassword")).to match(/^\[old password hash redacted\]$/)
-    end
-
-    it "should redact the password when displaying the new value" do
-      expect(@password.should_to_s("newpassword")).to match(/^\[new password hash redacted\]$/)
+      resource[:password] = 'super extra classified'
+      status = harness.evaluate(resource)
+      sync_event = status.events[0]
+      expect(sync_event.message).not_to include('super extra classified')
+      expect(sync_event.message).to eql('changed [redacted] to [redacted]')
     end
 
     it "should fail if a ':' is included in the password" do

data/spec/unit/type/yumrepo_spec.rb

@@ -329,6 +329,36 @@ describe Puppet::Type.type(:yumrepo) do
 
     describe "proxy_password" do
       it_behaves_like "a yumrepo parameter that can be absent", :proxy_password
+
+      context "for password information in the logs" do
+        let(:transaction) { Puppet::Transaction.new(Puppet::Resource::Catalog.new, nil, nil) }
+        let(:harness) { Puppet::Transaction::ResourceHarness.new(transaction) }
+        let(:provider_class) { described_class.provide(:simple) do
+          mk_resource_methods
+          def create; end
+          def delete; end
+          def exists?; get(:ensure) != :absent; end
+          def flush; end
+          def self.instances; []; end
+        end
+        }
+        let(:provider) { provider_class.new(:name => 'foo', :ensure => :present) }
+        let(:resource) { described_class.new(:name => 'puppetlabs', :proxy_password => 'top secret', :provider => provider) }
+
+        it "redacts on creation" do
+          status = harness.evaluate(resource)
+          sync_event = status.events[0]
+          expect(sync_event.message).to eq 'changed [redacted] to [redacted]'
+        end
+
+        it "redacts on update" do
+          harness.evaluate(resource)
+          resource[:proxy_password] = 'super classified'
+          status = harness.evaluate(resource)
+          sync_event = status.events[0]
+          expect(sync_event.message).to eq 'changed [redacted] to [redacted]'
+        end
+      end
     end
 
     describe "s3_enabled" do