puppet 5.5.16-x64-mingw32 → 5.5.17-x64-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +9 -9
- data/Gemfile.lock +18 -18
- data/ext/project_data.yaml +2 -2
- data/install.rb +3 -21
- data/lib/puppet/application/agent.rb +12 -0
- data/lib/puppet/application/device.rb +4 -4
- data/lib/puppet/application/resource.rb +4 -4
- data/lib/puppet/defaults.rb +4 -0
- data/lib/puppet/face/config.rb +10 -48
- data/lib/puppet/face/facts.rb +1 -1
- data/lib/puppet/face/plugin.rb +9 -2
- data/lib/puppet/module_tool/tar/mini.rb +11 -1
- data/lib/puppet/network/http/factory.rb +1 -11
- data/lib/puppet/parameter.rb +8 -0
- data/lib/puppet/provider/file/posix.rb +5 -0
- data/lib/puppet/provider/nameservice.rb +10 -3
- data/lib/puppet/provider/package/dnf.rb +1 -1
- data/lib/puppet/provider/package/rpm.rb +51 -13
- data/lib/puppet/provider/package/yum.rb +8 -4
- data/lib/puppet/provider/service/launchd.rb +20 -5
- data/lib/puppet/provider/service/systemd.rb +4 -9
- data/lib/puppet/provider/service/windows.rb +8 -0
- data/lib/puppet/provider/user/pw.rb +12 -3
- data/lib/puppet/provider/user/user_role_add.rb +4 -0
- data/lib/puppet/provider/user/useradd.rb +23 -7
- data/lib/puppet/resource.rb +17 -0
- data/lib/puppet/settings.rb +40 -0
- data/lib/puppet/type.rb +7 -0
- data/lib/puppet/type/exec.rb +14 -6
- data/lib/puppet/type/package.rb +10 -0
- data/lib/puppet/type/service.rb +7 -2
- data/lib/puppet/type/user.rb +1 -15
- data/lib/puppet/type/yumrepo.rb +3 -7
- data/lib/puppet/util/execution.rb +4 -3
- data/lib/puppet/util/http_proxy.rb +16 -2
- data/lib/puppet/util/selinux.rb +5 -1
- data/lib/puppet/util/windows/security.rb +2 -0
- data/lib/puppet/util/windows/service.rb +149 -4
- data/lib/puppet/util/windows/sid.rb +1 -0
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +189 -193
- data/man/man5/puppet.conf.5 +10 -2
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-ca.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-cert.8 +1 -1
- data/man/man8/puppet-certificate.8 +1 -1
- data/man/man8/puppet-certificate_request.8 +1 -1
- data/man/man8/puppet-certificate_revocation_list.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-master.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/integration/provider/service/systemd_spec.rb +8 -5
- data/spec/integration/type/file_spec.rb +28 -0
- data/spec/integration/util/execution_spec.rb +27 -0
- data/spec/unit/application/agent_spec.rb +18 -0
- data/spec/unit/application/device_spec.rb +1 -1
- data/spec/unit/face/facts_spec.rb +9 -0
- data/spec/unit/face/plugin_spec.rb +8 -0
- data/spec/unit/module_tool/tar/mini_spec.rb +1 -1
- data/spec/unit/network/http/api/indirected_routes_spec.rb +26 -10
- data/spec/unit/network/http/factory_spec.rb +27 -5
- data/spec/unit/pops/validator/validator_spec.rb +7 -0
- data/spec/unit/provider/package/aptrpm_spec.rb +1 -1
- data/spec/unit/provider/package/dnf_spec.rb +7 -0
- data/spec/unit/provider/package/rpm_spec.rb +150 -16
- data/spec/unit/provider/package/yum_spec.rb +7 -0
- data/spec/unit/provider/service/launchd_spec.rb +28 -0
- data/spec/unit/provider/service/windows_spec.rb +20 -0
- data/spec/unit/provider/user/pw_spec.rb +37 -0
- data/spec/unit/provider/user/useradd_spec.rb +42 -0
- data/spec/unit/resource_spec.rb +26 -1
- data/spec/unit/transaction_spec.rb +18 -0
- data/spec/unit/type/exec_spec.rb +9 -0
- data/spec/unit/type/file/source_spec.rb +4 -4
- data/spec/unit/type/schedule_spec.rb +3 -1
- data/spec/unit/type/service_spec.rb +16 -0
- data/spec/unit/type/user_spec.rb +13 -13
- data/spec/unit/type/yumrepo_spec.rb +30 -0
- data/spec/unit/type_spec.rb +40 -0
- data/spec/unit/util/http_proxy_spec.rb +24 -1
- data/spec/unit/util/log_spec.rb +27 -1
- data/spec/unit/util/windows/service_spec.rb +9 -0
- metadata +5 -9
- data/ext/windows/eventlog/Rakefile +0 -32
- data/ext/windows/eventlog/puppetres.dll +0 -0
- data/ext/windows/eventlog/puppetres.mc +0 -18
| @@ -23,6 +23,13 @@ describe Puppet::Type.type(:package).provider(:yum) do | |
| 23 23 |  | 
| 24 24 | 
             
                before { allow(described_class).to receive(:command).with(:cmd).and_return("/usr/bin/yum") }
         | 
| 25 25 |  | 
| 26 | 
            +
              describe 'provider features' do
         | 
| 27 | 
            +
                it { is_expected.to be_versionable }
         | 
| 28 | 
            +
                it { is_expected.to be_install_options }
         | 
| 29 | 
            +
                it { is_expected.to be_virtual_packages }
         | 
| 30 | 
            +
                it { is_expected.to be_install_only }
         | 
| 31 | 
            +
              end
         | 
| 32 | 
            +
             | 
| 26 33 | 
             
                context "when installing" do
         | 
| 27 34 | 
             
                  it "should use the supplied source as the explicit path to a package to install" do
         | 
| 28 35 | 
             
                    resource[:ensure] = :present
         | 
| @@ -125,6 +125,8 @@ describe Puppet::Type.type(:service).provider(:launchd) do | |
| 125 125 | 
             
              end
         | 
| 126 126 |  | 
| 127 127 | 
             
              describe "when starting the service" do
         | 
| 128 | 
            +
                let(:services) { "12345 0 #{joblabel}"  }
         | 
| 129 | 
            +
             | 
| 128 130 | 
             
                it "should call any explicit 'start' command" do
         | 
| 129 131 | 
             
                  resource[:start] = "/bin/false"
         | 
| 130 132 | 
             
                  expect(subject).to receive(:texecute).with(:start, ["/bin/false"], true)
         | 
| @@ -132,6 +134,7 @@ describe Puppet::Type.type(:service).provider(:launchd) do | |
| 132 134 | 
             
                end
         | 
| 133 135 |  | 
| 134 136 | 
             
                it "should look for the relevant plist once" do
         | 
| 137 | 
            +
                  allow(provider).to receive(:launchctl).with(:list).and_return(services)
         | 
| 135 138 | 
             
                  expect(subject).to receive(:plist_from_label).and_return([joblabel, {}]).once
         | 
| 136 139 | 
             
                  expect(subject).to receive(:enabled?).and_return(:true)
         | 
| 137 140 | 
             
                  expect(subject).to receive(:execute).with([:launchctl, :load, "-w", joblabel])
         | 
| @@ -139,6 +142,7 @@ describe Puppet::Type.type(:service).provider(:launchd) do | |
| 139 142 | 
             
                end
         | 
| 140 143 |  | 
| 141 144 | 
             
                it "should execute 'launchctl load' once without writing to the plist if the job is enabled" do
         | 
| 145 | 
            +
                  allow(provider).to receive(:launchctl).with(:list).and_return(services)
         | 
| 142 146 | 
             
                  expect(subject).to receive(:plist_from_label).and_return([joblabel, {}])
         | 
| 143 147 | 
             
                  expect(subject).to receive(:enabled?).and_return(:true)
         | 
| 144 148 | 
             
                  expect(subject).to receive(:execute).with([:launchctl, :load, "-w", joblabel]).once
         | 
| @@ -242,6 +246,30 @@ describe Puppet::Type.type(:service).provider(:launchd) do | |
| 242 246 | 
             
                end
         | 
| 243 247 | 
             
              end
         | 
| 244 248 |  | 
| 249 | 
            +
              describe "when a service is unavailable" do
         | 
| 250 | 
            +
                let(:map) { {"some.random.job" => "/path/to/job.plist"} }
         | 
| 251 | 
            +
                
         | 
| 252 | 
            +
                before :each do
         | 
| 253 | 
            +
                  allow(provider).to receive(:make_label_to_path_map).and_return(map)
         | 
| 254 | 
            +
                end
         | 
| 255 | 
            +
             | 
| 256 | 
            +
                it "should fail when searching for the unavailable service" do
         | 
| 257 | 
            +
                  expect { provider.jobsearch("NOSUCH") }.to raise_error(Puppet::Error)
         | 
| 258 | 
            +
                end
         | 
| 259 | 
            +
             | 
| 260 | 
            +
                it "should return false when enabling the service" do
         | 
| 261 | 
            +
                  expect(subject.enabled?).to eq(:false)
         | 
| 262 | 
            +
                end
         | 
| 263 | 
            +
             | 
| 264 | 
            +
                it "should fail when starting the service" do
         | 
| 265 | 
            +
                  expect { subject.start }.to raise_error(Puppet::Error)
         | 
| 266 | 
            +
                end
         | 
| 267 | 
            +
             | 
| 268 | 
            +
                it "should fail when starting the service" do
         | 
| 269 | 
            +
                  expect { subject.stop }.to raise_error(Puppet::Error)
         | 
| 270 | 
            +
                end
         | 
| 271 | 
            +
              end
         | 
| 272 | 
            +
             | 
| 245 273 | 
             
              [[10, "10.6"], [13, "10.9"]].each do |kernel, version|
         | 
| 246 274 | 
             
                describe "when enabling the service on OS X #{version}" do
         | 
| 247 275 | 
             
                  it "should write to the global launchd overrides file once" do
         | 
| @@ -148,6 +148,11 @@ describe Puppet::Type.type(:service).provider(:windows), :if => Puppet.features. | |
| 148 148 | 
             
                  expect(provider.enabled?).to eq(:manual)
         | 
| 149 149 | 
             
                end
         | 
| 150 150 |  | 
| 151 | 
            +
                it "should report a service with a startup type of delayed as delayed" do
         | 
| 152 | 
            +
                  expect(service_util).to receive(:service_start_type).with(name).and_return(:SERVICE_DELAYED_AUTO_START)
         | 
| 153 | 
            +
                  expect(provider.enabled?).to eq(:delayed)
         | 
| 154 | 
            +
                end
         | 
| 155 | 
            +
             | 
| 151 156 | 
             
                it "should report a service with a startup type of disabled as false" do
         | 
| 152 157 | 
             
                  expect(service_util).to receive(:service_start_type).with(name).and_return(:SERVICE_DISABLED)
         | 
| 153 158 | 
             
                  expect(provider.enabled?).to eq(:false)
         | 
| @@ -213,4 +218,19 @@ describe Puppet::Type.type(:service).provider(:windows), :if => Puppet.features. | |
| 213 218 | 
             
                  }.to raise_error(Puppet::Error, /Cannot enable #{name}/)
         | 
| 214 219 | 
             
                end
         | 
| 215 220 | 
             
              end
         | 
| 221 | 
            +
             | 
| 222 | 
            +
              describe "#delayed_start" do
         | 
| 223 | 
            +
                it "should set service start type to Service_Config_Delayed_Auto_Start (delayed) when delayed" do
         | 
| 224 | 
            +
                  expect(service_util).to receive(:set_startup_mode).with(name, :SERVICE_AUTO_START, true)
         | 
| 225 | 
            +
                  provider.delayed_start
         | 
| 226 | 
            +
                end
         | 
| 227 | 
            +
             | 
| 228 | 
            +
                it "raises an error if set_startup_mode fails" do
         | 
| 229 | 
            +
                  expect(service_util).to receive(:set_startup_mode).with(name, :SERVICE_AUTO_START, true).and_raise(Puppet::Error.new('foobar'))
         | 
| 230 | 
            +
             | 
| 231 | 
            +
                  expect {
         | 
| 232 | 
            +
                    provider.delayed_start
         | 
| 233 | 
            +
                  }.to raise_error(Puppet::Error, /Cannot enable #{name}/)
         | 
| 234 | 
            +
                end
         | 
| 235 | 
            +
              end
         | 
| 216 236 | 
             
            end
         | 
| @@ -1,4 +1,5 @@ | |
| 1 1 | 
             
            require 'spec_helper'
         | 
| 2 | 
            +
            require 'open3'
         | 
| 2 3 |  | 
| 3 4 | 
             
            RSpec::Matchers.define_negated_matcher :excluding, :include
         | 
| 4 5 |  | 
| @@ -81,6 +82,23 @@ describe Puppet::Type.type(:user).provider(:pw) do | |
| 81 82 | 
             
                  provider.create
         | 
| 82 83 | 
             
                end
         | 
| 83 84 |  | 
| 85 | 
            +
                it "should call execute with sensitive true when the password property is set" do
         | 
| 86 | 
            +
                  Puppet::Util::Log.level = :debug
         | 
| 87 | 
            +
                  resource[:password] = "abc123"
         | 
| 88 | 
            +
                  expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
         | 
| 89 | 
            +
                  popen = double("popen", :puts => nil, :close => nil)
         | 
| 90 | 
            +
                  expect(Open3).to receive(:popen3).and_return(popen)
         | 
| 91 | 
            +
                  expect(popen).to receive(:puts).with("abc123")
         | 
| 92 | 
            +
                  provider.create
         | 
| 93 | 
            +
                  expect(@logs).not_to be_any {|log| log.level == :debug and log.message =~ /abc123/}
         | 
| 94 | 
            +
                end
         | 
| 95 | 
            +
             | 
| 96 | 
            +
                it "should call execute with sensitive false when a non-sensitive property is set" do
         | 
| 97 | 
            +
                  resource[:managehome] = true
         | 
| 98 | 
            +
                  expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
         | 
| 99 | 
            +
                  provider.create
         | 
| 100 | 
            +
                end
         | 
| 101 | 
            +
             | 
| 84 102 | 
             
                it "should use -s with the correct argument when the shell property is set" do
         | 
| 85 103 | 
             
                  resource[:shell] = "/bin/sh"
         | 
| 86 104 | 
             
                  expect(provider).to receive(:execute).with(include("-s").and(include("/bin/sh")), kind_of(Hash))
         | 
| @@ -209,5 +227,24 @@ describe Puppet::Type.type(:user).provider(:pw) do | |
| 209 227 | 
             
                  expect(provider).to receive(:execute).with(include("-u").and(include(54321)), hash_including(custom_environment: {}))
         | 
| 210 228 | 
             
                  provider.uid = 54321
         | 
| 211 229 | 
             
                end
         | 
| 230 | 
            +
             | 
| 231 | 
            +
                it "should print a debug message with sensitive data redacted when the password property is set" do
         | 
| 232 | 
            +
                  Puppet::Util::Log.level = :debug
         | 
| 233 | 
            +
                  resource[:password] = "*"
         | 
| 234 | 
            +
                  popen = double("popen", :puts => nil, :close => nil)
         | 
| 235 | 
            +
                  expect(Open3).to receive(:popen3).and_return(popen)
         | 
| 236 | 
            +
                  expect(popen).to receive(:puts).with("abc123")
         | 
| 237 | 
            +
                  provider.password = "abc123"
         | 
| 238 | 
            +
             | 
| 239 | 
            +
                  expect(@logs).not_to be_any {|log| log.level == :debug and log.message =~ /abc123/}
         | 
| 240 | 
            +
                 end
         | 
| 241 | 
            +
             | 
| 242 | 
            +
                it "should call execute with sensitive false when a non-sensitive property is set" do
         | 
| 243 | 
            +
                  Puppet::Util::Log.level = :debug
         | 
| 244 | 
            +
                  resource[:home] = "/home/testuser"
         | 
| 245 | 
            +
                  resource[:managehome] = true
         | 
| 246 | 
            +
                  expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
         | 
| 247 | 
            +
                  provider.home = "/newhome/testuser"
         | 
| 248 | 
            +
                end
         | 
| 212 249 | 
             
              end
         | 
| 213 250 | 
             
            end
         | 
| @@ -44,6 +44,27 @@ describe Puppet::Type.type(:user).provider(:useradd) do | |
| 44 44 | 
             
                  allow(provider).to receive(:exists?).and_return(false)
         | 
| 45 45 | 
             
                end
         | 
| 46 46 |  | 
| 47 | 
            +
                it "should not redact the command from debug logs if there is no password" do
         | 
| 48 | 
            +
                  described_class.has_feature :manages_passwords
         | 
| 49 | 
            +
                  resource[:ensure] = :present
         | 
| 50 | 
            +
                  expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
         | 
| 51 | 
            +
                  provider.create
         | 
| 52 | 
            +
                end
         | 
| 53 | 
            +
             | 
| 54 | 
            +
                it "should redact the command from debug logs if there is a password" do
         | 
| 55 | 
            +
                  described_class.has_feature :manages_passwords
         | 
| 56 | 
            +
                  resource2 = Puppet::Type.type(:user).new(
         | 
| 57 | 
            +
                    :name       => 'myuser',
         | 
| 58 | 
            +
                    :password   => 'a pass word',
         | 
| 59 | 
            +
                    :managehome => :false,
         | 
| 60 | 
            +
                    :system     => :false,
         | 
| 61 | 
            +
                    :provider   => provider,
         | 
| 62 | 
            +
                  )
         | 
| 63 | 
            +
                  resource2[:ensure] = :present
         | 
| 64 | 
            +
                  expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
         | 
| 65 | 
            +
                  provider.create
         | 
| 66 | 
            +
                end
         | 
| 67 | 
            +
             | 
| 47 68 | 
             
                it "should add -g when no gid is specified and group already exists" do
         | 
| 48 69 | 
             
                  allow(Puppet::Util).to receive(:gid).and_return(true)
         | 
| 49 70 | 
             
                  resource[:ensure] = :present
         | 
| @@ -165,6 +186,27 @@ describe Puppet::Type.type(:user).provider(:useradd) do | |
| 165 186 | 
             
                end
         | 
| 166 187 | 
             
              end
         | 
| 167 188 |  | 
| 189 | 
            +
              describe 'when modifying the password' do
         | 
| 190 | 
            +
                before do
         | 
| 191 | 
            +
                  described_class.has_feature :libuser
         | 
| 192 | 
            +
                  described_class.has_feature :manages_passwords
         | 
| 193 | 
            +
                  #Setting any resource value here initializes needed variables and methods in the resource and provider
         | 
| 194 | 
            +
                  #Setting a password value here initializes the existence and management of the password parameter itself
         | 
| 195 | 
            +
                  #Otherwise, this value would not need to be initialized for the test
         | 
| 196 | 
            +
                  resource[:password] = ''
         | 
| 197 | 
            +
                end
         | 
| 198 | 
            +
             | 
| 199 | 
            +
                it "should not call execute with sensitive if non-sensitive data is changed" do
         | 
| 200 | 
            +
                  expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
         | 
| 201 | 
            +
                  provider.home = 'foo/bar'
         | 
| 202 | 
            +
                end
         | 
| 203 | 
            +
             | 
| 204 | 
            +
                it "should call execute with sensitive if sensitive data is changed" do
         | 
| 205 | 
            +
                  expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
         | 
| 206 | 
            +
                  provider.password = 'bird bird bird'
         | 
| 207 | 
            +
                end
         | 
| 208 | 
            +
              end
         | 
| 209 | 
            +
             | 
| 168 210 | 
             
              describe '#modify' do
         | 
| 169 211 | 
             
                describe "on systems with the libuser and forcelocal=false" do
         | 
| 170 212 | 
             
                  before do
         | 
    
        data/spec/unit/resource_spec.rb
    CHANGED
    
    | @@ -747,7 +747,8 @@ describe Puppet::Resource do | |
| 747 747 | 
             
                  @resource = Puppet::Resource.new("one::two", "/my/file",
         | 
| 748 748 | 
             
                    :parameters => {
         | 
| 749 749 | 
             
                      :noop => true,
         | 
| 750 | 
            -
                      :foo =>  | 
| 750 | 
            +
                      :foo => [:one, "two"],
         | 
| 751 | 
            +
                      :bar => 'a\'b',
         | 
| 751 752 | 
             
                      :ensure => 'present',
         | 
| 752 753 | 
             
                    }
         | 
| 753 754 | 
             
                  )
         | 
| @@ -757,10 +758,34 @@ describe Puppet::Resource do | |
| 757 758 | 
             
                  expect(@resource.to_hierayaml).to eq <<-HEREDOC.gsub(/^\s{8}/, '')
         | 
| 758 759 | 
             
                      /my/file:
         | 
| 759 760 | 
             
                        ensure: 'present'
         | 
| 761 | 
            +
                        bar   : 'a\\'b'
         | 
| 760 762 | 
             
                        foo   : ['one', 'two']
         | 
| 761 763 | 
             
                        noop  : true
         | 
| 762 764 | 
             
                  HEREDOC
         | 
| 763 765 | 
             
                end
         | 
| 766 | 
            +
             | 
| 767 | 
            +
                it "should convert some types to String" do
         | 
| 768 | 
            +
                  expect(@resource.to_hiera_hash).to eq(
         | 
| 769 | 
            +
                    "/my/file" => {
         | 
| 770 | 
            +
                      'ensure' => "present",
         | 
| 771 | 
            +
                      'bar'    => "a'b",
         | 
| 772 | 
            +
                      'foo'    => ["one", "two"],
         | 
| 773 | 
            +
                      'noop'   => true
         | 
| 774 | 
            +
                    }
         | 
| 775 | 
            +
                  )
         | 
| 776 | 
            +
                end
         | 
| 777 | 
            +
             | 
| 778 | 
            +
                it "accepts symbolic titles" do
         | 
| 779 | 
            +
                  res = Puppet::Resource.new(:file, "/my/file", :parameters => { 'ensure' => "present" })
         | 
| 780 | 
            +
             | 
| 781 | 
            +
                  expect(res.to_hiera_hash.keys).to eq(["/my/file"])
         | 
| 782 | 
            +
                end
         | 
| 783 | 
            +
             | 
| 784 | 
            +
                it "emits an empty parameters hash" do
         | 
| 785 | 
            +
                  res = Puppet::Resource.new(:file, "/my/file")
         | 
| 786 | 
            +
             | 
| 787 | 
            +
                  expect(res.to_hiera_hash).to eq({"/my/file" => {}})
         | 
| 788 | 
            +
                end
         | 
| 764 789 | 
             
              end
         | 
| 765 790 | 
             
              describe "when converting to json" do
         | 
| 766 791 | 
             
                # LAK:NOTE For all of these tests, we convert back to the resource so we can
         | 
| @@ -778,6 +778,24 @@ describe Puppet::Transaction do | |
| 778 778 |  | 
| 779 779 | 
             
                  transaction.evaluate
         | 
| 780 780 | 
             
                end
         | 
| 781 | 
            +
             | 
| 782 | 
            +
                it "should call Selinux.matchpathcon_fini in case Selinux is enabled ", :if => Puppet.features.posix? do
         | 
| 783 | 
            +
                  unless defined?(Selinux)
         | 
| 784 | 
            +
                    module Selinux
         | 
| 785 | 
            +
                      def self.is_selinux_enabled
         | 
| 786 | 
            +
                        true
         | 
| 787 | 
            +
                      end
         | 
| 788 | 
            +
                    end
         | 
| 789 | 
            +
                  end
         | 
| 790 | 
            +
             | 
| 791 | 
            +
                  resource = Puppet::Type.type(:file).new(:path => make_absolute("/tmp/foo"))
         | 
| 792 | 
            +
                  transaction = transaction_with_resource(resource)
         | 
| 793 | 
            +
             | 
| 794 | 
            +
                  expect(Selinux).to receive(:matchpathcon_fini)
         | 
| 795 | 
            +
                  expect(Puppet::Util::SELinux).to receive(:selinux_support?).and_return(true)
         | 
| 796 | 
            +
             | 
| 797 | 
            +
                  transaction.evaluate
         | 
| 798 | 
            +
                end
         | 
| 781 799 | 
             
              end
         | 
| 782 800 |  | 
| 783 801 | 
             
              describe 'when checking application run state' do
         | 
    
        data/spec/unit/type/exec_spec.rb
    CHANGED
    
    | @@ -755,6 +755,15 @@ RSpec.describe Puppet::Type.type(:exec) do | |
| 755 755 | 
             
                      expect(@test.check_all_attributes).to eq(true)
         | 
| 756 756 | 
             
                      expect(@logs.shift.message).to eq("test output")
         | 
| 757 757 | 
             
                    end
         | 
| 758 | 
            +
             | 
| 759 | 
            +
                    it "should not emit output to debug if sensitive is true" do
         | 
| 760 | 
            +
                      Puppet::Util::Log.level = :debug
         | 
| 761 | 
            +
                      @test[param] = @fail
         | 
| 762 | 
            +
                      allow(@test.parameters[param]).to receive(:sensitive).and_return(true)
         | 
| 763 | 
            +
                      expect(@test.check_all_attributes).to eq(true)
         | 
| 764 | 
            +
                      expect(@logs).not_to include(an_object_having_attributes(level: :debug, message: "test output"))
         | 
| 765 | 
            +
                      expect(@logs).to include(an_object_having_attributes(level: :debug, message: "[output redacted]"))
         | 
| 766 | 
            +
                    end
         | 
| 758 767 | 
             
                  end
         | 
| 759 768 | 
             
                end
         | 
| 760 769 | 
             
              end
         | 
| @@ -34,11 +34,11 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do | |
| 34 34 | 
             
                it "should fail if the set values are not URLs" do
         | 
| 35 35 | 
             
                  expect(URI).to receive(:parse).with('foo').and_raise(RuntimeError)
         | 
| 36 36 |  | 
| 37 | 
            -
                  expect | 
| 37 | 
            +
                  expect { resource[:source] = %w{foo} }.to raise_error(Puppet::Error)
         | 
| 38 38 | 
             
                end
         | 
| 39 39 |  | 
| 40 40 | 
             
                it "should fail if the URI is not a local file, file URI, or puppet URI" do
         | 
| 41 | 
            -
                  expect | 
| 41 | 
            +
                  expect { resource[:source] = %w{ftp://foo/bar} }.to raise_error(Puppet::Error, /Cannot use URLs of type 'ftp' as source for fileserving/)
         | 
| 42 42 | 
             
                end
         | 
| 43 43 |  | 
| 44 44 | 
             
                it "should strip trailing forward slashes", :unless => Puppet.features.microsoft_windows? do
         | 
| @@ -61,11 +61,11 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do | |
| 61 61 | 
             
                end
         | 
| 62 62 |  | 
| 63 63 | 
             
                it "should reject relative URI sources" do
         | 
| 64 | 
            -
                  expect | 
| 64 | 
            +
                  expect { resource[:source] = 'foo/bar' }.to raise_error(Puppet::Error)
         | 
| 65 65 | 
             
                end
         | 
| 66 66 |  | 
| 67 67 | 
             
                it "should reject opaque sources" do
         | 
| 68 | 
            -
                  expect | 
| 68 | 
            +
                  expect { resource[:source] = 'mailto:foo@com' }.to raise_error(Puppet::Error)
         | 
| 69 69 | 
             
                end
         | 
| 70 70 |  | 
| 71 71 | 
             
                it "should accept URI authority component" do
         | 
| @@ -446,7 +446,9 @@ describe Puppet::Type.type(:schedule) do | |
| 446 446 |  | 
| 447 447 | 
             
                it "should fail if the periodmatch is 'number'" do
         | 
| 448 448 | 
             
                  @schedule[:periodmatch] = :number
         | 
| 449 | 
            -
                  expect | 
| 449 | 
            +
                  expect {
         | 
| 450 | 
            +
                    @schedule[:repeat] = 2
         | 
| 451 | 
            +
                  }.to raise_error(Puppet::Error)
         | 
| 450 452 | 
             
                end
         | 
| 451 453 |  | 
| 452 454 | 
             
                it "should match if the previous run was further away than the distance divided by the repeat" do
         | 
| @@ -75,6 +75,13 @@ describe Puppet::Type.type(:service), "when validating attribute values" do | |
| 75 75 | 
             
                  expect(srv.should(:enable)).to eq(:manual)
         | 
| 76 76 | 
             
                end
         | 
| 77 77 |  | 
| 78 | 
            +
                it "should support :delayed as a value on Windows" do
         | 
| 79 | 
            +
                  allow(Puppet.features).to receive(:microsoft_windows?).and_return(true)
         | 
| 80 | 
            +
             | 
| 81 | 
            +
                  srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed)
         | 
| 82 | 
            +
                  expect(srv.should(:enable)).to eq(:delayed)
         | 
| 83 | 
            +
                end
         | 
| 84 | 
            +
             | 
| 78 85 | 
             
                it "should not support :manual as a value when not on Windows" do
         | 
| 79 86 | 
             
                  allow(Puppet.features).to receive(:microsoft_windows?).and_return(false)
         | 
| 80 87 |  | 
| @@ -83,6 +90,15 @@ describe Puppet::Type.type(:service), "when validating attribute values" do | |
| 83 90 | 
             
                    /Setting enable to manual is only supported on Microsoft Windows\./
         | 
| 84 91 | 
             
                  )
         | 
| 85 92 | 
             
                end
         | 
| 93 | 
            +
             | 
| 94 | 
            +
                it "should not support :delayed as a value when not on Windows" do
         | 
| 95 | 
            +
                  allow(Puppet.features).to receive(:microsoft_windows?).and_return(false)
         | 
| 96 | 
            +
             | 
| 97 | 
            +
                  expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed) }.to raise_error(
         | 
| 98 | 
            +
                    Puppet::Error,
         | 
| 99 | 
            +
                    /Setting enable to delayed is only supported on Microsoft Windows\./
         | 
| 100 | 
            +
                  )
         | 
| 101 | 
            +
                end
         | 
| 86 102 | 
             
              end
         | 
| 87 103 |  | 
| 88 104 | 
             
              it "should support :true as a value to :hasstatus" do
         | 
    
        data/spec/unit/type/user_spec.rb
    CHANGED
    
    | @@ -323,24 +323,24 @@ describe Puppet::Type.type(:user) do | |
| 323 323 | 
             
              end
         | 
| 324 324 |  | 
| 325 325 | 
             
              describe "when managing passwords" do
         | 
| 326 | 
            -
                 | 
| 327 | 
            -
             | 
| 328 | 
            -
                 | 
| 326 | 
            +
                let(:transaction) { Puppet::Transaction.new(Puppet::Resource::Catalog.new, nil, nil) }
         | 
| 327 | 
            +
                let(:harness) { Puppet::Transaction::ResourceHarness.new(transaction) }
         | 
| 328 | 
            +
                let(:provider) { @provider_class.new(:name => 'foo', :ensure => :present) }
         | 
| 329 | 
            +
                let(:resource) { described_class.new(:name => 'foo', :ensure => :present, :password => 'top secret', :provider => provider) }
         | 
| 329 330 |  | 
| 330 331 | 
             
                it "should not include the password in the change log when adding the password" do
         | 
| 331 | 
            -
                   | 
| 332 | 
            +
                  status = harness.evaluate(resource)
         | 
| 333 | 
            +
                  sync_event = status.events[0]
         | 
| 334 | 
            +
                  expect(sync_event.message).not_to include('top secret')
         | 
| 335 | 
            +
                  expect(sync_event.message).to eql('changed [redacted] to [redacted]')
         | 
| 332 336 | 
             
                end
         | 
| 333 337 |  | 
| 334 338 | 
             
                it "should not include the password in the change log when changing the password" do
         | 
| 335 | 
            -
                   | 
| 336 | 
            -
             | 
| 337 | 
            -
             | 
| 338 | 
            -
             | 
| 339 | 
            -
                  expect( | 
| 340 | 
            -
                end
         | 
| 341 | 
            -
             | 
| 342 | 
            -
                it "should redact the password when displaying the new value" do
         | 
| 343 | 
            -
                  expect(@password.should_to_s("newpassword")).to match(/^\[new password hash redacted\]$/)
         | 
| 339 | 
            +
                  resource[:password] = 'super extra classified'
         | 
| 340 | 
            +
                  status = harness.evaluate(resource)
         | 
| 341 | 
            +
                  sync_event = status.events[0]
         | 
| 342 | 
            +
                  expect(sync_event.message).not_to include('super extra classified')
         | 
| 343 | 
            +
                  expect(sync_event.message).to eql('changed [redacted] to [redacted]')
         | 
| 344 344 | 
             
                end
         | 
| 345 345 |  | 
| 346 346 | 
             
                it "should fail if a ':' is included in the password" do
         | 
| @@ -329,6 +329,36 @@ describe Puppet::Type.type(:yumrepo) do | |
| 329 329 |  | 
| 330 330 | 
             
                describe "proxy_password" do
         | 
| 331 331 | 
             
                  it_behaves_like "a yumrepo parameter that can be absent", :proxy_password
         | 
| 332 | 
            +
             | 
| 333 | 
            +
                  context "for password information in the logs" do
         | 
| 334 | 
            +
                    let(:transaction) { Puppet::Transaction.new(Puppet::Resource::Catalog.new, nil, nil) }
         | 
| 335 | 
            +
                    let(:harness) { Puppet::Transaction::ResourceHarness.new(transaction) }
         | 
| 336 | 
            +
                    let(:provider_class) { described_class.provide(:simple) do
         | 
| 337 | 
            +
                      mk_resource_methods
         | 
| 338 | 
            +
                      def create; end
         | 
| 339 | 
            +
                      def delete; end
         | 
| 340 | 
            +
                      def exists?; get(:ensure) != :absent; end
         | 
| 341 | 
            +
                      def flush; end
         | 
| 342 | 
            +
                      def self.instances; []; end
         | 
| 343 | 
            +
                    end
         | 
| 344 | 
            +
                    }
         | 
| 345 | 
            +
                    let(:provider) { provider_class.new(:name => 'foo', :ensure => :present) }
         | 
| 346 | 
            +
                    let(:resource) { described_class.new(:name => 'puppetlabs', :proxy_password => 'top secret', :provider => provider) }
         | 
| 347 | 
            +
             | 
| 348 | 
            +
                    it "redacts on creation" do
         | 
| 349 | 
            +
                      status = harness.evaluate(resource)
         | 
| 350 | 
            +
                      sync_event = status.events[0]
         | 
| 351 | 
            +
                      expect(sync_event.message).to eq 'changed [redacted] to [redacted]'
         | 
| 352 | 
            +
                    end
         | 
| 353 | 
            +
             | 
| 354 | 
            +
                    it "redacts on update" do
         | 
| 355 | 
            +
                      harness.evaluate(resource)
         | 
| 356 | 
            +
                      resource[:proxy_password] = 'super classified'
         | 
| 357 | 
            +
                      status = harness.evaluate(resource)
         | 
| 358 | 
            +
                      sync_event = status.events[0]
         | 
| 359 | 
            +
                      expect(sync_event.message).to eq 'changed [redacted] to [redacted]'
         | 
| 360 | 
            +
                    end
         | 
| 361 | 
            +
                  end
         | 
| 332 362 | 
             
                end
         | 
| 333 363 |  | 
| 334 364 | 
             
                describe "s3_enabled" do
         | 
    
        data/spec/unit/type_spec.rb
    CHANGED
    
    | @@ -735,6 +735,46 @@ describe Puppet::Type, :unless => Puppet.features.microsoft_windows? do | |
| 735 735 | 
             
                end
         | 
| 736 736 | 
             
              end
         | 
| 737 737 |  | 
| 738 | 
            +
              describe "#set_sensitive_parameters" do
         | 
| 739 | 
            +
                let(:sensitive_type) do
         | 
| 740 | 
            +
                  Puppet::Type.newtype(:sensitive_test) do
         | 
| 741 | 
            +
                    newparam(:name) { isnamevar }
         | 
| 742 | 
            +
                    newproperty(:secret) do
         | 
| 743 | 
            +
                      newvalues(/.*/)
         | 
| 744 | 
            +
                      sensitive true
         | 
| 745 | 
            +
                    end
         | 
| 746 | 
            +
                    newproperty(:transparency) do
         | 
| 747 | 
            +
                      newvalues(/.*/)
         | 
| 748 | 
            +
                      sensitive false
         | 
| 749 | 
            +
                    end
         | 
| 750 | 
            +
                    newproperty(:things) { newvalues(/.*/) }
         | 
| 751 | 
            +
                  end
         | 
| 752 | 
            +
                end
         | 
| 753 | 
            +
             | 
| 754 | 
            +
                it "should mark properties as sensitive" do
         | 
| 755 | 
            +
                  resource = sensitive_type.new(:name => 'foo', :secret => 'uber classified')
         | 
| 756 | 
            +
                  expect(resource.parameters[:secret].sensitive).to be true
         | 
| 757 | 
            +
                end
         | 
| 758 | 
            +
             | 
| 759 | 
            +
                it "should not have a sensitive flag when not set" do
         | 
| 760 | 
            +
                  resource = sensitive_type.new(:name => 'foo', :things => '1337')
         | 
| 761 | 
            +
                  expect(resource.parameters[:things].sensitive).to be_nil
         | 
| 762 | 
            +
                end
         | 
| 763 | 
            +
             | 
| 764 | 
            +
                it "should define things as not sensitive" do
         | 
| 765 | 
            +
                  resource = sensitive_type.new(:name => 'foo', :transparency => 'public knowledge')
         | 
| 766 | 
            +
                  expect(resource.parameters[:transparency].sensitive).to be false
         | 
| 767 | 
            +
                end
         | 
| 768 | 
            +
             | 
| 769 | 
            +
                it "should honor when sensitivity is set in a manifest" do
         | 
| 770 | 
            +
                  resource = sensitive_type.new(:name => 'foo',
         | 
| 771 | 
            +
                                                :transparency => Puppet::Pops::Types::PSensitiveType::Sensitive.new('top secret'),
         | 
| 772 | 
            +
                                                :sensitive_parameters => [:transparency]
         | 
| 773 | 
            +
                                                )
         | 
| 774 | 
            +
                  expect(resource.parameters[:transparency].sensitive).to be true
         | 
| 775 | 
            +
                end
         | 
| 776 | 
            +
              end
         | 
| 777 | 
            +
             | 
| 738 778 | 
             
              describe "when #finish is called on a type" do
         | 
| 739 779 | 
             
                let(:post_hook_type) do
         | 
| 740 780 | 
             
                  Puppet::Type.newtype(:finish_test) do
         |