puppet 5.5.16-x86-mingw32 → 5.5.17-x86-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (108) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +9 -9
  3. data/Gemfile.lock +18 -18
  4. data/ext/project_data.yaml +2 -2
  5. data/install.rb +3 -21
  6. data/lib/puppet/application/agent.rb +12 -0
  7. data/lib/puppet/application/device.rb +4 -4
  8. data/lib/puppet/application/resource.rb +4 -4
  9. data/lib/puppet/defaults.rb +4 -0
  10. data/lib/puppet/face/config.rb +10 -48
  11. data/lib/puppet/face/facts.rb +1 -1
  12. data/lib/puppet/face/plugin.rb +9 -2
  13. data/lib/puppet/module_tool/tar/mini.rb +11 -1
  14. data/lib/puppet/network/http/factory.rb +1 -11
  15. data/lib/puppet/parameter.rb +8 -0
  16. data/lib/puppet/provider/file/posix.rb +5 -0
  17. data/lib/puppet/provider/nameservice.rb +10 -3
  18. data/lib/puppet/provider/package/dnf.rb +1 -1
  19. data/lib/puppet/provider/package/rpm.rb +51 -13
  20. data/lib/puppet/provider/package/yum.rb +8 -4
  21. data/lib/puppet/provider/service/launchd.rb +20 -5
  22. data/lib/puppet/provider/service/systemd.rb +4 -9
  23. data/lib/puppet/provider/service/windows.rb +8 -0
  24. data/lib/puppet/provider/user/pw.rb +12 -3
  25. data/lib/puppet/provider/user/user_role_add.rb +4 -0
  26. data/lib/puppet/provider/user/useradd.rb +23 -7
  27. data/lib/puppet/resource.rb +17 -0
  28. data/lib/puppet/settings.rb +40 -0
  29. data/lib/puppet/type.rb +7 -0
  30. data/lib/puppet/type/exec.rb +14 -6
  31. data/lib/puppet/type/package.rb +10 -0
  32. data/lib/puppet/type/service.rb +7 -2
  33. data/lib/puppet/type/user.rb +1 -15
  34. data/lib/puppet/type/yumrepo.rb +3 -7
  35. data/lib/puppet/util/execution.rb +4 -3
  36. data/lib/puppet/util/http_proxy.rb +16 -2
  37. data/lib/puppet/util/selinux.rb +5 -1
  38. data/lib/puppet/util/windows/security.rb +2 -0
  39. data/lib/puppet/util/windows/service.rb +149 -4
  40. data/lib/puppet/util/windows/sid.rb +1 -0
  41. data/lib/puppet/version.rb +1 -1
  42. data/locales/puppet.pot +189 -193
  43. data/man/man5/puppet.conf.5 +10 -2
  44. data/man/man8/puppet-agent.8 +1 -1
  45. data/man/man8/puppet-apply.8 +1 -1
  46. data/man/man8/puppet-ca.8 +1 -1
  47. data/man/man8/puppet-catalog.8 +1 -1
  48. data/man/man8/puppet-cert.8 +1 -1
  49. data/man/man8/puppet-certificate.8 +1 -1
  50. data/man/man8/puppet-certificate_request.8 +1 -1
  51. data/man/man8/puppet-certificate_revocation_list.8 +1 -1
  52. data/man/man8/puppet-config.8 +1 -1
  53. data/man/man8/puppet-describe.8 +1 -1
  54. data/man/man8/puppet-device.8 +1 -1
  55. data/man/man8/puppet-doc.8 +1 -1
  56. data/man/man8/puppet-epp.8 +1 -1
  57. data/man/man8/puppet-facts.8 +1 -1
  58. data/man/man8/puppet-filebucket.8 +1 -1
  59. data/man/man8/puppet-generate.8 +1 -1
  60. data/man/man8/puppet-help.8 +1 -1
  61. data/man/man8/puppet-key.8 +1 -1
  62. data/man/man8/puppet-lookup.8 +1 -1
  63. data/man/man8/puppet-man.8 +1 -1
  64. data/man/man8/puppet-master.8 +1 -1
  65. data/man/man8/puppet-module.8 +1 -1
  66. data/man/man8/puppet-node.8 +1 -1
  67. data/man/man8/puppet-parser.8 +1 -1
  68. data/man/man8/puppet-plugin.8 +1 -1
  69. data/man/man8/puppet-report.8 +1 -1
  70. data/man/man8/puppet-resource.8 +1 -1
  71. data/man/man8/puppet-script.8 +1 -1
  72. data/man/man8/puppet-status.8 +1 -1
  73. data/man/man8/puppet.8 +2 -2
  74. data/spec/integration/provider/service/systemd_spec.rb +8 -5
  75. data/spec/integration/type/file_spec.rb +28 -0
  76. data/spec/integration/util/execution_spec.rb +27 -0
  77. data/spec/unit/application/agent_spec.rb +18 -0
  78. data/spec/unit/application/device_spec.rb +1 -1
  79. data/spec/unit/face/facts_spec.rb +9 -0
  80. data/spec/unit/face/plugin_spec.rb +8 -0
  81. data/spec/unit/module_tool/tar/mini_spec.rb +1 -1
  82. data/spec/unit/network/http/api/indirected_routes_spec.rb +26 -10
  83. data/spec/unit/network/http/factory_spec.rb +27 -5
  84. data/spec/unit/pops/validator/validator_spec.rb +7 -0
  85. data/spec/unit/provider/package/aptrpm_spec.rb +1 -1
  86. data/spec/unit/provider/package/dnf_spec.rb +7 -0
  87. data/spec/unit/provider/package/rpm_spec.rb +150 -16
  88. data/spec/unit/provider/package/yum_spec.rb +7 -0
  89. data/spec/unit/provider/service/launchd_spec.rb +28 -0
  90. data/spec/unit/provider/service/windows_spec.rb +20 -0
  91. data/spec/unit/provider/user/pw_spec.rb +37 -0
  92. data/spec/unit/provider/user/useradd_spec.rb +42 -0
  93. data/spec/unit/resource_spec.rb +26 -1
  94. data/spec/unit/transaction_spec.rb +18 -0
  95. data/spec/unit/type/exec_spec.rb +9 -0
  96. data/spec/unit/type/file/source_spec.rb +4 -4
  97. data/spec/unit/type/schedule_spec.rb +3 -1
  98. data/spec/unit/type/service_spec.rb +16 -0
  99. data/spec/unit/type/user_spec.rb +13 -13
  100. data/spec/unit/type/yumrepo_spec.rb +30 -0
  101. data/spec/unit/type_spec.rb +40 -0
  102. data/spec/unit/util/http_proxy_spec.rb +24 -1
  103. data/spec/unit/util/log_spec.rb +27 -1
  104. data/spec/unit/util/windows/service_spec.rb +9 -0
  105. metadata +5 -9
  106. data/ext/windows/eventlog/Rakefile +0 -32
  107. data/ext/windows/eventlog/puppetres.dll +0 -0
  108. data/ext/windows/eventlog/puppetres.mc +0 -18
@@ -23,6 +23,13 @@ describe Puppet::Type.type(:package).provider(:yum) do
23
23
 
24
24
  before { allow(described_class).to receive(:command).with(:cmd).and_return("/usr/bin/yum") }
25
25
 
26
+ describe 'provider features' do
27
+ it { is_expected.to be_versionable }
28
+ it { is_expected.to be_install_options }
29
+ it { is_expected.to be_virtual_packages }
30
+ it { is_expected.to be_install_only }
31
+ end
32
+
26
33
  context "when installing" do
27
34
  it "should use the supplied source as the explicit path to a package to install" do
28
35
  resource[:ensure] = :present
@@ -125,6 +125,8 @@ describe Puppet::Type.type(:service).provider(:launchd) do
125
125
  end
126
126
 
127
127
  describe "when starting the service" do
128
+ let(:services) { "12345 0 #{joblabel}" }
129
+
128
130
  it "should call any explicit 'start' command" do
129
131
  resource[:start] = "/bin/false"
130
132
  expect(subject).to receive(:texecute).with(:start, ["/bin/false"], true)
@@ -132,6 +134,7 @@ describe Puppet::Type.type(:service).provider(:launchd) do
132
134
  end
133
135
 
134
136
  it "should look for the relevant plist once" do
137
+ allow(provider).to receive(:launchctl).with(:list).and_return(services)
135
138
  expect(subject).to receive(:plist_from_label).and_return([joblabel, {}]).once
136
139
  expect(subject).to receive(:enabled?).and_return(:true)
137
140
  expect(subject).to receive(:execute).with([:launchctl, :load, "-w", joblabel])
@@ -139,6 +142,7 @@ describe Puppet::Type.type(:service).provider(:launchd) do
139
142
  end
140
143
 
141
144
  it "should execute 'launchctl load' once without writing to the plist if the job is enabled" do
145
+ allow(provider).to receive(:launchctl).with(:list).and_return(services)
142
146
  expect(subject).to receive(:plist_from_label).and_return([joblabel, {}])
143
147
  expect(subject).to receive(:enabled?).and_return(:true)
144
148
  expect(subject).to receive(:execute).with([:launchctl, :load, "-w", joblabel]).once
@@ -242,6 +246,30 @@ describe Puppet::Type.type(:service).provider(:launchd) do
242
246
  end
243
247
  end
244
248
 
249
+ describe "when a service is unavailable" do
250
+ let(:map) { {"some.random.job" => "/path/to/job.plist"} }
251
+
252
+ before :each do
253
+ allow(provider).to receive(:make_label_to_path_map).and_return(map)
254
+ end
255
+
256
+ it "should fail when searching for the unavailable service" do
257
+ expect { provider.jobsearch("NOSUCH") }.to raise_error(Puppet::Error)
258
+ end
259
+
260
+ it "should return false when enabling the service" do
261
+ expect(subject.enabled?).to eq(:false)
262
+ end
263
+
264
+ it "should fail when starting the service" do
265
+ expect { subject.start }.to raise_error(Puppet::Error)
266
+ end
267
+
268
+ it "should fail when starting the service" do
269
+ expect { subject.stop }.to raise_error(Puppet::Error)
270
+ end
271
+ end
272
+
245
273
  [[10, "10.6"], [13, "10.9"]].each do |kernel, version|
246
274
  describe "when enabling the service on OS X #{version}" do
247
275
  it "should write to the global launchd overrides file once" do
@@ -148,6 +148,11 @@ describe Puppet::Type.type(:service).provider(:windows), :if => Puppet.features.
148
148
  expect(provider.enabled?).to eq(:manual)
149
149
  end
150
150
 
151
+ it "should report a service with a startup type of delayed as delayed" do
152
+ expect(service_util).to receive(:service_start_type).with(name).and_return(:SERVICE_DELAYED_AUTO_START)
153
+ expect(provider.enabled?).to eq(:delayed)
154
+ end
155
+
151
156
  it "should report a service with a startup type of disabled as false" do
152
157
  expect(service_util).to receive(:service_start_type).with(name).and_return(:SERVICE_DISABLED)
153
158
  expect(provider.enabled?).to eq(:false)
@@ -213,4 +218,19 @@ describe Puppet::Type.type(:service).provider(:windows), :if => Puppet.features.
213
218
  }.to raise_error(Puppet::Error, /Cannot enable #{name}/)
214
219
  end
215
220
  end
221
+
222
+ describe "#delayed_start" do
223
+ it "should set service start type to Service_Config_Delayed_Auto_Start (delayed) when delayed" do
224
+ expect(service_util).to receive(:set_startup_mode).with(name, :SERVICE_AUTO_START, true)
225
+ provider.delayed_start
226
+ end
227
+
228
+ it "raises an error if set_startup_mode fails" do
229
+ expect(service_util).to receive(:set_startup_mode).with(name, :SERVICE_AUTO_START, true).and_raise(Puppet::Error.new('foobar'))
230
+
231
+ expect {
232
+ provider.delayed_start
233
+ }.to raise_error(Puppet::Error, /Cannot enable #{name}/)
234
+ end
235
+ end
216
236
  end
@@ -1,4 +1,5 @@
1
1
  require 'spec_helper'
2
+ require 'open3'
2
3
 
3
4
  RSpec::Matchers.define_negated_matcher :excluding, :include
4
5
 
@@ -81,6 +82,23 @@ describe Puppet::Type.type(:user).provider(:pw) do
81
82
  provider.create
82
83
  end
83
84
 
85
+ it "should call execute with sensitive true when the password property is set" do
86
+ Puppet::Util::Log.level = :debug
87
+ resource[:password] = "abc123"
88
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
89
+ popen = double("popen", :puts => nil, :close => nil)
90
+ expect(Open3).to receive(:popen3).and_return(popen)
91
+ expect(popen).to receive(:puts).with("abc123")
92
+ provider.create
93
+ expect(@logs).not_to be_any {|log| log.level == :debug and log.message =~ /abc123/}
94
+ end
95
+
96
+ it "should call execute with sensitive false when a non-sensitive property is set" do
97
+ resource[:managehome] = true
98
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
99
+ provider.create
100
+ end
101
+
84
102
  it "should use -s with the correct argument when the shell property is set" do
85
103
  resource[:shell] = "/bin/sh"
86
104
  expect(provider).to receive(:execute).with(include("-s").and(include("/bin/sh")), kind_of(Hash))
@@ -209,5 +227,24 @@ describe Puppet::Type.type(:user).provider(:pw) do
209
227
  expect(provider).to receive(:execute).with(include("-u").and(include(54321)), hash_including(custom_environment: {}))
210
228
  provider.uid = 54321
211
229
  end
230
+
231
+ it "should print a debug message with sensitive data redacted when the password property is set" do
232
+ Puppet::Util::Log.level = :debug
233
+ resource[:password] = "*"
234
+ popen = double("popen", :puts => nil, :close => nil)
235
+ expect(Open3).to receive(:popen3).and_return(popen)
236
+ expect(popen).to receive(:puts).with("abc123")
237
+ provider.password = "abc123"
238
+
239
+ expect(@logs).not_to be_any {|log| log.level == :debug and log.message =~ /abc123/}
240
+ end
241
+
242
+ it "should call execute with sensitive false when a non-sensitive property is set" do
243
+ Puppet::Util::Log.level = :debug
244
+ resource[:home] = "/home/testuser"
245
+ resource[:managehome] = true
246
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
247
+ provider.home = "/newhome/testuser"
248
+ end
212
249
  end
213
250
  end
@@ -44,6 +44,27 @@ describe Puppet::Type.type(:user).provider(:useradd) do
44
44
  allow(provider).to receive(:exists?).and_return(false)
45
45
  end
46
46
 
47
+ it "should not redact the command from debug logs if there is no password" do
48
+ described_class.has_feature :manages_passwords
49
+ resource[:ensure] = :present
50
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
51
+ provider.create
52
+ end
53
+
54
+ it "should redact the command from debug logs if there is a password" do
55
+ described_class.has_feature :manages_passwords
56
+ resource2 = Puppet::Type.type(:user).new(
57
+ :name => 'myuser',
58
+ :password => 'a pass word',
59
+ :managehome => :false,
60
+ :system => :false,
61
+ :provider => provider,
62
+ )
63
+ resource2[:ensure] = :present
64
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
65
+ provider.create
66
+ end
67
+
47
68
  it "should add -g when no gid is specified and group already exists" do
48
69
  allow(Puppet::Util).to receive(:gid).and_return(true)
49
70
  resource[:ensure] = :present
@@ -165,6 +186,27 @@ describe Puppet::Type.type(:user).provider(:useradd) do
165
186
  end
166
187
  end
167
188
 
189
+ describe 'when modifying the password' do
190
+ before do
191
+ described_class.has_feature :libuser
192
+ described_class.has_feature :manages_passwords
193
+ #Setting any resource value here initializes needed variables and methods in the resource and provider
194
+ #Setting a password value here initializes the existence and management of the password parameter itself
195
+ #Otherwise, this value would not need to be initialized for the test
196
+ resource[:password] = ''
197
+ end
198
+
199
+ it "should not call execute with sensitive if non-sensitive data is changed" do
200
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
201
+ provider.home = 'foo/bar'
202
+ end
203
+
204
+ it "should call execute with sensitive if sensitive data is changed" do
205
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
206
+ provider.password = 'bird bird bird'
207
+ end
208
+ end
209
+
168
210
  describe '#modify' do
169
211
  describe "on systems with the libuser and forcelocal=false" do
170
212
  before do
@@ -747,7 +747,8 @@ describe Puppet::Resource do
747
747
  @resource = Puppet::Resource.new("one::two", "/my/file",
748
748
  :parameters => {
749
749
  :noop => true,
750
- :foo => %w{one two},
750
+ :foo => [:one, "two"],
751
+ :bar => 'a\'b',
751
752
  :ensure => 'present',
752
753
  }
753
754
  )
@@ -757,10 +758,34 @@ describe Puppet::Resource do
757
758
  expect(@resource.to_hierayaml).to eq <<-HEREDOC.gsub(/^\s{8}/, '')
758
759
  /my/file:
759
760
  ensure: 'present'
761
+ bar : 'a\\'b'
760
762
  foo : ['one', 'two']
761
763
  noop : true
762
764
  HEREDOC
763
765
  end
766
+
767
+ it "should convert some types to String" do
768
+ expect(@resource.to_hiera_hash).to eq(
769
+ "/my/file" => {
770
+ 'ensure' => "present",
771
+ 'bar' => "a'b",
772
+ 'foo' => ["one", "two"],
773
+ 'noop' => true
774
+ }
775
+ )
776
+ end
777
+
778
+ it "accepts symbolic titles" do
779
+ res = Puppet::Resource.new(:file, "/my/file", :parameters => { 'ensure' => "present" })
780
+
781
+ expect(res.to_hiera_hash.keys).to eq(["/my/file"])
782
+ end
783
+
784
+ it "emits an empty parameters hash" do
785
+ res = Puppet::Resource.new(:file, "/my/file")
786
+
787
+ expect(res.to_hiera_hash).to eq({"/my/file" => {}})
788
+ end
764
789
  end
765
790
  describe "when converting to json" do
766
791
  # LAK:NOTE For all of these tests, we convert back to the resource so we can
@@ -778,6 +778,24 @@ describe Puppet::Transaction do
778
778
 
779
779
  transaction.evaluate
780
780
  end
781
+
782
+ it "should call Selinux.matchpathcon_fini in case Selinux is enabled ", :if => Puppet.features.posix? do
783
+ unless defined?(Selinux)
784
+ module Selinux
785
+ def self.is_selinux_enabled
786
+ true
787
+ end
788
+ end
789
+ end
790
+
791
+ resource = Puppet::Type.type(:file).new(:path => make_absolute("/tmp/foo"))
792
+ transaction = transaction_with_resource(resource)
793
+
794
+ expect(Selinux).to receive(:matchpathcon_fini)
795
+ expect(Puppet::Util::SELinux).to receive(:selinux_support?).and_return(true)
796
+
797
+ transaction.evaluate
798
+ end
781
799
  end
782
800
 
783
801
  describe 'when checking application run state' do
@@ -755,6 +755,15 @@ RSpec.describe Puppet::Type.type(:exec) do
755
755
  expect(@test.check_all_attributes).to eq(true)
756
756
  expect(@logs.shift.message).to eq("test output")
757
757
  end
758
+
759
+ it "should not emit output to debug if sensitive is true" do
760
+ Puppet::Util::Log.level = :debug
761
+ @test[param] = @fail
762
+ allow(@test.parameters[param]).to receive(:sensitive).and_return(true)
763
+ expect(@test.check_all_attributes).to eq(true)
764
+ expect(@logs).not_to include(an_object_having_attributes(level: :debug, message: "test output"))
765
+ expect(@logs).to include(an_object_having_attributes(level: :debug, message: "[output redacted]"))
766
+ end
758
767
  end
759
768
  end
760
769
  end
@@ -34,11 +34,11 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
34
34
  it "should fail if the set values are not URLs" do
35
35
  expect(URI).to receive(:parse).with('foo').and_raise(RuntimeError)
36
36
 
37
- expect(lambda { resource[:source] = %w{foo} }).to raise_error(Puppet::Error)
37
+ expect { resource[:source] = %w{foo} }.to raise_error(Puppet::Error)
38
38
  end
39
39
 
40
40
  it "should fail if the URI is not a local file, file URI, or puppet URI" do
41
- expect(lambda { resource[:source] = %w{ftp://foo/bar} }).to raise_error(Puppet::Error, /Cannot use URLs of type 'ftp' as source for fileserving/)
41
+ expect { resource[:source] = %w{ftp://foo/bar} }.to raise_error(Puppet::Error, /Cannot use URLs of type 'ftp' as source for fileserving/)
42
42
  end
43
43
 
44
44
  it "should strip trailing forward slashes", :unless => Puppet.features.microsoft_windows? do
@@ -61,11 +61,11 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
61
61
  end
62
62
 
63
63
  it "should reject relative URI sources" do
64
- expect(lambda { resource[:source] = 'foo/bar' }).to raise_error(Puppet::Error)
64
+ expect { resource[:source] = 'foo/bar' }.to raise_error(Puppet::Error)
65
65
  end
66
66
 
67
67
  it "should reject opaque sources" do
68
- expect(lambda { resource[:source] = 'mailto:foo@com' }).to raise_error(Puppet::Error)
68
+ expect { resource[:source] = 'mailto:foo@com' }.to raise_error(Puppet::Error)
69
69
  end
70
70
 
71
71
  it "should accept URI authority component" do
@@ -446,7 +446,9 @@ describe Puppet::Type.type(:schedule) do
446
446
 
447
447
  it "should fail if the periodmatch is 'number'" do
448
448
  @schedule[:periodmatch] = :number
449
- expect(proc { @schedule[:repeat] = 2 }).to raise_error(Puppet::Error)
449
+ expect {
450
+ @schedule[:repeat] = 2
451
+ }.to raise_error(Puppet::Error)
450
452
  end
451
453
 
452
454
  it "should match if the previous run was further away than the distance divided by the repeat" do
@@ -75,6 +75,13 @@ describe Puppet::Type.type(:service), "when validating attribute values" do
75
75
  expect(srv.should(:enable)).to eq(:manual)
76
76
  end
77
77
 
78
+ it "should support :delayed as a value on Windows" do
79
+ allow(Puppet.features).to receive(:microsoft_windows?).and_return(true)
80
+
81
+ srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed)
82
+ expect(srv.should(:enable)).to eq(:delayed)
83
+ end
84
+
78
85
  it "should not support :manual as a value when not on Windows" do
79
86
  allow(Puppet.features).to receive(:microsoft_windows?).and_return(false)
80
87
 
@@ -83,6 +90,15 @@ describe Puppet::Type.type(:service), "when validating attribute values" do
83
90
  /Setting enable to manual is only supported on Microsoft Windows\./
84
91
  )
85
92
  end
93
+
94
+ it "should not support :delayed as a value when not on Windows" do
95
+ allow(Puppet.features).to receive(:microsoft_windows?).and_return(false)
96
+
97
+ expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed) }.to raise_error(
98
+ Puppet::Error,
99
+ /Setting enable to delayed is only supported on Microsoft Windows\./
100
+ )
101
+ end
86
102
  end
87
103
 
88
104
  it "should support :true as a value to :hasstatus" do
@@ -323,24 +323,24 @@ describe Puppet::Type.type(:user) do
323
323
  end
324
324
 
325
325
  describe "when managing passwords" do
326
- before do
327
- @password = described_class.new(:name => 'foo', :password => 'mypass').parameter(:password)
328
- end
326
+ let(:transaction) { Puppet::Transaction.new(Puppet::Resource::Catalog.new, nil, nil) }
327
+ let(:harness) { Puppet::Transaction::ResourceHarness.new(transaction) }
328
+ let(:provider) { @provider_class.new(:name => 'foo', :ensure => :present) }
329
+ let(:resource) { described_class.new(:name => 'foo', :ensure => :present, :password => 'top secret', :provider => provider) }
329
330
 
330
331
  it "should not include the password in the change log when adding the password" do
331
- expect(@password.change_to_s(:absent, "mypass")).not_to be_include("mypass")
332
+ status = harness.evaluate(resource)
333
+ sync_event = status.events[0]
334
+ expect(sync_event.message).not_to include('top secret')
335
+ expect(sync_event.message).to eql('changed [redacted] to [redacted]')
332
336
  end
333
337
 
334
338
  it "should not include the password in the change log when changing the password" do
335
- expect(@password.change_to_s("other", "mypass")).not_to be_include("mypass")
336
- end
337
-
338
- it "should redact the password when displaying the old value" do
339
- expect(@password.is_to_s("currentpassword")).to match(/^\[old password hash redacted\]$/)
340
- end
341
-
342
- it "should redact the password when displaying the new value" do
343
- expect(@password.should_to_s("newpassword")).to match(/^\[new password hash redacted\]$/)
339
+ resource[:password] = 'super extra classified'
340
+ status = harness.evaluate(resource)
341
+ sync_event = status.events[0]
342
+ expect(sync_event.message).not_to include('super extra classified')
343
+ expect(sync_event.message).to eql('changed [redacted] to [redacted]')
344
344
  end
345
345
 
346
346
  it "should fail if a ':' is included in the password" do
@@ -329,6 +329,36 @@ describe Puppet::Type.type(:yumrepo) do
329
329
 
330
330
  describe "proxy_password" do
331
331
  it_behaves_like "a yumrepo parameter that can be absent", :proxy_password
332
+
333
+ context "for password information in the logs" do
334
+ let(:transaction) { Puppet::Transaction.new(Puppet::Resource::Catalog.new, nil, nil) }
335
+ let(:harness) { Puppet::Transaction::ResourceHarness.new(transaction) }
336
+ let(:provider_class) { described_class.provide(:simple) do
337
+ mk_resource_methods
338
+ def create; end
339
+ def delete; end
340
+ def exists?; get(:ensure) != :absent; end
341
+ def flush; end
342
+ def self.instances; []; end
343
+ end
344
+ }
345
+ let(:provider) { provider_class.new(:name => 'foo', :ensure => :present) }
346
+ let(:resource) { described_class.new(:name => 'puppetlabs', :proxy_password => 'top secret', :provider => provider) }
347
+
348
+ it "redacts on creation" do
349
+ status = harness.evaluate(resource)
350
+ sync_event = status.events[0]
351
+ expect(sync_event.message).to eq 'changed [redacted] to [redacted]'
352
+ end
353
+
354
+ it "redacts on update" do
355
+ harness.evaluate(resource)
356
+ resource[:proxy_password] = 'super classified'
357
+ status = harness.evaluate(resource)
358
+ sync_event = status.events[0]
359
+ expect(sync_event.message).to eq 'changed [redacted] to [redacted]'
360
+ end
361
+ end
332
362
  end
333
363
 
334
364
  describe "s3_enabled" do