RubyGems - puppet - Versions diffs - 5.5.16 → 5.5.21 - Mend

puppet 5.5.16 → 5.5.21

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (359) hide show

checksums.yaml +4 -4
data/CODEOWNERS +10 -10
data/Gemfile +2 -3
data/Gemfile.lock +57 -52
data/ext/build_defaults.yaml +1 -0
data/ext/cert_inspector +3 -3
data/ext/project_data.yaml +2 -2
data/ext/puppet-test +2 -2
data/ext/regexp_nodes/regexp_nodes.rb +4 -4
data/ext/windows/service/daemon.rb +54 -8
data/install.rb +6 -24
data/lib/puppet.rb +5 -2
data/lib/puppet/agent.rb +5 -13
data/lib/puppet/application.rb +1 -1
data/lib/puppet/application/agent.rb +15 -1
data/lib/puppet/application/apply.rb +2 -2
data/lib/puppet/application/describe.rb +3 -9
data/lib/puppet/application/device.rb +4 -4
data/lib/puppet/application/doc.rb +1 -1
data/lib/puppet/application/filebucket.rb +13 -0
data/lib/puppet/application/lookup.rb +1 -1
data/lib/puppet/application/resource.rb +4 -4
data/lib/puppet/application/script.rb +2 -2
data/lib/puppet/configurer.rb +86 -28
data/lib/puppet/configurer/downloader.rb +2 -6
data/lib/puppet/daemon.rb +1 -1
data/lib/puppet/defaults.rb +82 -38
data/lib/puppet/error.rb +9 -1
data/lib/puppet/external/nagios/base.rb +1 -1
data/lib/puppet/face/ca.rb +1 -1
data/lib/puppet/face/config.rb +10 -48
data/lib/puppet/face/facts.rb +1 -1
data/lib/puppet/face/module/list.rb +5 -5
data/lib/puppet/face/module/search.rb +1 -1
data/lib/puppet/face/module/uninstall.rb +1 -1
data/lib/puppet/face/module/upgrade.rb +1 -1
data/lib/puppet/face/plugin.rb +9 -2
data/lib/puppet/file_serving/http_metadata.rb +1 -1
data/lib/puppet/file_system.rb +0 -8
data/lib/puppet/file_system/memory_file.rb +1 -1
data/lib/puppet/file_system/posix.rb +3 -2
data/lib/puppet/file_system/uniquefile.rb +4 -0
data/lib/puppet/forge.rb +3 -3
data/lib/puppet/functions/epp.rb +4 -4
data/lib/puppet/functions/inline_epp.rb +5 -5
data/lib/puppet/functions/reduce.rb +2 -4
data/lib/puppet/gettext/module_translations.rb +1 -1
data/lib/puppet/graph/rb_tree_map.rb +2 -2
data/lib/puppet/graph/simple_graph.rb +6 -5
data/lib/puppet/indirector/catalog/compiler.rb +8 -0
data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
data/lib/puppet/indirector/hiera.rb +2 -0
data/lib/puppet/indirector/resource/ral.rb +1 -3
data/lib/puppet/indirector/resource/validator.rb +1 -1
data/lib/puppet/interface.rb +2 -1
data/lib/puppet/loaders.rb +0 -1
data/lib/puppet/metatype/manager.rb +1 -1
data/lib/puppet/module.rb +1 -1
data/lib/puppet/module_tool/applications/builder.rb +1 -1
data/lib/puppet/module_tool/applications/installer.rb +1 -1
data/lib/puppet/module_tool/applications/uninstaller.rb +3 -3
data/lib/puppet/module_tool/metadata.rb +1 -1
data/lib/puppet/module_tool/shared_behaviors.rb +4 -4
data/lib/puppet/module_tool/tar/mini.rb +12 -2
data/lib/puppet/network/http/api/indirected_routes.rb +13 -12
data/lib/puppet/network/http/api/master/v3/environment.rb +3 -0
data/lib/puppet/network/http/connection.rb +14 -12
data/lib/puppet/network/http/factory.rb +1 -11
data/lib/puppet/network/http/pool.rb +7 -1
data/lib/puppet/network/http/rack/rest.rb +2 -2
data/lib/puppet/network/http/site.rb +1 -1
data/lib/puppet/network/resolver.rb +2 -2
data/lib/puppet/node/environment.rb +4 -2
data/lib/puppet/parameter.rb +8 -0
data/lib/puppet/parser/ast.rb +1 -1
data/lib/puppet/parser/ast/resourceparam.rb +1 -1
data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +2 -0
data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +2 -0
data/lib/puppet/parser/environment_compiler.rb +3 -0
data/lib/puppet/parser/functions.rb +1 -1
data/lib/puppet/parser/functions/epp.rb +3 -3
data/lib/puppet/parser/functions/inline_epp.rb +5 -5
data/lib/puppet/parser/resource.rb +3 -2
data/lib/puppet/parser/resource/param.rb +6 -0
data/lib/puppet/pops/evaluator/access_operator.rb +2 -2
data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +1 -1
data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +1 -1
data/lib/puppet/pops/evaluator/evaluator_impl.rb +1 -1
data/lib/puppet/pops/evaluator/external_syntax_support.rb +3 -2
data/lib/puppet/pops/evaluator/runtime3_support.rb +4 -4
data/lib/puppet/pops/issues.rb +5 -0
data/lib/puppet/pops/loaders.rb +1 -1
data/lib/puppet/pops/lookup/hiera_config.rb +1 -0
data/lib/puppet/pops/lookup/sub_lookup.rb +1 -1
data/lib/puppet/pops/merge_strategy.rb +22 -18
data/lib/puppet/pops/parser/heredoc_support.rb +1 -1
data/lib/puppet/pops/parser/interpolation_support.rb +4 -4
data/lib/puppet/pops/parser/locator.rb +1 -1
data/lib/puppet/pops/parser/pn_parser.rb +17 -16
data/lib/puppet/pops/puppet_stack.rb +51 -48
data/lib/puppet/pops/resource/resource_type_impl.rb +2 -0
data/lib/puppet/pops/types/p_sensitive_type.rb +1 -1
data/lib/puppet/pops/types/string_converter.rb +10 -10
data/lib/puppet/pops/types/type_calculator.rb +24 -0
data/lib/puppet/pops/types/types.rb +3 -3
data/lib/puppet/pops/validation/checker4_0.rb +10 -0
data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
data/lib/puppet/property.rb +1 -1
data/lib/puppet/property/ensure.rb +1 -1
data/lib/puppet/provider/augeas/augeas.rb +1 -1
data/lib/puppet/provider/cron/crontab.rb +1 -1
data/lib/puppet/provider/exec.rb +6 -2
data/lib/puppet/provider/file/posix.rb +5 -0
data/lib/puppet/provider/group/groupadd.rb +19 -19
data/lib/puppet/provider/group/windows_adsi.rb +3 -3
data/lib/puppet/provider/mailalias/aliases.rb +1 -1
data/lib/puppet/provider/mount.rb +1 -1
data/lib/puppet/provider/mount/parsed.rb +8 -8
data/lib/puppet/provider/nameservice.rb +10 -3
data/lib/puppet/provider/nameservice/directoryservice.rb +1 -1
data/lib/puppet/provider/nameservice/pw.rb +2 -2
data/lib/puppet/provider/package/aix.rb +17 -2
data/lib/puppet/provider/package/apt.rb +14 -3
data/lib/puppet/provider/package/dnf.rb +1 -1
data/lib/puppet/provider/package/dnfmodule.rb +141 -0
data/lib/puppet/provider/package/dpkg.rb +16 -18
data/lib/puppet/provider/package/fink.rb +20 -3
data/lib/puppet/provider/package/openbsd.rb +14 -2
data/lib/puppet/provider/package/pip.rb +37 -10
data/lib/puppet/provider/package/pkg.rb +18 -5
data/lib/puppet/provider/package/pkgdmg.rb +1 -1
data/lib/puppet/provider/package/pkgng.rb +16 -4
data/lib/puppet/provider/package/portage.rb +4 -4
data/lib/puppet/provider/package/rpm.rb +57 -19
data/lib/puppet/provider/package/windows/package.rb +1 -1
data/lib/puppet/provider/package/yum.rb +35 -24
data/lib/puppet/provider/package/zypper.rb +1 -0
data/lib/puppet/provider/package_targetable.rb +5 -4
data/lib/puppet/provider/parsedfile.rb +1 -1
data/lib/puppet/provider/scheduled_task/win32_taskscheduler.rb +3 -3
data/lib/puppet/provider/selmodule/semodule.rb +43 -26
data/lib/puppet/provider/service/daemontools.rb +9 -9
data/lib/puppet/provider/service/launchd.rb +20 -5
data/lib/puppet/provider/service/openbsd.rb +1 -1
data/lib/puppet/provider/service/rcng.rb +2 -2
data/lib/puppet/provider/service/runit.rb +2 -8
data/lib/puppet/provider/service/systemd.rb +35 -22
data/lib/puppet/provider/service/windows.rb +8 -0
data/lib/puppet/provider/user/directoryservice.rb +31 -6
data/lib/puppet/provider/user/hpux.rb +1 -1
data/lib/puppet/provider/user/pw.rb +12 -3
data/lib/puppet/provider/user/user_role_add.rb +5 -1
data/lib/puppet/provider/user/useradd.rb +62 -27
data/lib/puppet/provider/user/windows_adsi.rb +4 -5
data/lib/puppet/provider/yumrepo/inifile.rb +2 -2
data/lib/puppet/reference/indirection.rb +2 -2
data/lib/puppet/reference/metaparameter.rb +1 -3
data/lib/puppet/reference/providers.rb +1 -1
data/lib/puppet/reference/type.rb +3 -9
data/lib/puppet/reports.rb +1 -1
data/lib/puppet/resource.rb +18 -1
data/lib/puppet/resource/catalog.rb +1 -1
data/lib/puppet/resource/type.rb +8 -0
data/lib/puppet/settings.rb +43 -3
data/lib/puppet/settings/environment_conf.rb +1 -0
data/lib/puppet/ssl/certificate.rb +2 -1
data/lib/puppet/ssl/certificate_authority.rb +6 -5
data/lib/puppet/ssl/certificate_authority/interface.rb +1 -1
data/lib/puppet/ssl/certificate_factory.rb +2 -2
data/lib/puppet/ssl/host.rb +3 -3
data/lib/puppet/ssl/oids.rb +1 -1
data/lib/puppet/test/test_helper.rb +15 -10
data/lib/puppet/transaction/report.rb +1 -1
data/lib/puppet/transaction/resource_harness.rb +1 -1
data/lib/puppet/type.rb +15 -4
data/lib/puppet/type/cron.rb +1 -1
data/lib/puppet/type/exec.rb +21 -9
data/lib/puppet/type/file.rb +14 -2
data/lib/puppet/type/file/data_sync.rb +5 -1
data/lib/puppet/type/group.rb +4 -2
data/lib/puppet/type/interface.rb +1 -1
data/lib/puppet/type/notify.rb +3 -2
data/lib/puppet/type/package.rb +107 -8
data/lib/puppet/type/schedule.rb +1 -1
data/lib/puppet/type/selboolean.rb +17 -3
data/lib/puppet/type/service.rb +9 -10
data/lib/puppet/type/user.rb +6 -24
data/lib/puppet/type/yumrepo.rb +3 -7
data/lib/puppet/util.rb +47 -25
data/lib/puppet/util/command_line/trollop.rb +1 -1
data/lib/puppet/util/execution.rb +4 -3
data/lib/puppet/util/http_proxy.rb +24 -16
data/lib/puppet/util/instance_loader.rb +1 -1
data/lib/puppet/util/log.rb +1 -1
data/lib/puppet/util/log/destinations.rb +3 -12
data/lib/puppet/util/logging.rb +30 -18
data/lib/puppet/util/metric.rb +2 -2
data/lib/puppet/util/monkey_patches.rb +1 -1
data/lib/puppet/util/nagios_maker.rb +2 -2
data/lib/puppet/util/network_device/cisco/device.rb +1 -1
data/lib/puppet/util/network_device/cisco/interface.rb +2 -2
data/lib/puppet/util/network_device/transport/ssh.rb +1 -1
data/lib/puppet/util/pidlock.rb +12 -6
data/lib/puppet/util/plist.rb +6 -0
data/lib/puppet/util/provider_features.rb +2 -4
data/lib/puppet/util/rdoc.rb +1 -1
data/lib/puppet/util/reference.rb +1 -1
data/lib/puppet/util/resource_template.rb +1 -1
data/lib/puppet/util/selinux.rb +8 -2
data/lib/puppet/util/windows/adsi.rb +60 -30
data/lib/puppet/util/windows/api_types.rb +45 -32
data/lib/puppet/util/windows/eventlog.rb +1 -6
data/lib/puppet/util/windows/principal.rb +8 -6
data/lib/puppet/util/windows/process.rb +16 -15
data/lib/puppet/util/windows/registry.rb +17 -15
data/lib/puppet/util/windows/security.rb +3 -0
data/lib/puppet/util/windows/service.rb +149 -4
data/lib/puppet/util/windows/sid.rb +4 -3
data/lib/puppet/vendor.rb +1 -1
data/lib/puppet/version.rb +1 -1
data/lib/puppet_pal.rb +2 -2
data/locales/puppet.pot +479 -443
data/man/man5/puppet.conf.5 +38 -8
data/man/man8/puppet-agent.8 +2 -2
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-ca.8 +1 -1
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-cert.8 +1 -1
data/man/man8/puppet-certificate.8 +1 -1
data/man/man8/puppet-certificate_request.8 +1 -1
data/man/man8/puppet-certificate_revocation_list.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +1 -1
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +16 -1
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-master.8 +1 -1
data/man/man8/puppet-module.8 +1 -1
data/man/man8/puppet-node.8 +1 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/integration/provider/mailalias/aliases/test1 +1 -0
data/spec/fixtures/unit/provider/package/dnfmodule/dnf-module-list.txt +19 -0
data/spec/fixtures/unit/provider/package/pkgng/pkg.version +2 -0
data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +9 -0
data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +9 -0
data/spec/integration/configurer_spec.rb +52 -0
data/spec/integration/defaults_spec.rb +1 -2
data/spec/integration/indirector/facts/facter_spec.rb +4 -0
data/spec/integration/parser/compiler_spec.rb +11 -0
data/spec/integration/provider/service/systemd_spec.rb +8 -5
data/spec/integration/type/file_spec.rb +28 -0
data/spec/integration/type/notify_spec.rb +46 -0
data/spec/integration/util/execution_spec.rb +27 -0
data/spec/integration/util/windows/adsi_spec.rb +6 -1
data/spec/integration/util/windows/registry_spec.rb +7 -7
data/spec/unit/agent_spec.rb +34 -26
data/spec/unit/application/agent_spec.rb +18 -0
data/spec/unit/application/apply_spec.rb +2 -12
data/spec/unit/application/device_spec.rb +1 -1
data/spec/unit/configurer/fact_handler_spec.rb +0 -4
data/spec/unit/configurer_spec.rb +377 -397
data/spec/unit/daemon_spec.rb +0 -1
data/spec/unit/face/facts_spec.rb +9 -0
data/spec/unit/face/plugin_spec.rb +8 -0
data/spec/unit/file_system/uniquefile_spec.rb +11 -0
data/spec/unit/forge/forge_spec.rb +1 -3
data/spec/unit/forge/repository_spec.rb +1 -3
data/spec/unit/indirector/catalog/compiler_spec.rb +45 -26
data/spec/unit/indirector/resource/ral_spec.rb +4 -4
data/spec/unit/module_tool/tar/mini_spec.rb +1 -1
data/spec/unit/network/http/api/indirected_routes_spec.rb +28 -11
data/spec/unit/network/http/connection_spec.rb +43 -1
data/spec/unit/network/http/factory_spec.rb +27 -5
data/spec/unit/network/http/pool_spec.rb +32 -0
data/spec/unit/node_spec.rb +7 -4
data/spec/unit/parser/environment_compiler_spec.rb +7 -0
data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +8 -3
data/spec/unit/pops/validator/validator_spec.rb +7 -0
data/spec/unit/provider/exec_spec.rb +209 -0
data/spec/unit/provider/group/groupadd_spec.rb +30 -1
data/spec/unit/provider/group/windows_adsi_spec.rb +43 -10
data/spec/unit/provider/package/aix_spec.rb +29 -0
data/spec/unit/provider/package/apt_spec.rb +13 -2
data/spec/unit/provider/package/aptitude_spec.rb +1 -0
data/spec/unit/provider/package/aptrpm_spec.rb +1 -1
data/spec/unit/provider/package/dnf_spec.rb +7 -0
data/spec/unit/provider/package/dnfmodule_spec.rb +247 -0
data/spec/unit/provider/package/dpkg_spec.rb +35 -7
data/spec/unit/provider/package/openbsd_spec.rb +17 -0
data/spec/unit/provider/package/pip_spec.rb +93 -22
data/spec/unit/provider/package/pkg_spec.rb +13 -1
data/spec/unit/provider/package/pkgdmg_spec.rb +1 -1
data/spec/unit/provider/package/pkgng_spec.rb +36 -0
data/spec/unit/provider/package/portage_spec.rb +4 -4
data/spec/unit/provider/package/rpm_spec.rb +150 -16
data/spec/unit/provider/package/yum_spec.rb +66 -0
data/spec/unit/provider/package/zypper_spec.rb +13 -0
data/spec/unit/provider/package_targetable_spec.rb +60 -0
data/spec/unit/provider/selmodule_spec.rb +118 -47
data/spec/unit/provider/service/daemontools_spec.rb +24 -0
data/spec/unit/provider/service/launchd_spec.rb +28 -0
data/spec/unit/provider/service/runit_spec.rb +24 -0
data/spec/unit/provider/service/systemd_spec.rb +109 -36
data/spec/unit/provider/service/windows_spec.rb +20 -0
data/spec/unit/provider/user/directoryservice_spec.rb +41 -0
data/spec/unit/provider/user/hpux_spec.rb +2 -2
data/spec/unit/provider/user/openbsd_spec.rb +1 -0
data/spec/unit/provider/user/pw_spec.rb +37 -0
data/spec/unit/provider/user/useradd_spec.rb +122 -15
data/spec/unit/provider/user/windows_adsi_spec.rb +3 -3
data/spec/unit/puppet_pal_2pec.rb +3 -0
data/spec/unit/resource_spec.rb +26 -1
data/spec/unit/ssl/certificate_authority_spec.rb +2 -3
data/spec/unit/ssl/certificate_spec.rb +7 -0
data/spec/unit/test/test_helper_spec.rb +17 -0
data/spec/unit/transaction_spec.rb +18 -0
data/spec/unit/type/exec_spec.rb +15 -12
data/spec/unit/type/file/content_spec.rb +9 -3
data/spec/unit/type/file/source_spec.rb +4 -4
data/spec/unit/type/file_spec.rb +9 -4
data/spec/unit/type/package_spec.rb +8 -0
data/spec/unit/type/schedule_spec.rb +3 -1
data/spec/unit/type/selboolean_spec.rb +4 -6
data/spec/unit/type/service_spec.rb +25 -8
data/spec/unit/type/user_spec.rb +32 -26
data/spec/unit/type/yumrepo_spec.rb +30 -0
data/spec/unit/type_spec.rb +40 -0
data/spec/unit/util/execution_spec.rb +16 -0
data/spec/unit/util/http_proxy_spec.rb +121 -1
data/spec/unit/util/log/destinations_spec.rb +2 -26
data/spec/unit/util/log_spec.rb +0 -112
data/spec/unit/util/logging_spec.rb +200 -0
data/spec/unit/util/pidlock_spec.rb +67 -40
data/spec/unit/util/plist_spec.rb +20 -0
data/spec/unit/util/windows/adsi_spec.rb +55 -4
data/spec/unit/util/windows/api_types_spec.rb +104 -40
data/spec/unit/util/windows/service_spec.rb +9 -0
data/spec/unit/util/windows/sid_spec.rb +2 -2
data/tasks/manpages.rake +1 -0
metadata +16 -11
data/ext/windows/eventlog/Rakefile +0 -32
data/ext/windows/eventlog/puppetres.dll +0 -0
data/ext/windows/eventlog/puppetres.mc +0 -18
data/lib/puppet/pops/loader/null_loader.rb +0 -60
data/locales/ja/puppet.po +0 -12114
data/spec/integration/test/test_helper_spec.rb +0 -31

data/spec/unit/provider/service/windows_spec.rb CHANGED

@@ -148,6 +148,11 @@ describe Puppet::Type.type(:service).provider(:windows), :if => Puppet.features.
       expect(provider.enabled?).to eq(:manual)
     end
+    it "should report a service with a startup type of delayed as delayed" do
+      expect(service_util).to receive(:service_start_type).with(name).and_return(:SERVICE_DELAYED_AUTO_START)
+      expect(provider.enabled?).to eq(:delayed)
+    end
     it "should report a service with a startup type of disabled as false" do
       expect(service_util).to receive(:service_start_type).with(name).and_return(:SERVICE_DISABLED)
       expect(provider.enabled?).to eq(:false)
@@ -213,4 +218,19 @@ describe Puppet::Type.type(:service).provider(:windows), :if => Puppet.features.
       }.to raise_error(Puppet::Error, /Cannot enable #{name}/)
     end
   end
+  describe "#delayed_start" do
+    it "should set service start type to Service_Config_Delayed_Auto_Start (delayed) when delayed" do
+      expect(service_util).to receive(:set_startup_mode).with(name, :SERVICE_AUTO_START, true)
+      provider.delayed_start
+    end
+    it "raises an error if set_startup_mode fails" do
+      expect(service_util).to receive(:set_startup_mode).with(name, :SERVICE_AUTO_START, true).and_raise(Puppet::Error.new('foobar'))
+      expect {
+        provider.delayed_start
+      }.to raise_error(Puppet::Error, /Cannot enable #{name}/)
+    end
+  end
 end

data/spec/unit/provider/user/directoryservice_spec.rb CHANGED

@@ -196,6 +196,17 @@ describe Puppet::Type.type(:user).provider(:directoryservice) do
     }
   end
+  let (:dsimport_preamble) do
+    '0x0A 0x5C 0x3A 0x2C dsRecTypeStandard:Users 2 dsAttrTypeStandard:RecordName base64:dsAttrTypeNative:ShadowHashData'
+  end
+  let (:dsimport_contents) do
+    <<-DSIMPORT
+#{dsimport_preamble}
+#{username}:#{Base64.strict_encode64(sha512_embedded_bplist)}
+    DSIMPORT
+  end
   # The below represents output of 'dscl -plist . readall /Users' converted to
   # a native Ruby hash if only one user were installed on the system.
   # This lets us check the behavior of all the methods necessary to return a
@@ -960,6 +971,24 @@ end
     end
   end
+  describe '#set_shadow_hash_data' do
+    let(:users_plist) { {'ShadowHashData' => ['string_data'] } }
+    it 'should flush the plist data to disk on OS X < 10.15' do
+      allow(provider.class).to receive(:get_os_version).and_return('10.12')
+      expect(provider).to receive(:write_users_plist_to_disk)
+      provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
+    end
+    it 'should flush the plist data a temporary file on OS X >= 10.15' do
+      allow(provider.class).to receive(:get_os_version).and_return('10.15')
+      expect(provider).to receive(:write_and_import_shadow_hash_data)
+      provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
+    end
+  end
   describe '#set_salted_pbkdf2' do
     let(:users_plist) { {'ShadowHashData' => ['string_data'] } }
     let(:entropy_shadow_hash_data) do
@@ -1011,6 +1040,18 @@ end
     end
   end
+  describe '#write_and_import_shadow_hash_data' do
+    it 'should save the passed plist to a temporary file and import it' do
+      tmpfile = double('tempfile', :path => "/tmp/dsimport_#{username}", :flush => nil)
+      allow(Tempfile).to receive(:create).and_yield(tmpfile)
+      allow(provider).to receive(:dscl).with('.', 'delete', user_path, 'ShadowHashData')
+      expect(tmpfile).to receive(:write).with(dsimport_contents)
+      expect(provider).to receive(:dsimport).with(tmpfile.path, '/Local/Default', 'M')
+      provider.write_and_import_shadow_hash_data(sha512_embedded_bplist)
+    end
+  end
   describe '#merge_attribute_with_dscl' do
     it 'should raise an error if a dscl command raises an error' do
       expect(provider).to receive(:dscl).with('.', '-merge', user_path, 'GeneratedUID', 'GUID').and_raise(Puppet::ExecutionFailure, 'boom')

data/spec/unit/provider/user/hpux_spec.rb CHANGED

@@ -56,14 +56,14 @@ describe Puppet::Type.type(:user).provider(:hpuxuseradd), :unless => Puppet.feat
     it "should add modprpw to modifycmd if Trusted System" do
       allow(resource).to receive(:allowdupe?).and_return(true)
       expect(provider).to receive(:exec_getprpw).with('root','-m uid').and_return('uid=0')
-      expect(provider).to receive(:execute).with(['/usr/sam/lbin/usermod.sam', '-u', 1000, '-o', 'testuser', '-F', ';', '/usr/lbin/modprpw', '-v', '-l', 'testuser'], hash_including(custom_environment: {}))
+      expect(provider).to receive(:execute).with(['/usr/sam/lbin/usermod.sam', '-F', '-u', 1000, '-o', 'testuser', ';', '/usr/lbin/modprpw', '-v', '-l', 'testuser'], hash_including(custom_environment: {}))
       provider.uid = 1000
     end
     it "should not add modprpw if not Trusted System" do
       allow(resource).to receive(:allowdupe?).and_return(true)
       expect(provider).to receive(:exec_getprpw).with('root','-m uid').and_return('System is not trusted')
-      expect(provider).to receive(:execute).with(['/usr/sam/lbin/usermod.sam', '-u', 1000, '-o', 'testuser', '-F'], hash_including(custom_environment: {}))
+      expect(provider).to receive(:execute).with(['/usr/sam/lbin/usermod.sam', '-F', '-u', 1000, '-o', 'testuser'], hash_including(custom_environment: {}))
       provider.uid = 1000
     end
   end

data/spec/unit/provider/user/openbsd_spec.rb CHANGED

@@ -45,6 +45,7 @@ describe Puppet::Type.type(:user).provider(:openbsd) do
   describe "#addcmd" do
     it "should return an array with the full command and expiry as MM/DD/YY" do
       allow(Facter).to receive(:value).with(:osfamily).and_return('OpenBSD')
+      allow(Facter).to receive(:value).with(:operatingsystemmajrelease)
       resource[:expiry] = "1997-06-01"
       expect(provider.addcmd).to eq(['/usr/sbin/useradd', '-e', 'June 01 1997', 'myuser'])
     end

data/spec/unit/provider/user/pw_spec.rb CHANGED

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'open3'
 RSpec::Matchers.define_negated_matcher :excluding, :include
@@ -81,6 +82,23 @@ describe Puppet::Type.type(:user).provider(:pw) do
       provider.create
     end
+    it "should call execute with sensitive true when the password property is set" do
+      Puppet::Util::Log.level = :debug
+      resource[:password] = "abc123"
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
+      popen = double("popen", :puts => nil, :close => nil)
+      expect(Open3).to receive(:popen3).and_return(popen)
+      expect(popen).to receive(:puts).with("abc123")
+      provider.create
+      expect(@logs).not_to be_any {|log| log.level == :debug and log.message =~ /abc123/}
+    end
+    it "should call execute with sensitive false when a non-sensitive property is set" do
+      resource[:managehome] = true
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
+      provider.create
+    end
     it "should use -s with the correct argument when the shell property is set" do
       resource[:shell] = "/bin/sh"
       expect(provider).to receive(:execute).with(include("-s").and(include("/bin/sh")), kind_of(Hash))
@@ -209,5 +227,24 @@ describe Puppet::Type.type(:user).provider(:pw) do
       expect(provider).to receive(:execute).with(include("-u").and(include(54321)), hash_including(custom_environment: {}))
       provider.uid = 54321
     end
+    it "should print a debug message with sensitive data redacted when the password property is set" do
+      Puppet::Util::Log.level = :debug
+      resource[:password] = "*"
+      popen = double("popen", :puts => nil, :close => nil)
+      expect(Open3).to receive(:popen3).and_return(popen)
+      expect(popen).to receive(:puts).with("abc123")
+      provider.password = "abc123"
+      expect(@logs).not_to be_any {|log| log.level == :debug and log.message =~ /abc123/}
+     end
+    it "should call execute with sensitive false when a non-sensitive property is set" do
+      Puppet::Util::Log.level = :debug
+      resource[:home] = "/home/testuser"
+      resource[:managehome] = true
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
+      provider.home = "/newhome/testuser"
+    end
   end
 end

data/spec/unit/provider/user/useradd_spec.rb CHANGED

@@ -44,29 +44,54 @@ describe Puppet::Type.type(:user).provider(:useradd) do
       allow(provider).to receive(:exists?).and_return(false)
     end
-    it "should add -g when no gid is specified and group already exists" do
-      allow(Puppet::Util).to receive(:gid).and_return(true)
+    it "should not redact the command from debug logs if there is no password" do
+      described_class.has_feature :manages_passwords
       resource[:ensure] = :present
-      expect(provider).to receive(:execute).with(include('-g'), kind_of(Hash))
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
       provider.create
     end
-    it "should use -G to set groups" do
-      allow(Facter).to receive(:value).with(:osfamily).and_return('Not RedHat')
-      resource[:ensure] = :present
-      resource[:groups] = ['group1', 'group2']
-      expect(provider).to receive(:execute).with(['/usr/sbin/useradd', '-G', 'group1,group2', 'myuser'], kind_of(Hash))
+    it "should redact the command from debug logs if there is a password" do
+      described_class.has_feature :manages_passwords
+      resource2 = Puppet::Type.type(:user).new(
+        :name       => 'myuser',
+        :password   => 'a pass word',
+        :managehome => :false,
+        :system     => :false,
+        :provider   => provider,
+      )
+      resource2[:ensure] = :present
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
       provider.create
     end
-    it "should use -G to set groups without -M on RedHat" do
-      allow(Facter).to receive(:value).with(:osfamily).and_return('RedHat')
+    it "should add -g when no gid is specified and group already exists" do
+      allow(Puppet::Util).to receive(:gid).and_return(true)
       resource[:ensure] = :present
-      resource[:groups] = ['group1', 'group2']
-      expect(provider).to receive(:execute).with(['/usr/sbin/useradd', '-G', 'group1,group2', '-M', 'myuser'], kind_of(Hash))
+      expect(provider).to receive(:execute).with(include('-g'), kind_of(Hash))
       provider.create
     end
+    context "when setting groups" do
+      it "uses -G to set groups" do
+        allow(Facter).to receive(:value).with(:osfamily).and_return('Solaris')
+        allow(Facter).to receive(:value).with(:operatingsystemmajrelease)
+        resource[:ensure] = :present
+        resource[:groups] = ['group1', 'group2']
+        expect(provider).to receive(:execute).with(['/usr/sbin/useradd', '-G', 'group1,group2', 'myuser'], kind_of(Hash))
+        provider.create
+      end
+      it "uses -G to set groups with -M on supported systems" do
+        allow(Facter).to receive(:value).with(:osfamily).and_return('RedHat')
+        allow(Facter).to receive(:value).with(:operatingsystemmajrelease)
+        resource[:ensure] = :present
+        resource[:groups] = ['group1', 'group2']
+        expect(provider).to receive(:execute).with(['/usr/sbin/useradd', '-G', 'group1,group2', '-M', 'myuser'], kind_of(Hash))
+        provider.create
+      end
+    end
     it "should add -o when allowdupe is enabled and the user is being created" do
       resource[:allowdupe] = true
       expect(provider).to receive(:execute).with(include('-o'), kind_of(Hash))
@@ -165,6 +190,27 @@ describe Puppet::Type.type(:user).provider(:useradd) do
     end
   end
+  describe 'when modifying the password' do
+    before do
+      described_class.has_feature :libuser
+      described_class.has_feature :manages_passwords
+      #Setting any resource value here initializes needed variables and methods in the resource and provider
+      #Setting a password value here initializes the existence and management of the password parameter itself
+      #Otherwise, this value would not need to be initialized for the test
+      resource[:password] = ''
+    end
+    it "should not call execute with sensitive if non-sensitive data is changed" do
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
+      provider.home = 'foo/bar'
+    end
+    it "should call execute with sensitive if sensitive data is changed" do
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
+      provider.password = 'bird bird bird'
+    end
+  end
   describe '#modify' do
     describe "on systems with the libuser and forcelocal=false" do
       before do
@@ -273,6 +319,65 @@ describe Puppet::Type.type(:user).provider(:useradd) do
       expect(provider).to receive(:execute).with(['/usr/sbin/usermod', '-e', '', 'myuser'], hash_including(custom_environment: {}))
       provider.expiry = :absent
     end
+    it "should use -e with -1 when the expiry property is removed on SLES11" do
+      allow(Facter).to receive(:value).with(:operatingsystem).and_return('SLES')
+      allow(Facter).to receive(:value).with(:operatingsystemmajrelease).and_return('11')
+      resource[:expiry] = :absent
+      expect(provider).to receive(:execute).with(['/usr/sbin/usermod', '-e', -1, 'myuser'], hash_including(custom_environment: {}))
+      provider.expiry = :absent
+    end
+  end
+  describe "#comment" do
+    before { described_class.has_feature :libuser }
+    let(:content) { "myuser:x:x:x:local comment:x:x" }
+    it "should return the local comment string when forcelocal is true" do
+      resource[:forcelocal] = true
+      allow(File).to receive(:read).with('/etc/passwd').and_return(content)
+      expect(provider.comment).to eq('local comment')
+    end
+    it "should fall back to nameservice comment string when forcelocal is false" do
+      resource[:forcelocal] = false
+      allow(provider).to receive(:get).with(:comment).and_return('remote comment')
+      expect(provider).not_to receive(:localcomment)
+      expect(provider.comment).to eq('remote comment')
+    end
+  end
+  describe "#finduser" do
+    before { allow(File).to receive(:read).with('/etc/passwd').and_return(content) }
+    let(:content) { "sample_account:sample_password:sample_uid:sample_gid:sample_gecos:sample_directory:sample_shell" }
+    let(:output) do
+      {
+        account: 'sample_account',
+        password: 'sample_password',
+        uid: 'sample_uid',
+        gid: 'sample_gid',
+        gecos: 'sample_gecos',
+        directory: 'sample_directory',
+        shell: 'sample_shell',
+      }
+    end
+    [:account, :password, :uid, :gid, :gecos, :directory, :shell].each do |key|
+      it "finds an user by #{key} when asked" do
+        expect(provider.finduser(key, "sample_#{key}")).to eq(output)
+      end
+    end
+    it "returns false when specified key/value pair is not found" do
+      expect(provider.finduser(:account, 'invalid_account')).to eq(false)
+    end
+    it "reads the user file only once per resource" do
+      expect(File).to receive(:read).with('/etc/passwd').once
+      5.times { provider.finduser(:account, 'sample_account') }
+    end
   end
   describe "#check_allow_dup" do
@@ -328,15 +433,17 @@ describe Puppet::Type.type(:user).provider(:useradd) do
       provider.delete
     end
-    it "should use -M flag if home is not managed and on Redhat" do
+    it "should use -M flag if home is not managed on a supported system" do
       allow(Facter).to receive(:value).with(:osfamily).and_return("RedHat")
+      allow(Facter).to receive(:value).with(:operatingsystemmajrelease)
       resource[:managehome] = :false
       expect(provider).to receive(:execute).with(include('-M'), kind_of(Hash))
       provider.create
     end
-    it "should not use -M flag if home is not managed and not on Redhat" do
-      allow(Facter).to receive(:value).with(:osfamily).and_return("not RedHat")
+    it "should not use -M flag if home is not managed on an unsupported system" do
+      allow(Facter).to receive(:value).with(:osfamily).and_return("Suse")
+      allow(Facter).to receive(:value).with(:operatingsystemmajrelease).and_return("11")
       resource[:managehome] = :false
       expect(provider).to receive(:execute).with(excluding('-M'), kind_of(Hash))
       provider.create

data/spec/unit/provider/user/windows_adsi_spec.rb CHANGED

@@ -78,9 +78,9 @@ describe Puppet::Type.type(:user).provider(:windows_adsi), :if => Puppet.feature
     let(:group3) { double(:account => 'group3', :domain => '.', :sid => 'group3sid') }
     before :each do
-      allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).with('group1').and_return(group1)
-      allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).with('group2').and_return(group2)
-      allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).with('group3').and_return(group3)
+      allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).with('group1', any_args).and_return(group1)
+      allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).with('group2', any_args).and_return(group2)
+      allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).with('group3', any_args).and_return(group3)
     end
     it "should return true for same lists of members" do

data/spec/unit/puppet_pal_2pec.rb CHANGED

@@ -714,6 +714,9 @@ describe 'Puppet Pal' do
       context 'facts are supported such that' do
         it 'they are obtained if they are not given' do
+          facts = Puppet::Node::Facts.new(Puppet[:certname], 'puppetversion' => Puppet.version)
+          Puppet::Node::Facts.indirection.save(facts)
           testing_env_dir # creates the structure
           result = Puppet::Pal.in_tmp_environment('pal_env', modulepath: modulepath ) do |ctx|
             ctx.with_script_compiler {|c| c.evaluate_string("$facts =~ Hash and $facts[puppetversion] == '#{Puppet.version}'") }

data/spec/unit/resource_spec.rb CHANGED

@@ -747,7 +747,8 @@ describe Puppet::Resource do
       @resource = Puppet::Resource.new("one::two", "/my/file",
         :parameters => {
           :noop => true,
-          :foo => %w{one two},
+          :foo => [:one, "two"],
+          :bar => 'a\'b',
           :ensure => 'present',
         }
       )
@@ -757,10 +758,34 @@ describe Puppet::Resource do
       expect(@resource.to_hierayaml).to eq <<-HEREDOC.gsub(/^\s{8}/, '')
           /my/file:
             ensure: 'present'
+            bar   : 'a\\'b'
             foo   : ['one', 'two']
             noop  : true
       HEREDOC
     end
+    it "should convert some types to String" do
+      expect(@resource.to_hiera_hash).to eq(
+        "/my/file" => {
+          'ensure' => "present",
+          'bar'    => "a'b",
+          'foo'    => ["one", "two"],
+          'noop'   => true
+        }
+      )
+    end
+    it "accepts symbolic titles" do
+      res = Puppet::Resource.new(:file, "/my/file", :parameters => { 'ensure' => "present" })
+      expect(res.to_hiera_hash.keys).to eq(["/my/file"])
+    end
+    it "emits an empty parameters hash" do
+      res = Puppet::Resource.new(:file, "/my/file")
+      expect(res.to_hiera_hash).to eq({"/my/file" => {}})
+    end
   end
   describe "when converting to json" do
     # LAK:NOTE For all of these tests, we convert back to the resource so we can

data/spec/unit/ssl/certificate_authority_spec.rb CHANGED

@@ -876,9 +876,8 @@ describe Puppet::SSL::CertificateAuthority do
         @ca.verify("me")
       end
-      it "should set the store purpose to OpenSSL::X509::PURPOSE_SSL_CLIENT" do
-        Puppet[:cacert] = cacert
-        expect(@store).to receive(:add_file).with(cacert)
+      it "should set the store purpose to OpenSSL::X509::PURPOSE_ANY" do
+        expect(@store).to receive(:purpose=).with OpenSSL::X509::PURPOSE_ANY
         @ca.verify("me")
       end

data/spec/unit/ssl/certificate_spec.rb CHANGED

@@ -138,6 +138,13 @@ describe Puppet::SSL::Certificate do
         expect(cert.custom_extensions).to include('oid' => '1.3.6.1.4.1.34380.1.2.1', 'value' => 'x509 :(')
       end
+      it "returns extensions under the ppAuthCertExt" do
+        exts = {'pp_auth_role' => 'taketwo'}
+        cert = build_cert(:extension_requests => exts)
+        sign_wrapped_cert(cert)
+        expect(cert.custom_extensions).to include('oid' => 'pp_auth_role', 'value' => 'taketwo')
+      end
       it "doesn't return standard extensions" do
         cert = build_cert(:dns_alt_names => 'foo')
         expect(cert.custom_extensions).to be_empty