puppet 5.5.6-x86-mingw32 → 5.5.7-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +3 -1
- data/Gemfile.lock +12 -12
- data/Rakefile +9 -0
- data/lib/puppet/application.rb +5 -0
- data/lib/puppet/application/apply.rb +1 -0
- data/lib/puppet/application/master.rb +9 -7
- data/lib/puppet/application/script.rb +1 -1
- data/lib/puppet/defaults.rb +51 -31
- data/lib/puppet/etc.rb +20 -0
- data/lib/puppet/file_serving/fileset.rb +1 -1
- data/lib/puppet/functions.rb +123 -0
- data/lib/puppet/functions/new.rb +37 -53
- data/lib/puppet/functions/warning.rb +1 -1
- data/lib/puppet/loaders.rb +1 -0
- data/lib/puppet/parser/functions.rb +3 -1
- data/lib/puppet/parser/functions/sprintf.rb +12 -1
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +16 -0
- data/lib/puppet/pops/evaluator/runtime3_support.rb +3 -4
- data/lib/puppet/pops/issues.rb +8 -0
- data/lib/puppet/pops/loader/loader.rb +2 -2
- data/lib/puppet/pops/loader/loader_paths.rb +3 -1
- data/lib/puppet/pops/loader/module_loaders.rb +1 -1
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +62 -0
- data/lib/puppet/pops/loaders.rb +5 -21
- data/lib/puppet/pops/parser/heredoc_support.rb +1 -2
- data/lib/puppet/pops/parser/lexer2.rb +1 -1
- data/lib/puppet/pops/validation/checker4_0.rb +31 -6
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
- data/lib/puppet/property/keyvalue.rb +70 -8
- data/lib/puppet/provider/aix_object.rb +483 -0
- data/lib/puppet/provider/exec.rb +54 -57
- data/lib/puppet/provider/group/aix.rb +40 -115
- data/lib/puppet/provider/group/pw.rb +4 -8
- data/lib/puppet/provider/group/windows_adsi.rb +7 -4
- data/lib/puppet/provider/nameservice.rb +1 -25
- data/lib/puppet/provider/nameservice/directoryservice.rb +5 -3
- data/lib/puppet/provider/package/portage.rb +2 -2
- data/lib/puppet/provider/package/windows.rb +2 -2
- data/lib/puppet/provider/package/windows/exe_package.rb +3 -10
- data/lib/puppet/provider/package/zypper.rb +1 -1
- data/lib/puppet/provider/service/launchd.rb +19 -3
- data/lib/puppet/provider/service/windows.rb +49 -40
- data/lib/puppet/provider/user/aix.rb +180 -246
- data/lib/puppet/provider/user/windows_adsi.rb +9 -1
- data/lib/puppet/resource/catalog.rb +1 -5
- data/lib/puppet/type/augeas.rb +1 -1
- data/lib/puppet/type/exec.rb +16 -14
- data/lib/puppet/type/file.rb +2 -2
- data/lib/puppet/type/file/source.rb +9 -5
- data/lib/puppet/type/group.rb +65 -23
- data/lib/puppet/type/k5login.rb +2 -2
- data/lib/puppet/type/notify.rb +1 -1
- data/lib/puppet/type/package.rb +3 -6
- data/lib/puppet/type/resources.rb +12 -2
- data/lib/puppet/type/schedule.rb +8 -1
- data/lib/puppet/type/selboolean.rb +2 -2
- data/lib/puppet/type/selmodule.rb +3 -4
- data/lib/puppet/type/service.rb +2 -5
- data/lib/puppet/type/tidy.rb +1 -1
- data/lib/puppet/type/user.rb +15 -20
- data/lib/puppet/type/yumrepo.rb +2 -2
- data/lib/puppet/type/zone.rb +2 -2
- data/lib/puppet/util.rb +7 -3
- data/lib/puppet/util/execution.rb +15 -1
- data/lib/puppet/util/posix.rb +15 -0
- data/lib/puppet/util/storage.rb +12 -0
- data/lib/puppet/util/windows.rb +4 -2
- data/lib/puppet/util/windows/adsi.rb +235 -205
- data/lib/puppet/util/windows/process.rb +23 -3
- data/lib/puppet/util/windows/security.rb +14 -0
- data/lib/puppet/util/windows/service.rb +977 -0
- data/lib/puppet/util/windows/user.rb +3 -5
- data/lib/puppet/version.rb +1 -1
- data/locales/ja/puppet.po +705 -374
- data/locales/puppet.pot +485 -261
- data/man/man5/puppet.conf.5 +36 -15
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-ca.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-cert.8 +1 -1
- data/man/man8/puppet-certificate.8 +1 -1
- data/man/man8/puppet-certificate_request.8 +1 -1
- data/man/man8/puppet-certificate_revocation_list.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-master.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/unit/provider/aix_object/aix_colon_list_real_world_input.out +1 -0
- data/spec/fixtures/unit/provider/aix_object/aix_colon_list_real_world_output.out +1 -0
- data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +32 -0
- data/spec/integration/parser/collection_spec.rb +4 -8
- data/spec/integration/provider/service/windows_spec.rb +5 -5
- data/spec/integration/type/file_spec.rb +6 -6
- data/spec/integration/util/windows/adsi_spec.rb +6 -5
- data/spec/integration/util/windows/security_spec.rb +10 -7
- data/spec/integration/util/windows/user_spec.rb +37 -17
- data/spec/spec_helper.rb +0 -1
- data/spec/unit/application/apply_spec.rb +41 -2
- data/spec/unit/application/master_spec.rb +7 -0
- data/spec/unit/application_spec.rb +21 -3
- data/spec/unit/defaults_spec.rb +20 -0
- data/spec/unit/etc_spec.rb +25 -0
- data/spec/unit/file_serving/fileset_spec.rb +11 -11
- data/spec/unit/gettext/config_spec.rb +1 -1
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +6 -6
- data/spec/unit/pops/loaders/loaders_spec.rb +40 -7
- data/spec/unit/pops/parser/parse_heredoc_spec.rb +16 -0
- data/spec/unit/pops/validator/validator_spec.rb +129 -10
- data/spec/unit/property/keyvalue_spec.rb +97 -6
- data/spec/unit/provider/aix_object_spec.rb +805 -0
- data/spec/unit/provider/group/aix_spec.rb +57 -0
- data/spec/unit/provider/group/pw_spec.rb +0 -6
- data/spec/unit/provider/group/windows_adsi_spec.rb +34 -35
- data/spec/unit/provider/nameservice/directoryservice_spec.rb +2 -2
- data/spec/unit/provider/package/windows/exe_package_spec.rb +3 -3
- data/spec/unit/provider/package/windows_spec.rb +4 -4
- data/spec/unit/provider/service/launchd_spec.rb +19 -0
- data/spec/unit/provider/service/windows_spec.rb +71 -78
- data/spec/unit/provider/user/aix_spec.rb +162 -116
- data/spec/unit/provider/user/windows_adsi_spec.rb +4 -4
- data/spec/unit/resource/catalog_spec.rb +2 -2
- data/spec/unit/ssl/certificate_authority_spec.rb +0 -1
- data/spec/unit/type/group_spec.rb +111 -13
- data/spec/unit/type/resources_spec.rb +18 -0
- data/spec/unit/util/execution_spec.rb +77 -0
- data/spec/unit/util/posix_spec.rb +28 -0
- data/spec/unit/util/storage_spec.rb +107 -0
- data/spec/unit/util/windows/adsi_spec.rb +108 -13
- data/spec/unit/util/windows/service_spec.rb +669 -0
- metadata +17 -5
- data/lib/puppet/provider/aixobject.rb +0 -392
- data/spec/unit/provider/aixobject_spec.rb +0 -101
data/man/man8/puppet.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET" "8" "
|
4
|
+
.TH "PUPPET" "8" "October 2018" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\fR
|
@@ -16,4 +16,4 @@ Available subcommands:
|
|
16
16
|
agent The puppet agent daemon apply Apply Puppet manifests locally ca Local Puppet Certificate Authority management\. (Deprecated) catalog Compile, save, view, and convert catalogs\. cert Manage certificates and requests (Deprecated) certificate Provide access to the CA for certificate management\. (Deprecated) certificate_request Manage certificate requests\. (Deprecated) certificate_revocation_list Manage the list of revoked certificates\. (Deprecated) config Interact with Puppet\'s settings\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. help Display Puppet help\. key Create, save, and remove certificate keys\. (Deprecated) lookup Interactive Hiera lookup man Display Puppet manual pages\. (Deprecated) master The puppet master daemon module Creates, installs and searches for modules on the Puppet Forge\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. report Create, display, and submit reports\. resource The resource abstraction layer shell script Run a puppet manifests as a script without compiling a catalog status View puppet server status\. (Deprecated)
|
17
17
|
.
|
18
18
|
.P
|
19
|
-
See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v5\.5\.
|
19
|
+
See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v5\.5\.7
|
@@ -0,0 +1 @@
|
|
1
|
+
root:0:system:system,bin,sys,security,cron,audit,lp:/:/usr/bin/ksh:root:general:true:false:false:true:true:system:nosak:ALL:0:SYSTEM:NONE:22:files:compat:0:0:false:0:0:-1:0:0:0:0:0:0:0:8:0:0:0:-1:-1:-1:-1:-1:-1:-1:1527849270:1533085305:ssh:ssh:fd8c#!:215d#!:178e#!:12#!:290#!:fa72#!:fab2#!:882:10.10.28.247:147:This is some comment I added
|
@@ -0,0 +1 @@
|
|
1
|
+
["root", "0", "system", "system,bin,sys,security,cron,audit,lp", "/", "/usr/bin/ksh", "root", "general", "true", "false", "false", "true", "true", "system", "nosak", "ALL", "0", "SYSTEM", "NONE", "22", "files", "compat", "0", "0", "false", "0", "0", "-1", "0", "0", "0", "0", "0", "0", "0", "8", "0", "0", "0", "-1", "-1", "-1", "-1", "-1", "-1", "-1", "1527849270", "1533085305", "ssh", "ssh", "fd8c:215d:178e:12:290:fa72:fab2:882", "10.10.28.247", "147", "This is some comment I added"]
|
@@ -0,0 +1,32 @@
|
|
1
|
+
|
2
|
+
test_aix_user:
|
3
|
+
password = some_password
|
4
|
+
lastupdate = last_update
|
5
|
+
|
6
|
+
no_password_user:
|
7
|
+
lastupdate = another_last_update
|
8
|
+
|
9
|
+
daemon:
|
10
|
+
password = *
|
11
|
+
|
12
|
+
bin:
|
13
|
+
password = *
|
14
|
+
|
15
|
+
sys:
|
16
|
+
password = *
|
17
|
+
|
18
|
+
adm:
|
19
|
+
password = *
|
20
|
+
|
21
|
+
uucp:
|
22
|
+
password = *
|
23
|
+
|
24
|
+
guest:
|
25
|
+
password = *
|
26
|
+
|
27
|
+
nobody:
|
28
|
+
password = *
|
29
|
+
|
30
|
+
lpd:
|
31
|
+
password = *
|
32
|
+
|
@@ -12,6 +12,10 @@ describe 'collectors' do
|
|
12
12
|
expect(messages).to include(*expected_messages)
|
13
13
|
end
|
14
14
|
|
15
|
+
def warnings
|
16
|
+
@logs.select { |log| log.level == :warning }.map { |log| log.message }
|
17
|
+
end
|
18
|
+
|
15
19
|
context "virtual resource collection" do
|
16
20
|
it "matches everything when no query given" do
|
17
21
|
expect_the_message_to_be(["the other message", "the message"], <<-MANIFEST)
|
@@ -313,8 +317,6 @@ describe 'collectors' do
|
|
313
317
|
end
|
314
318
|
|
315
319
|
context 'when overriding an already evaluated resource' do
|
316
|
-
let(:logs) { [] }
|
317
|
-
let(:warnings) { logs.select { |log| log.level == :warning }.map { |log| log.message } }
|
318
320
|
let(:manifest) { <<-MANIFEST }
|
319
321
|
define foo($message) {
|
320
322
|
notify { "testing": message => $message }
|
@@ -326,12 +328,6 @@ describe 'collectors' do
|
|
326
328
|
delayed {'do it now': }
|
327
329
|
MANIFEST
|
328
330
|
|
329
|
-
around(:each) do |example|
|
330
|
-
Puppet::Util::Log.with_destination(Puppet::Test::LogCollector.new(logs)) do
|
331
|
-
example.run
|
332
|
-
end
|
333
|
-
end
|
334
|
-
|
335
331
|
it 'and --strict=off, it silently skips the override' do
|
336
332
|
Puppet[:strict] = :off
|
337
333
|
expect_the_message_to_be(['given'], manifest)
|
@@ -10,17 +10,17 @@ describe Puppet::Type.type(:service).provider(:windows), '(integration)',
|
|
10
10
|
Puppet::Type.type(:service).stubs(:defaultprovider).returns described_class
|
11
11
|
end
|
12
12
|
|
13
|
-
context 'should
|
13
|
+
context 'should return valid values when querying a service that does not exist' do
|
14
14
|
let(:service) do
|
15
15
|
Puppet::Type.type(:service).new(:name => 'foobarservice1234')
|
16
16
|
end
|
17
17
|
|
18
|
-
it "with
|
19
|
-
expect
|
18
|
+
it "with :false when asked if enabled" do
|
19
|
+
expect(service.provider.enabled?).to eql(:false)
|
20
20
|
end
|
21
21
|
|
22
|
-
it "with
|
23
|
-
expect
|
22
|
+
it "with :stopped when asked about status" do
|
23
|
+
expect(service.provider.status).to eql(:stopped)
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
@@ -579,7 +579,7 @@ describe Puppet::Type.type(:file), :uses_checksums => true do
|
|
579
579
|
if Puppet::Util::Platform.windows? && ['sha512', 'sha384'].include?(example.metadata[:digest_algorithm])
|
580
580
|
skip "PUP-8257: Skip file bucket test on windows for #{example.metadata[:digest_algorithm]} due to long path names"
|
581
581
|
end
|
582
|
-
|
582
|
+
|
583
583
|
bucket = Puppet::Type.type(:filebucket).new :path => tmpfile("filebucket"), :name => "mybucket"
|
584
584
|
file = described_class.new({:path => tmpfile("bucket_backs"), :backup => "mybucket", :content => "foo", :force => true}.merge(resource_options))
|
585
585
|
catalog.add_resource file
|
@@ -1283,7 +1283,7 @@ describe Puppet::Type.type(:file), :uses_checksums => true do
|
|
1283
1283
|
describe "when sourcing" do
|
1284
1284
|
it "should give a deprecation warning when the user sets source_permissions" do
|
1285
1285
|
Puppet.expects(:puppet_deprecation_warning).with(
|
1286
|
-
'The `source_permissions` parameter is deprecated. Explicitly set `owner`, `group`, and `mode`.',
|
1286
|
+
'The `source_permissions` parameter is deprecated. Explicitly set `owner`, `group`, and `mode`.',
|
1287
1287
|
{:file => 'my/file.pp', :line => 5})
|
1288
1288
|
|
1289
1289
|
catalog.add_resource described_class.new(:path => path, :content => 'this is content', :source_permissions => :use_when_creating)
|
@@ -1525,12 +1525,12 @@ describe Puppet::Type.type(:file), :uses_checksums => true do
|
|
1525
1525
|
catalog.apply
|
1526
1526
|
end
|
1527
1527
|
|
1528
|
-
it "should allow the user to explicitly set the mode to 4" do
|
1528
|
+
it "should not allow the user to explicitly set the mode to 4 ,and correct to 7" do
|
1529
1529
|
system_aces = get_aces_for_path_by_sid(path, @sids[:system])
|
1530
1530
|
expect(system_aces).not_to be_empty
|
1531
1531
|
|
1532
1532
|
system_aces.each do |ace|
|
1533
|
-
expect(ace.mask).to eq(Puppet::Util::Windows::File::
|
1533
|
+
expect(ace.mask).to eq(Puppet::Util::Windows::File::FILE_ALL_ACCESS)
|
1534
1534
|
end
|
1535
1535
|
end
|
1536
1536
|
|
@@ -1612,13 +1612,13 @@ describe Puppet::Type.type(:file), :uses_checksums => true do
|
|
1612
1612
|
catalog.apply
|
1613
1613
|
end
|
1614
1614
|
|
1615
|
-
it "should allow the user to explicitly set the mode to 4" do
|
1615
|
+
it "should not allow the user to explicitly set the mode to 4, and correct to 7" do
|
1616
1616
|
system_aces = get_aces_for_path_by_sid(dir, @sids[:system])
|
1617
1617
|
expect(system_aces).not_to be_empty
|
1618
1618
|
|
1619
1619
|
system_aces.each do |ace|
|
1620
1620
|
# unlike files, Puppet sets execute bit on directories that are readable
|
1621
|
-
expect(ace.mask).to eq(Puppet::Util::Windows::File::
|
1621
|
+
expect(ace.mask).to eq(Puppet::Util::Windows::File::FILE_ALL_ACCESS)
|
1622
1622
|
end
|
1623
1623
|
end
|
1624
1624
|
|
@@ -13,7 +13,7 @@ describe Puppet::Util::Windows::ADSI::User,
|
|
13
13
|
# HRESULT error code:0x800708ad
|
14
14
|
# The user name could not be found.
|
15
15
|
# Matching on error code alone is sufficient
|
16
|
-
expect { system.
|
16
|
+
expect { system.native_object }.to raise_error(/0x800708ad/)
|
17
17
|
end
|
18
18
|
end
|
19
19
|
|
@@ -118,7 +118,8 @@ describe Puppet::Util::Windows::ADSI::Group,
|
|
118
118
|
# create a test group and add above 5 members by SID
|
119
119
|
group = described_class.create(temp_groupname)
|
120
120
|
group.commit()
|
121
|
-
|
121
|
+
members = users.map { |u| u[:sid] }
|
122
|
+
group.set_members(members.join(','))
|
122
123
|
|
123
124
|
# most importantly make sure that all name are convertible to SIDs
|
124
125
|
expect { described_class.name_sid_hash(group.members) }.to_not raise_error
|
@@ -152,9 +153,9 @@ describe Puppet::Util::Windows::ADSI::Group,
|
|
152
153
|
admins_name = Puppet::Util::Windows::SID.sid_to_name('S-1-5-32-544')
|
153
154
|
admins = Puppet::Util::Windows::ADSI::Group.new(admins_name)
|
154
155
|
|
155
|
-
# touch the
|
156
|
-
admins.
|
157
|
-
admins.
|
156
|
+
# touch the native_object member to have it lazily loaded, so COM objects can be stubbed
|
157
|
+
admins.native_object
|
158
|
+
admins.native_object.stubs(:Members).returns(members)
|
158
159
|
|
159
160
|
# well-known NULL SID
|
160
161
|
expect(admins.members[0].sid).to eq('S-1-0-0')
|
@@ -285,10 +285,11 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
285
285
|
# access mask, and back to mode without loss of information
|
286
286
|
# (provided the owner and group are not the same)
|
287
287
|
next if ((u & g) != g) or ((g & o) != o)
|
288
|
-
|
289
|
-
|
290
|
-
|
291
|
-
|
288
|
+
applied_mode = (s << 9 | u << 6 | g << 3 | o << 0)
|
289
|
+
# SYSTEM must always be Full Control (7)
|
290
|
+
expected_mode = (s << 9 | u << 6 | 7 << 3 | o << 0)
|
291
|
+
winsec.set_mode(applied_mode, path)
|
292
|
+
expect(winsec.get_mode(path).to_s(8)).to eq(expected_mode.to_s(8))
|
292
293
|
end
|
293
294
|
end
|
294
295
|
end
|
@@ -634,9 +635,11 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
634
635
|
# access mask, and back to mode without loss of information
|
635
636
|
# (provided the owner and group are the same)
|
636
637
|
next if ((ug & o) != o)
|
637
|
-
|
638
|
-
|
639
|
-
|
638
|
+
applied_mode = (s << 9 | ug << 6 | ug << 3 | o << 0)
|
639
|
+
# SYSTEM must always be Full Control (7)
|
640
|
+
expected_mode = (s << 9 | 7 << 6 | 7 << 3 | o << 0)
|
641
|
+
winsec.set_mode(applied_mode, path)
|
642
|
+
expect(winsec.get_mode(path).to_s(8)).to eq(expected_mode.to_s(8))
|
640
643
|
end
|
641
644
|
end
|
642
645
|
end
|
@@ -6,54 +6,74 @@ describe "Puppet::Util::Windows::User", :if => Puppet.features.microsoft_windows
|
|
6
6
|
describe "2003 without UAC" do
|
7
7
|
before :each do
|
8
8
|
Puppet::Util::Windows::Process.stubs(:windows_major_version).returns(5)
|
9
|
+
Puppet::Util::Windows::Process.stubs(:supports_elevated_security?).returns(false)
|
9
10
|
end
|
10
11
|
|
11
12
|
it "should be an admin if user's token contains the Administrators SID" do
|
12
13
|
Puppet::Util::Windows::User.expects(:check_token_membership).returns(true)
|
13
|
-
Puppet::Util::Windows::Process.expects(:elevated_security?).never
|
14
14
|
|
15
15
|
expect(Puppet::Util::Windows::User).to be_admin
|
16
16
|
end
|
17
17
|
|
18
18
|
it "should not be an admin if user's token doesn't contain the Administrators SID" do
|
19
19
|
Puppet::Util::Windows::User.expects(:check_token_membership).returns(false)
|
20
|
-
Puppet::Util::Windows::Process.expects(:elevated_security?).never
|
21
20
|
|
22
21
|
expect(Puppet::Util::Windows::User).not_to be_admin
|
23
22
|
end
|
24
23
|
|
25
24
|
it "should raise an exception if we can't check token membership" do
|
26
25
|
Puppet::Util::Windows::User.expects(:check_token_membership).raises(Puppet::Util::Windows::Error, "Access denied.")
|
27
|
-
Puppet::Util::Windows::Process.expects(:elevated_security?).never
|
28
26
|
|
29
27
|
expect { Puppet::Util::Windows::User.admin? }.to raise_error(Puppet::Util::Windows::Error, /Access denied./)
|
30
28
|
end
|
31
29
|
end
|
32
30
|
|
33
|
-
|
31
|
+
context "2008 with UAC" do
|
34
32
|
before :each do
|
35
33
|
Puppet::Util::Windows::Process.stubs(:windows_major_version).returns(6)
|
34
|
+
Puppet::Util::Windows::Process.stubs(:supports_elevated_security?).returns(true)
|
36
35
|
end
|
37
36
|
|
38
|
-
|
39
|
-
|
40
|
-
|
37
|
+
describe "in local administrators group" do
|
38
|
+
before :each do
|
39
|
+
Puppet::Util::Windows::User.stubs(:check_token_membership).returns(true)
|
40
|
+
end
|
41
41
|
|
42
|
-
|
43
|
-
|
42
|
+
it "should be an admin if user is running with elevated privileges" do
|
43
|
+
Puppet::Util::Windows::Process.stubs(:elevated_security?).returns(true)
|
44
44
|
|
45
|
-
|
46
|
-
|
47
|
-
Puppet::Util::Windows::User.expects(:check_token_membership).never
|
45
|
+
expect(Puppet::Util::Windows::User).to be_admin
|
46
|
+
end
|
48
47
|
|
49
|
-
|
48
|
+
it "should not be an admin if user is not running with elevated privileges" do
|
49
|
+
Puppet::Util::Windows::Process.stubs(:elevated_security?).returns(false)
|
50
|
+
|
51
|
+
expect(Puppet::Util::Windows::User).not_to be_admin
|
52
|
+
end
|
53
|
+
|
54
|
+
it "should raise an exception if the process fails to open the process token" do
|
55
|
+
Puppet::Util::Windows::Process.stubs(:elevated_security?).raises(Puppet::Util::Windows::Error, "Access denied.")
|
56
|
+
|
57
|
+
expect { Puppet::Util::Windows::User.admin? }.to raise_error(Puppet::Util::Windows::Error, /Access denied./)
|
58
|
+
end
|
50
59
|
end
|
51
60
|
|
52
|
-
|
53
|
-
|
54
|
-
|
61
|
+
describe "not in local administrators group" do
|
62
|
+
before :each do
|
63
|
+
Puppet::Util::Windows::User.stubs(:check_token_membership).returns(false)
|
64
|
+
end
|
65
|
+
|
66
|
+
it "should not be an admin if user is running with elevated privileges" do
|
67
|
+
Puppet::Util::Windows::Process.stubs(:elevated_security?).returns(true)
|
55
68
|
|
56
|
-
|
69
|
+
expect(Puppet::Util::Windows::User).not_to be_admin
|
70
|
+
end
|
71
|
+
|
72
|
+
it "should not be an admin if user is not running with elevated privileges" do
|
73
|
+
Puppet::Util::Windows::Process.stubs(:elevated_security?).returns(false)
|
74
|
+
|
75
|
+
expect(Puppet::Util::Windows::User).not_to be_admin
|
76
|
+
end
|
57
77
|
end
|
58
78
|
end
|
59
79
|
|
data/spec/spec_helper.rb
CHANGED
@@ -117,7 +117,6 @@ RSpec.configure do |config|
|
|
117
117
|
# I suck for letting this float. --daniel 2011-04-21
|
118
118
|
Signal.stubs(:trap)
|
119
119
|
|
120
|
-
|
121
120
|
# TODO: in a more sane world, we'd move this logging redirection into our TestHelper class.
|
122
121
|
# Without doing so, external projects will all have to roll their own solution for
|
123
122
|
# redirecting logging, and for validating expected log messages. However, because the
|
@@ -7,6 +7,8 @@ require 'puppet/configurer'
|
|
7
7
|
require 'fileutils'
|
8
8
|
|
9
9
|
describe Puppet::Application::Apply do
|
10
|
+
include PuppetSpec::Files
|
11
|
+
|
10
12
|
before :each do
|
11
13
|
@apply = Puppet::Application[:apply]
|
12
14
|
Puppet::Util::Log.stubs(:newdestination)
|
@@ -91,6 +93,13 @@ describe Puppet::Application::Apply do
|
|
91
93
|
@apply.setup
|
92
94
|
end
|
93
95
|
|
96
|
+
it "sets the log destination if logdest is provided via settings" do
|
97
|
+
Puppet::Log.expects(:newdestination).with("set_via_config")
|
98
|
+
Puppet[:logdest] = "set_via_config"
|
99
|
+
|
100
|
+
@apply.setup
|
101
|
+
end
|
102
|
+
|
94
103
|
it "should set INT trap" do
|
95
104
|
Signal.expects(:trap).with(:INT)
|
96
105
|
|
@@ -172,8 +181,6 @@ describe Puppet::Application::Apply do
|
|
172
181
|
end
|
173
182
|
|
174
183
|
describe "the main command" do
|
175
|
-
include PuppetSpec::Files
|
176
|
-
|
177
184
|
before :each do
|
178
185
|
Puppet[:prerun_command] = ''
|
179
186
|
Puppet[:postrun_command] = ''
|
@@ -477,6 +484,38 @@ describe Puppet::Application::Apply do
|
|
477
484
|
end
|
478
485
|
end
|
479
486
|
|
487
|
+
describe "when really executing" do
|
488
|
+
let(:testfile) { tmpfile('secret_file_name') }
|
489
|
+
let(:resourcefile) { tmpfile('resourcefile') }
|
490
|
+
let(:classfile) { tmpfile('classfile') }
|
491
|
+
|
492
|
+
it "should not expose sensitive data in the relationship file" do
|
493
|
+
@apply.options[:code] = <<-CODE
|
494
|
+
$secret = Sensitive('cat #{testfile}')
|
495
|
+
|
496
|
+
exec { 'do it':
|
497
|
+
command => $secret,
|
498
|
+
path => '/bin/'
|
499
|
+
}
|
500
|
+
CODE
|
501
|
+
|
502
|
+
@apply.options[:write_catalog_summary] = true
|
503
|
+
|
504
|
+
Puppet.settings[:resourcefile] = resourcefile
|
505
|
+
Puppet.settings[:classfile] = classfile
|
506
|
+
|
507
|
+
#We don't actually need the resource to do anything, we are using it's properties in other parts of the workflow.
|
508
|
+
Puppet::Util::Execution.stubs(:execute)
|
509
|
+
|
510
|
+
expect { @apply.main }.to exit_with 0
|
511
|
+
|
512
|
+
result = File.read(resourcefile)
|
513
|
+
|
514
|
+
expect(result).not_to match(/secret_file_name/)
|
515
|
+
expect(result).to match(/do it/)
|
516
|
+
end
|
517
|
+
end
|
518
|
+
|
480
519
|
describe "apply_catalog" do
|
481
520
|
it "should call the configurer with the catalog" do
|
482
521
|
catalog = "I am a catalog"
|
@@ -155,6 +155,13 @@ describe Puppet::Application::Master, :unless => Puppet.features.microsoft_windo
|
|
155
155
|
@master.setup
|
156
156
|
end
|
157
157
|
end
|
158
|
+
|
159
|
+
it "sets the log destination using settings" do
|
160
|
+
Puppet::Util::Log.expects(:newdestination).with("set_via_config")
|
161
|
+
Puppet[:logdest] = "set_via_config"
|
162
|
+
|
163
|
+
@master.setup
|
164
|
+
end
|
158
165
|
end
|
159
166
|
|
160
167
|
it "should print puppet config if asked to in Puppet config" do
|
@@ -398,7 +398,6 @@ describe Puppet::Application do
|
|
398
398
|
end
|
399
399
|
|
400
400
|
describe "when calling default setup" do
|
401
|
-
|
402
401
|
before :each do
|
403
402
|
@app.options.stubs(:[])
|
404
403
|
end
|
@@ -419,6 +418,14 @@ describe Puppet::Application do
|
|
419
418
|
|
420
419
|
@app.setup
|
421
420
|
end
|
421
|
+
|
422
|
+
it "sets the log destination if provided via settings" do
|
423
|
+
@app.options.unstub(:[])
|
424
|
+
Puppet[:logdest] = "set_via_config"
|
425
|
+
Puppet::Util::Log.expects(:newdestination).with("set_via_config")
|
426
|
+
|
427
|
+
@app.setup
|
428
|
+
end
|
422
429
|
|
423
430
|
it "does not downgrade the loglevel when --verbose is specified" do
|
424
431
|
Puppet[:log_level] = :debug
|
@@ -628,7 +635,6 @@ describe Puppet::Application do
|
|
628
635
|
end
|
629
636
|
|
630
637
|
describe "#handle_logdest_arg" do
|
631
|
-
|
632
638
|
let(:test_arg) { "arg_test_logdest" }
|
633
639
|
|
634
640
|
it "should log an exception that is raised" do
|
@@ -648,6 +654,18 @@ describe Puppet::Application do
|
|
648
654
|
@app.handle_logdest_arg(test_arg)
|
649
655
|
expect(@app.options[:setdest]).to be_truthy
|
650
656
|
end
|
651
|
-
end
|
652
657
|
|
658
|
+
it "does not set the log destination if setdest is true" do
|
659
|
+
Puppet::Util::Log.expects(:newdestination).never
|
660
|
+
@app.options[:setdest] = true
|
661
|
+
|
662
|
+
@app.handle_logdest_arg(test_arg)
|
663
|
+
end
|
664
|
+
|
665
|
+
it "does not set the log destination if arg is nil" do
|
666
|
+
Puppet::Util::Log.expects(:newdestination).never
|
667
|
+
|
668
|
+
@app.handle_logdest_arg(nil)
|
669
|
+
end
|
670
|
+
end
|
653
671
|
end
|