puppet 5.5.6-x86-mingw32 → 5.5.7-x86-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (152) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +3 -1
  3. data/Gemfile.lock +12 -12
  4. data/Rakefile +9 -0
  5. data/lib/puppet/application.rb +5 -0
  6. data/lib/puppet/application/apply.rb +1 -0
  7. data/lib/puppet/application/master.rb +9 -7
  8. data/lib/puppet/application/script.rb +1 -1
  9. data/lib/puppet/defaults.rb +51 -31
  10. data/lib/puppet/etc.rb +20 -0
  11. data/lib/puppet/file_serving/fileset.rb +1 -1
  12. data/lib/puppet/functions.rb +123 -0
  13. data/lib/puppet/functions/new.rb +37 -53
  14. data/lib/puppet/functions/warning.rb +1 -1
  15. data/lib/puppet/loaders.rb +1 -0
  16. data/lib/puppet/parser/functions.rb +3 -1
  17. data/lib/puppet/parser/functions/sprintf.rb +12 -1
  18. data/lib/puppet/pops/evaluator/runtime3_converter.rb +16 -0
  19. data/lib/puppet/pops/evaluator/runtime3_support.rb +3 -4
  20. data/lib/puppet/pops/issues.rb +8 -0
  21. data/lib/puppet/pops/loader/loader.rb +2 -2
  22. data/lib/puppet/pops/loader/loader_paths.rb +3 -1
  23. data/lib/puppet/pops/loader/module_loaders.rb +1 -1
  24. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +62 -0
  25. data/lib/puppet/pops/loaders.rb +5 -21
  26. data/lib/puppet/pops/parser/heredoc_support.rb +1 -2
  27. data/lib/puppet/pops/parser/lexer2.rb +1 -1
  28. data/lib/puppet/pops/validation/checker4_0.rb +31 -6
  29. data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
  30. data/lib/puppet/property/keyvalue.rb +70 -8
  31. data/lib/puppet/provider/aix_object.rb +483 -0
  32. data/lib/puppet/provider/exec.rb +54 -57
  33. data/lib/puppet/provider/group/aix.rb +40 -115
  34. data/lib/puppet/provider/group/pw.rb +4 -8
  35. data/lib/puppet/provider/group/windows_adsi.rb +7 -4
  36. data/lib/puppet/provider/nameservice.rb +1 -25
  37. data/lib/puppet/provider/nameservice/directoryservice.rb +5 -3
  38. data/lib/puppet/provider/package/portage.rb +2 -2
  39. data/lib/puppet/provider/package/windows.rb +2 -2
  40. data/lib/puppet/provider/package/windows/exe_package.rb +3 -10
  41. data/lib/puppet/provider/package/zypper.rb +1 -1
  42. data/lib/puppet/provider/service/launchd.rb +19 -3
  43. data/lib/puppet/provider/service/windows.rb +49 -40
  44. data/lib/puppet/provider/user/aix.rb +180 -246
  45. data/lib/puppet/provider/user/windows_adsi.rb +9 -1
  46. data/lib/puppet/resource/catalog.rb +1 -5
  47. data/lib/puppet/type/augeas.rb +1 -1
  48. data/lib/puppet/type/exec.rb +16 -14
  49. data/lib/puppet/type/file.rb +2 -2
  50. data/lib/puppet/type/file/source.rb +9 -5
  51. data/lib/puppet/type/group.rb +65 -23
  52. data/lib/puppet/type/k5login.rb +2 -2
  53. data/lib/puppet/type/notify.rb +1 -1
  54. data/lib/puppet/type/package.rb +3 -6
  55. data/lib/puppet/type/resources.rb +12 -2
  56. data/lib/puppet/type/schedule.rb +8 -1
  57. data/lib/puppet/type/selboolean.rb +2 -2
  58. data/lib/puppet/type/selmodule.rb +3 -4
  59. data/lib/puppet/type/service.rb +2 -5
  60. data/lib/puppet/type/tidy.rb +1 -1
  61. data/lib/puppet/type/user.rb +15 -20
  62. data/lib/puppet/type/yumrepo.rb +2 -2
  63. data/lib/puppet/type/zone.rb +2 -2
  64. data/lib/puppet/util.rb +7 -3
  65. data/lib/puppet/util/execution.rb +15 -1
  66. data/lib/puppet/util/posix.rb +15 -0
  67. data/lib/puppet/util/storage.rb +12 -0
  68. data/lib/puppet/util/windows.rb +4 -2
  69. data/lib/puppet/util/windows/adsi.rb +235 -205
  70. data/lib/puppet/util/windows/process.rb +23 -3
  71. data/lib/puppet/util/windows/security.rb +14 -0
  72. data/lib/puppet/util/windows/service.rb +977 -0
  73. data/lib/puppet/util/windows/user.rb +3 -5
  74. data/lib/puppet/version.rb +1 -1
  75. data/locales/ja/puppet.po +705 -374
  76. data/locales/puppet.pot +485 -261
  77. data/man/man5/puppet.conf.5 +36 -15
  78. data/man/man8/puppet-agent.8 +1 -1
  79. data/man/man8/puppet-apply.8 +1 -1
  80. data/man/man8/puppet-ca.8 +1 -1
  81. data/man/man8/puppet-catalog.8 +1 -1
  82. data/man/man8/puppet-cert.8 +1 -1
  83. data/man/man8/puppet-certificate.8 +1 -1
  84. data/man/man8/puppet-certificate_request.8 +1 -1
  85. data/man/man8/puppet-certificate_revocation_list.8 +1 -1
  86. data/man/man8/puppet-config.8 +1 -1
  87. data/man/man8/puppet-describe.8 +1 -1
  88. data/man/man8/puppet-device.8 +1 -1
  89. data/man/man8/puppet-doc.8 +1 -1
  90. data/man/man8/puppet-epp.8 +1 -1
  91. data/man/man8/puppet-facts.8 +1 -1
  92. data/man/man8/puppet-filebucket.8 +1 -1
  93. data/man/man8/puppet-generate.8 +1 -1
  94. data/man/man8/puppet-help.8 +1 -1
  95. data/man/man8/puppet-key.8 +1 -1
  96. data/man/man8/puppet-lookup.8 +1 -1
  97. data/man/man8/puppet-man.8 +1 -1
  98. data/man/man8/puppet-master.8 +1 -1
  99. data/man/man8/puppet-module.8 +1 -1
  100. data/man/man8/puppet-node.8 +1 -1
  101. data/man/man8/puppet-parser.8 +1 -1
  102. data/man/man8/puppet-plugin.8 +1 -1
  103. data/man/man8/puppet-report.8 +1 -1
  104. data/man/man8/puppet-resource.8 +1 -1
  105. data/man/man8/puppet-script.8 +1 -1
  106. data/man/man8/puppet-status.8 +1 -1
  107. data/man/man8/puppet.8 +2 -2
  108. data/spec/fixtures/unit/provider/aix_object/aix_colon_list_real_world_input.out +1 -0
  109. data/spec/fixtures/unit/provider/aix_object/aix_colon_list_real_world_output.out +1 -0
  110. data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +32 -0
  111. data/spec/integration/parser/collection_spec.rb +4 -8
  112. data/spec/integration/provider/service/windows_spec.rb +5 -5
  113. data/spec/integration/type/file_spec.rb +6 -6
  114. data/spec/integration/util/windows/adsi_spec.rb +6 -5
  115. data/spec/integration/util/windows/security_spec.rb +10 -7
  116. data/spec/integration/util/windows/user_spec.rb +37 -17
  117. data/spec/spec_helper.rb +0 -1
  118. data/spec/unit/application/apply_spec.rb +41 -2
  119. data/spec/unit/application/master_spec.rb +7 -0
  120. data/spec/unit/application_spec.rb +21 -3
  121. data/spec/unit/defaults_spec.rb +20 -0
  122. data/spec/unit/etc_spec.rb +25 -0
  123. data/spec/unit/file_serving/fileset_spec.rb +11 -11
  124. data/spec/unit/gettext/config_spec.rb +1 -1
  125. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +6 -6
  126. data/spec/unit/pops/loaders/loaders_spec.rb +40 -7
  127. data/spec/unit/pops/parser/parse_heredoc_spec.rb +16 -0
  128. data/spec/unit/pops/validator/validator_spec.rb +129 -10
  129. data/spec/unit/property/keyvalue_spec.rb +97 -6
  130. data/spec/unit/provider/aix_object_spec.rb +805 -0
  131. data/spec/unit/provider/group/aix_spec.rb +57 -0
  132. data/spec/unit/provider/group/pw_spec.rb +0 -6
  133. data/spec/unit/provider/group/windows_adsi_spec.rb +34 -35
  134. data/spec/unit/provider/nameservice/directoryservice_spec.rb +2 -2
  135. data/spec/unit/provider/package/windows/exe_package_spec.rb +3 -3
  136. data/spec/unit/provider/package/windows_spec.rb +4 -4
  137. data/spec/unit/provider/service/launchd_spec.rb +19 -0
  138. data/spec/unit/provider/service/windows_spec.rb +71 -78
  139. data/spec/unit/provider/user/aix_spec.rb +162 -116
  140. data/spec/unit/provider/user/windows_adsi_spec.rb +4 -4
  141. data/spec/unit/resource/catalog_spec.rb +2 -2
  142. data/spec/unit/ssl/certificate_authority_spec.rb +0 -1
  143. data/spec/unit/type/group_spec.rb +111 -13
  144. data/spec/unit/type/resources_spec.rb +18 -0
  145. data/spec/unit/util/execution_spec.rb +77 -0
  146. data/spec/unit/util/posix_spec.rb +28 -0
  147. data/spec/unit/util/storage_spec.rb +107 -0
  148. data/spec/unit/util/windows/adsi_spec.rb +108 -13
  149. data/spec/unit/util/windows/service_spec.rb +669 -0
  150. metadata +17 -5
  151. data/lib/puppet/provider/aixobject.rb +0 -392
  152. data/spec/unit/provider/aixobject_spec.rb +0 -101
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET" "8" "August 2018" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET" "8" "October 2018" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\fR
@@ -16,4 +16,4 @@ Available subcommands:
16
16
  agent The puppet agent daemon apply Apply Puppet manifests locally ca Local Puppet Certificate Authority management\. (Deprecated) catalog Compile, save, view, and convert catalogs\. cert Manage certificates and requests (Deprecated) certificate Provide access to the CA for certificate management\. (Deprecated) certificate_request Manage certificate requests\. (Deprecated) certificate_revocation_list Manage the list of revoked certificates\. (Deprecated) config Interact with Puppet\'s settings\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. help Display Puppet help\. key Create, save, and remove certificate keys\. (Deprecated) lookup Interactive Hiera lookup man Display Puppet manual pages\. (Deprecated) master The puppet master daemon module Creates, installs and searches for modules on the Puppet Forge\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. report Create, display, and submit reports\. resource The resource abstraction layer shell script Run a puppet manifests as a script without compiling a catalog status View puppet server status\. (Deprecated)
17
17
  .
18
18
  .P
19
- See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v5\.5\.6
19
+ See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v5\.5\.7
@@ -0,0 +1 @@
1
+ root:0:system:system,bin,sys,security,cron,audit,lp:/:/usr/bin/ksh:root:general:true:false:false:true:true:system:nosak:ALL:0:SYSTEM:NONE:22:files:compat:0:0:false:0:0:-1:0:0:0:0:0:0:0:8:0:0:0:-1:-1:-1:-1:-1:-1:-1:1527849270:1533085305:ssh:ssh:fd8c#!:215d#!:178e#!:12#!:290#!:fa72#!:fab2#!:882:10.10.28.247:147:This is some comment I added
@@ -0,0 +1 @@
1
+ ["root", "0", "system", "system,bin,sys,security,cron,audit,lp", "/", "/usr/bin/ksh", "root", "general", "true", "false", "false", "true", "true", "system", "nosak", "ALL", "0", "SYSTEM", "NONE", "22", "files", "compat", "0", "0", "false", "0", "0", "-1", "0", "0", "0", "0", "0", "0", "0", "8", "0", "0", "0", "-1", "-1", "-1", "-1", "-1", "-1", "-1", "1527849270", "1533085305", "ssh", "ssh", "fd8c:215d:178e:12:290:fa72:fab2:882", "10.10.28.247", "147", "This is some comment I added"]
@@ -0,0 +1,32 @@
1
+
2
+ test_aix_user:
3
+ password = some_password
4
+ lastupdate = last_update
5
+
6
+ no_password_user:
7
+ lastupdate = another_last_update
8
+
9
+ daemon:
10
+ password = *
11
+
12
+ bin:
13
+ password = *
14
+
15
+ sys:
16
+ password = *
17
+
18
+ adm:
19
+ password = *
20
+
21
+ uucp:
22
+ password = *
23
+
24
+ guest:
25
+ password = *
26
+
27
+ nobody:
28
+ password = *
29
+
30
+ lpd:
31
+ password = *
32
+
@@ -12,6 +12,10 @@ describe 'collectors' do
12
12
  expect(messages).to include(*expected_messages)
13
13
  end
14
14
 
15
+ def warnings
16
+ @logs.select { |log| log.level == :warning }.map { |log| log.message }
17
+ end
18
+
15
19
  context "virtual resource collection" do
16
20
  it "matches everything when no query given" do
17
21
  expect_the_message_to_be(["the other message", "the message"], <<-MANIFEST)
@@ -313,8 +317,6 @@ describe 'collectors' do
313
317
  end
314
318
 
315
319
  context 'when overriding an already evaluated resource' do
316
- let(:logs) { [] }
317
- let(:warnings) { logs.select { |log| log.level == :warning }.map { |log| log.message } }
318
320
  let(:manifest) { <<-MANIFEST }
319
321
  define foo($message) {
320
322
  notify { "testing": message => $message }
@@ -326,12 +328,6 @@ describe 'collectors' do
326
328
  delayed {'do it now': }
327
329
  MANIFEST
328
330
 
329
- around(:each) do |example|
330
- Puppet::Util::Log.with_destination(Puppet::Test::LogCollector.new(logs)) do
331
- example.run
332
- end
333
- end
334
-
335
331
  it 'and --strict=off, it silently skips the override' do
336
332
  Puppet[:strict] = :off
337
333
  expect_the_message_to_be(['given'], manifest)
@@ -10,17 +10,17 @@ describe Puppet::Type.type(:service).provider(:windows), '(integration)',
10
10
  Puppet::Type.type(:service).stubs(:defaultprovider).returns described_class
11
11
  end
12
12
 
13
- context 'should fail querying services that do not exist' do
13
+ context 'should return valid values when querying a service that does not exist' do
14
14
  let(:service) do
15
15
  Puppet::Type.type(:service).new(:name => 'foobarservice1234')
16
16
  end
17
17
 
18
- it "with a Puppet::Error when querying enabled?" do
19
- expect { service.provider.enabled? }.to raise_error(Puppet::Error)
18
+ it "with :false when asked if enabled" do
19
+ expect(service.provider.enabled?).to eql(:false)
20
20
  end
21
21
 
22
- it "with a Puppet::Error when querying status" do
23
- expect { service.provider.status }.to raise_error(Puppet::Error)
22
+ it "with :stopped when asked about status" do
23
+ expect(service.provider.status).to eql(:stopped)
24
24
  end
25
25
  end
26
26
 
@@ -579,7 +579,7 @@ describe Puppet::Type.type(:file), :uses_checksums => true do
579
579
  if Puppet::Util::Platform.windows? && ['sha512', 'sha384'].include?(example.metadata[:digest_algorithm])
580
580
  skip "PUP-8257: Skip file bucket test on windows for #{example.metadata[:digest_algorithm]} due to long path names"
581
581
  end
582
-
582
+
583
583
  bucket = Puppet::Type.type(:filebucket).new :path => tmpfile("filebucket"), :name => "mybucket"
584
584
  file = described_class.new({:path => tmpfile("bucket_backs"), :backup => "mybucket", :content => "foo", :force => true}.merge(resource_options))
585
585
  catalog.add_resource file
@@ -1283,7 +1283,7 @@ describe Puppet::Type.type(:file), :uses_checksums => true do
1283
1283
  describe "when sourcing" do
1284
1284
  it "should give a deprecation warning when the user sets source_permissions" do
1285
1285
  Puppet.expects(:puppet_deprecation_warning).with(
1286
- 'The `source_permissions` parameter is deprecated. Explicitly set `owner`, `group`, and `mode`.',
1286
+ 'The `source_permissions` parameter is deprecated. Explicitly set `owner`, `group`, and `mode`.',
1287
1287
  {:file => 'my/file.pp', :line => 5})
1288
1288
 
1289
1289
  catalog.add_resource described_class.new(:path => path, :content => 'this is content', :source_permissions => :use_when_creating)
@@ -1525,12 +1525,12 @@ describe Puppet::Type.type(:file), :uses_checksums => true do
1525
1525
  catalog.apply
1526
1526
  end
1527
1527
 
1528
- it "should allow the user to explicitly set the mode to 4" do
1528
+ it "should not allow the user to explicitly set the mode to 4 ,and correct to 7" do
1529
1529
  system_aces = get_aces_for_path_by_sid(path, @sids[:system])
1530
1530
  expect(system_aces).not_to be_empty
1531
1531
 
1532
1532
  system_aces.each do |ace|
1533
- expect(ace.mask).to eq(Puppet::Util::Windows::File::FILE_GENERIC_READ)
1533
+ expect(ace.mask).to eq(Puppet::Util::Windows::File::FILE_ALL_ACCESS)
1534
1534
  end
1535
1535
  end
1536
1536
 
@@ -1612,13 +1612,13 @@ describe Puppet::Type.type(:file), :uses_checksums => true do
1612
1612
  catalog.apply
1613
1613
  end
1614
1614
 
1615
- it "should allow the user to explicitly set the mode to 4" do
1615
+ it "should not allow the user to explicitly set the mode to 4, and correct to 7" do
1616
1616
  system_aces = get_aces_for_path_by_sid(dir, @sids[:system])
1617
1617
  expect(system_aces).not_to be_empty
1618
1618
 
1619
1619
  system_aces.each do |ace|
1620
1620
  # unlike files, Puppet sets execute bit on directories that are readable
1621
- expect(ace.mask).to eq(Puppet::Util::Windows::File::FILE_GENERIC_READ | Puppet::Util::Windows::File::FILE_GENERIC_EXECUTE)
1621
+ expect(ace.mask).to eq(Puppet::Util::Windows::File::FILE_ALL_ACCESS)
1622
1622
  end
1623
1623
  end
1624
1624
 
@@ -13,7 +13,7 @@ describe Puppet::Util::Windows::ADSI::User,
13
13
  # HRESULT error code:0x800708ad
14
14
  # The user name could not be found.
15
15
  # Matching on error code alone is sufficient
16
- expect { system.native_user }.to raise_error(/0x800708ad/)
16
+ expect { system.native_object }.to raise_error(/0x800708ad/)
17
17
  end
18
18
  end
19
19
 
@@ -118,7 +118,8 @@ describe Puppet::Util::Windows::ADSI::Group,
118
118
  # create a test group and add above 5 members by SID
119
119
  group = described_class.create(temp_groupname)
120
120
  group.commit()
121
- group.set_members(users.map { |u| u[:sid]} )
121
+ members = users.map { |u| u[:sid] }
122
+ group.set_members(members.join(','))
122
123
 
123
124
  # most importantly make sure that all name are convertible to SIDs
124
125
  expect { described_class.name_sid_hash(group.members) }.to_not raise_error
@@ -152,9 +153,9 @@ describe Puppet::Util::Windows::ADSI::Group,
152
153
  admins_name = Puppet::Util::Windows::SID.sid_to_name('S-1-5-32-544')
153
154
  admins = Puppet::Util::Windows::ADSI::Group.new(admins_name)
154
155
 
155
- # touch the native_group member to have it lazily loaded, so COM objects can be stubbed
156
- admins.native_group
157
- admins.native_group.stubs(:Members).returns(members)
156
+ # touch the native_object member to have it lazily loaded, so COM objects can be stubbed
157
+ admins.native_object
158
+ admins.native_object.stubs(:Members).returns(members)
158
159
 
159
160
  # well-known NULL SID
160
161
  expect(admins.members[0].sid).to eq('S-1-0-0')
@@ -285,10 +285,11 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
285
285
  # access mask, and back to mode without loss of information
286
286
  # (provided the owner and group are not the same)
287
287
  next if ((u & g) != g) or ((g & o) != o)
288
-
289
- mode = (s << 9 | u << 6 | g << 3 | o << 0)
290
- winsec.set_mode(mode, path)
291
- expect(winsec.get_mode(path).to_s(8)).to eq(mode.to_s(8))
288
+ applied_mode = (s << 9 | u << 6 | g << 3 | o << 0)
289
+ # SYSTEM must always be Full Control (7)
290
+ expected_mode = (s << 9 | u << 6 | 7 << 3 | o << 0)
291
+ winsec.set_mode(applied_mode, path)
292
+ expect(winsec.get_mode(path).to_s(8)).to eq(expected_mode.to_s(8))
292
293
  end
293
294
  end
294
295
  end
@@ -634,9 +635,11 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
634
635
  # access mask, and back to mode without loss of information
635
636
  # (provided the owner and group are the same)
636
637
  next if ((ug & o) != o)
637
- mode = (s << 9 | ug << 6 | ug << 3 | o << 0)
638
- winsec.set_mode(mode, path)
639
- expect(winsec.get_mode(path).to_s(8)).to eq(mode.to_s(8))
638
+ applied_mode = (s << 9 | ug << 6 | ug << 3 | o << 0)
639
+ # SYSTEM must always be Full Control (7)
640
+ expected_mode = (s << 9 | 7 << 6 | 7 << 3 | o << 0)
641
+ winsec.set_mode(applied_mode, path)
642
+ expect(winsec.get_mode(path).to_s(8)).to eq(expected_mode.to_s(8))
640
643
  end
641
644
  end
642
645
  end
@@ -6,54 +6,74 @@ describe "Puppet::Util::Windows::User", :if => Puppet.features.microsoft_windows
6
6
  describe "2003 without UAC" do
7
7
  before :each do
8
8
  Puppet::Util::Windows::Process.stubs(:windows_major_version).returns(5)
9
+ Puppet::Util::Windows::Process.stubs(:supports_elevated_security?).returns(false)
9
10
  end
10
11
 
11
12
  it "should be an admin if user's token contains the Administrators SID" do
12
13
  Puppet::Util::Windows::User.expects(:check_token_membership).returns(true)
13
- Puppet::Util::Windows::Process.expects(:elevated_security?).never
14
14
 
15
15
  expect(Puppet::Util::Windows::User).to be_admin
16
16
  end
17
17
 
18
18
  it "should not be an admin if user's token doesn't contain the Administrators SID" do
19
19
  Puppet::Util::Windows::User.expects(:check_token_membership).returns(false)
20
- Puppet::Util::Windows::Process.expects(:elevated_security?).never
21
20
 
22
21
  expect(Puppet::Util::Windows::User).not_to be_admin
23
22
  end
24
23
 
25
24
  it "should raise an exception if we can't check token membership" do
26
25
  Puppet::Util::Windows::User.expects(:check_token_membership).raises(Puppet::Util::Windows::Error, "Access denied.")
27
- Puppet::Util::Windows::Process.expects(:elevated_security?).never
28
26
 
29
27
  expect { Puppet::Util::Windows::User.admin? }.to raise_error(Puppet::Util::Windows::Error, /Access denied./)
30
28
  end
31
29
  end
32
30
 
33
- describe "2008 with UAC" do
31
+ context "2008 with UAC" do
34
32
  before :each do
35
33
  Puppet::Util::Windows::Process.stubs(:windows_major_version).returns(6)
34
+ Puppet::Util::Windows::Process.stubs(:supports_elevated_security?).returns(true)
36
35
  end
37
36
 
38
- it "should be an admin if user is running with elevated privileges" do
39
- Puppet::Util::Windows::Process.stubs(:elevated_security?).returns(true)
40
- Puppet::Util::Windows::User.expects(:check_token_membership).never
37
+ describe "in local administrators group" do
38
+ before :each do
39
+ Puppet::Util::Windows::User.stubs(:check_token_membership).returns(true)
40
+ end
41
41
 
42
- expect(Puppet::Util::Windows::User).to be_admin
43
- end
42
+ it "should be an admin if user is running with elevated privileges" do
43
+ Puppet::Util::Windows::Process.stubs(:elevated_security?).returns(true)
44
44
 
45
- it "should not be an admin if user is not running with elevated privileges" do
46
- Puppet::Util::Windows::Process.stubs(:elevated_security?).returns(false)
47
- Puppet::Util::Windows::User.expects(:check_token_membership).never
45
+ expect(Puppet::Util::Windows::User).to be_admin
46
+ end
48
47
 
49
- expect(Puppet::Util::Windows::User).not_to be_admin
48
+ it "should not be an admin if user is not running with elevated privileges" do
49
+ Puppet::Util::Windows::Process.stubs(:elevated_security?).returns(false)
50
+
51
+ expect(Puppet::Util::Windows::User).not_to be_admin
52
+ end
53
+
54
+ it "should raise an exception if the process fails to open the process token" do
55
+ Puppet::Util::Windows::Process.stubs(:elevated_security?).raises(Puppet::Util::Windows::Error, "Access denied.")
56
+
57
+ expect { Puppet::Util::Windows::User.admin? }.to raise_error(Puppet::Util::Windows::Error, /Access denied./)
58
+ end
50
59
  end
51
60
 
52
- it "should raise an exception if the process fails to open the process token" do
53
- Puppet::Util::Windows::Process.stubs(:elevated_security?).raises(Puppet::Util::Windows::Error, "Access denied.")
54
- Puppet::Util::Windows::User.expects(:check_token_membership).never
61
+ describe "not in local administrators group" do
62
+ before :each do
63
+ Puppet::Util::Windows::User.stubs(:check_token_membership).returns(false)
64
+ end
65
+
66
+ it "should not be an admin if user is running with elevated privileges" do
67
+ Puppet::Util::Windows::Process.stubs(:elevated_security?).returns(true)
55
68
 
56
- expect { Puppet::Util::Windows::User.admin? }.to raise_error(Puppet::Util::Windows::Error, /Access denied./)
69
+ expect(Puppet::Util::Windows::User).not_to be_admin
70
+ end
71
+
72
+ it "should not be an admin if user is not running with elevated privileges" do
73
+ Puppet::Util::Windows::Process.stubs(:elevated_security?).returns(false)
74
+
75
+ expect(Puppet::Util::Windows::User).not_to be_admin
76
+ end
57
77
  end
58
78
  end
59
79
 
@@ -117,7 +117,6 @@ RSpec.configure do |config|
117
117
  # I suck for letting this float. --daniel 2011-04-21
118
118
  Signal.stubs(:trap)
119
119
 
120
-
121
120
  # TODO: in a more sane world, we'd move this logging redirection into our TestHelper class.
122
121
  # Without doing so, external projects will all have to roll their own solution for
123
122
  # redirecting logging, and for validating expected log messages. However, because the
@@ -7,6 +7,8 @@ require 'puppet/configurer'
7
7
  require 'fileutils'
8
8
 
9
9
  describe Puppet::Application::Apply do
10
+ include PuppetSpec::Files
11
+
10
12
  before :each do
11
13
  @apply = Puppet::Application[:apply]
12
14
  Puppet::Util::Log.stubs(:newdestination)
@@ -91,6 +93,13 @@ describe Puppet::Application::Apply do
91
93
  @apply.setup
92
94
  end
93
95
 
96
+ it "sets the log destination if logdest is provided via settings" do
97
+ Puppet::Log.expects(:newdestination).with("set_via_config")
98
+ Puppet[:logdest] = "set_via_config"
99
+
100
+ @apply.setup
101
+ end
102
+
94
103
  it "should set INT trap" do
95
104
  Signal.expects(:trap).with(:INT)
96
105
 
@@ -172,8 +181,6 @@ describe Puppet::Application::Apply do
172
181
  end
173
182
 
174
183
  describe "the main command" do
175
- include PuppetSpec::Files
176
-
177
184
  before :each do
178
185
  Puppet[:prerun_command] = ''
179
186
  Puppet[:postrun_command] = ''
@@ -477,6 +484,38 @@ describe Puppet::Application::Apply do
477
484
  end
478
485
  end
479
486
 
487
+ describe "when really executing" do
488
+ let(:testfile) { tmpfile('secret_file_name') }
489
+ let(:resourcefile) { tmpfile('resourcefile') }
490
+ let(:classfile) { tmpfile('classfile') }
491
+
492
+ it "should not expose sensitive data in the relationship file" do
493
+ @apply.options[:code] = <<-CODE
494
+ $secret = Sensitive('cat #{testfile}')
495
+
496
+ exec { 'do it':
497
+ command => $secret,
498
+ path => '/bin/'
499
+ }
500
+ CODE
501
+
502
+ @apply.options[:write_catalog_summary] = true
503
+
504
+ Puppet.settings[:resourcefile] = resourcefile
505
+ Puppet.settings[:classfile] = classfile
506
+
507
+ #We don't actually need the resource to do anything, we are using it's properties in other parts of the workflow.
508
+ Puppet::Util::Execution.stubs(:execute)
509
+
510
+ expect { @apply.main }.to exit_with 0
511
+
512
+ result = File.read(resourcefile)
513
+
514
+ expect(result).not_to match(/secret_file_name/)
515
+ expect(result).to match(/do it/)
516
+ end
517
+ end
518
+
480
519
  describe "apply_catalog" do
481
520
  it "should call the configurer with the catalog" do
482
521
  catalog = "I am a catalog"
@@ -155,6 +155,13 @@ describe Puppet::Application::Master, :unless => Puppet.features.microsoft_windo
155
155
  @master.setup
156
156
  end
157
157
  end
158
+
159
+ it "sets the log destination using settings" do
160
+ Puppet::Util::Log.expects(:newdestination).with("set_via_config")
161
+ Puppet[:logdest] = "set_via_config"
162
+
163
+ @master.setup
164
+ end
158
165
  end
159
166
 
160
167
  it "should print puppet config if asked to in Puppet config" do
@@ -398,7 +398,6 @@ describe Puppet::Application do
398
398
  end
399
399
 
400
400
  describe "when calling default setup" do
401
-
402
401
  before :each do
403
402
  @app.options.stubs(:[])
404
403
  end
@@ -419,6 +418,14 @@ describe Puppet::Application do
419
418
 
420
419
  @app.setup
421
420
  end
421
+
422
+ it "sets the log destination if provided via settings" do
423
+ @app.options.unstub(:[])
424
+ Puppet[:logdest] = "set_via_config"
425
+ Puppet::Util::Log.expects(:newdestination).with("set_via_config")
426
+
427
+ @app.setup
428
+ end
422
429
 
423
430
  it "does not downgrade the loglevel when --verbose is specified" do
424
431
  Puppet[:log_level] = :debug
@@ -628,7 +635,6 @@ describe Puppet::Application do
628
635
  end
629
636
 
630
637
  describe "#handle_logdest_arg" do
631
-
632
638
  let(:test_arg) { "arg_test_logdest" }
633
639
 
634
640
  it "should log an exception that is raised" do
@@ -648,6 +654,18 @@ describe Puppet::Application do
648
654
  @app.handle_logdest_arg(test_arg)
649
655
  expect(@app.options[:setdest]).to be_truthy
650
656
  end
651
- end
652
657
 
658
+ it "does not set the log destination if setdest is true" do
659
+ Puppet::Util::Log.expects(:newdestination).never
660
+ @app.options[:setdest] = true
661
+
662
+ @app.handle_logdest_arg(test_arg)
663
+ end
664
+
665
+ it "does not set the log destination if arg is nil" do
666
+ Puppet::Util::Log.expects(:newdestination).never
667
+
668
+ @app.handle_logdest_arg(nil)
669
+ end
670
+ end
653
671
  end