puppet 5.5.6 → 5.5.7

data/spec/unit/provider/user/aix_spec.rb

@@ -1,169 +1,215 @@
 require 'spec_helper'
 
-provider_class = Puppet::Type.type(:user).provider(:aix)
-
-describe provider_class do
-
-  let(:lsuser_all_example) do
-    <<-OUTPUT
-root id=0 pgrp=system groups=system,bin,sys,security,cron,audit,lp home=/root shell=/usr/bin/bash auditclasses=general login=true su=true rlogin=true daemon=true admin=true sugroups=ALL admgroups=lolt,allstaff tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=files SYSTEM=compat logintimes= loginretries=0 pwdwarntime=0 account_locked=false minage=0 maxage=0 maxexpired=-1 minalpha=0 minother=0 mindiff=0 maxrepeats=8 minlen=0 histexpire=0 histsize=0 pwdchecks= dictionlist= default_roles= fsize=2097151 cpu=-1 data=262144 stack=65536 core=2097151 rss=65536 nofiles=2000 time_last_login=1358465855 time_last_unsuccessful_login=1358378454 tty_last_login=ssh tty_last_unsuccessful_login=ssh host_last_login=rpm-builder.puppetlabs.lan host_last_unsuccessful_login=192.168.100.78 unsuccessful_login_count=0 roles=
-guest id=100 pgrp=usr groups=usr home=/home/guest login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=files SYSTEM=compat logintimes= loginretries=0 pwdwarntime=0 account_locked=false minage=0 maxage=0 maxexpired=-1 minalpha=0 minother=0 mindiff=0 maxrepeats=8 minlen=0 histexpire=0 histsize=0 pwdchecks= dictionlist= default_roles= fsize=2097151 cpu=-1 data=262144 stack=65536 core=2097151 rss=65536 nofiles=2000 roles=
-    OUTPUT
+describe 'Puppet::Type::User::Provider::Aix' do
+  let(:provider_class) { Puppet::Type.type(:user).provider(:aix) }
+  let(:group_provider_class) { Puppet::Type.type(:group).provider(:aix) }
+
+  let(:resource) do
+    Puppet::Type.type(:user).new(
+      :name   => 'test_aix_user',
+      :ensure => :present
+    )
   end
-
-  let(:lsgroup_all_example) do
-    <<-OUTPUT
-root id=0 pgrp=system groups=system,bin,sys,security,cron,audit,lp home=/root shell=/usr/bin/bash
-guest id=100 pgrp=usr groups=usr home=/home/guest
-    OUTPUT
+  let(:provider) do
+    provider_class.new(resource)
   end
 
-  before do
-    @resource = stub('resource')
-    @provider = provider_class.new(@resource)
+  describe '.pgrp_to_gid' do
+    it "finds the primary group's gid" do
+      provider.stubs(:ia_module_args).returns(['-R', 'module'])
+
+      group_provider_class.expects(:list_all)
+        .with(provider.ia_module_args)
+        .returns([{ :name => 'group', :id => 1}])
+
+      expect(provider_class.pgrp_to_gid(provider, 'group')).to eql(1)
+    end
   end
 
-  it "should be able to return a group name based on a group ID" do
-    @provider.stubs(:lsgroupscmd)
+  describe '.gid_to_pgrp' do
+    it "finds the gid's primary group" do
+      provider.stubs(:ia_module_args).returns(['-R', 'module'])
 
-    @provider.stubs(:execute).returns(lsgroup_all_example)
+      group_provider_class.expects(:list_all)
+        .with(provider.ia_module_args)
+        .returns([{ :name => 'group', :id => 1}])
 
-    expect(@provider.groupname_by_id(100)).to eq('guest')
+      expect(provider_class.gid_to_pgrp(provider, 1)).to eql('group')
+    end
   end
 
-  it "should be able to list all users" do
-    provider_class.stubs(:command)
+  describe '.expires_to_expiry' do
+    it 'returns absent if expires is 0' do
+      expect(provider_class.expires_to_expiry(provider, '0')).to eql(:absent)
+    end
 
-    provider_class.stubs(:execute).returns(lsuser_all_example)
+    it 'returns absent if the expiry attribute is not formatted properly' do
+      expect(provider_class.expires_to_expiry(provider, 'bad_format')).to eql(:absent)
+    end
 
-    expect(provider_class.list_all).to eq(['root', 'guest'])
+    it 'returns the password expiration date' do
+      expect(provider_class.expires_to_expiry(provider, '0910122314')).to eql('2014-09-10')
+    end
   end
 
-  describe "#managed_attribute_keys" do
-    let(:existing_attributes) do
-      { :account_locked => 'false',
-        :admin => 'false',
-        :login => 'true',
-        'su' => 'true'
-      }
+  describe '.expiry_to_expires' do
+    it 'returns 0 if the expiry date is 0000-00-00' do
+      expect(provider_class.expiry_to_expires('0000-00-00')).to eql('0')
     end
 
-    before(:each) do
-      original_parameters = { :attributes => attribute_array }
-      @resource.stubs(:original_parameters).returns(original_parameters)
+    it 'returns 0 if the expiry date is "absent"' do
+      expect(provider_class.expiry_to_expires('absent')).to eql('0')
     end
 
-    describe "invoked via manifest" do
-      let(:attribute_array) { ["rlogin=false", "login =true"] }
-      let(:single_attribute_array) { "rlogin=false" }
+    it 'returns 0 if the expiry date is :absent' do
+      expect(provider_class.expiry_to_expires(:absent)).to eql('0')
+    end
 
-      it "should return only the keys of the attribute key=value pair from manifest" do
-        keys = @provider.managed_attribute_keys(existing_attributes)
-        expect(keys).to be_include(:rlogin)
-        expect(keys).to be_include(:login)
-        expect(keys).not_to be_include(:su)
-      end
+    it 'returns the expires attribute value' do
+      expect(provider_class.expiry_to_expires('2014-09-10')).to eql('0910000014')
+    end
+  end
 
-      it "should strip spaces from symbols" do
-        keys = @provider.managed_attribute_keys(existing_attributes)
-        expect(keys).to be_include(:login)
-        expect(keys).not_to be_include(:"login ")
-      end
+  describe '.groups_attribute_to_property' do
+    it "reads the user's groups from the etc/groups file" do
+      groups = ['system', 'adm']
+      Puppet::Util::POSIX.stubs(:groups_of).with(resource[:name]).returns(groups)
 
-      it "should have the same count as that from the manifest" do
-        keys = @provider.managed_attribute_keys(existing_attributes)
-        expect(keys.size).to eq(attribute_array.size)
-      end
+      actual_groups = provider_class.groups_attribute_to_property(provider, 'unused_value')
+      expected_groups = groups.join(',')
 
-      it "should convert the keys to symbols" do
-        keys = @provider.managed_attribute_keys(existing_attributes)
-        all_symbols = keys.all? {|k| k.is_a? Symbol}
-        expect(all_symbols).to be_truthy
-      end
+      expect(actual_groups).to eql(expected_groups)
+    end
+  end
 
-      it "should allow a single attribute to be specified" do
-        @resource.stubs(:original_parameters).returns({ :attributes => single_attribute_array })
-        keys = @provider.managed_attribute_keys(existing_attributes)
-        expect(keys).to be_include(:rlogin)
+  describe '.groups_property_to_attribute' do
+    it 'raises an ArgumentError if the groups are space-separated' do
+      groups = "foo bar baz"
+      expect do
+        provider_class.groups_property_to_attribute(groups)
+      end.to raise_error do |error|
+        expect(error).to be_a(ArgumentError)
+
+        expect(error.message).to match(groups)
+        expect(error.message).to match("Groups")
       end
     end
+  end
 
-    describe "invoked via RAL" do
-      let(:attribute_array) { nil }
+  describe '#gid=' do
+    let(:value) { 'new_pgrp' }
 
-      it "should return the keys in supplied hash" do
-        keys = @provider.managed_attribute_keys(existing_attributes)
-        expect(keys).not_to be_include(:rlogin)
-        expect(keys).to be_include(:login)
-        expect(keys).to be_include(:su)
-      end
+    let(:old_pgrp) { 'old_pgrp' }
+    let(:cur_groups) { 'system,adm' }
+    before(:each) do
+      provider.stubs(:gid).returns(old_pgrp)
+      provider.stubs(:groups).returns(cur_groups)
+      provider.stubs(:set)
+    end
+
+    it 'raises a Puppet::Error if it fails to set the groups property' do
+      provider.stubs(:set)
+        .with(:groups, cur_groups)
+        .raises(Puppet::ExecutionFailure, 'failed to reset the groups!')
 
-      it "should convert the keys to symbols" do
-        keys = @provider.managed_attribute_keys(existing_attributes)
-        all_symbols = keys.all? {|k| k.is_a? Symbol}
-        expect(all_symbols).to be_truthy
+      expect { provider.gid = value }.to raise_error do |error|
+        expect(error).to be_a(Puppet::Error)
+
+        expect(error.message).to match('groups')
+        expect(error.message).to match(cur_groups)
+        expect(error.message).to match(old_pgrp)
+        expect(error.message).to match(value)
       end
     end
   end
 
-  describe "#should_include?" do
-    it "should exclude keys translated into something else" do
-      managed_keys = [:rlogin]
-      @provider.class.attribute_mapping_from.stubs(:include?).with(:rlogin).returns(true)
-      @provider.class.stubs(:attribute_ignore).returns([])
-      expect(@provider.should_include?(:rlogin, managed_keys)).to be_falsey
+  describe '#parse_password' do
+    def call_parse_password
+      File.open(my_fixture('aix_passwd_file.out')) do |f|
+        provider.parse_password(f)
+      end
     end
 
-    it "should exclude keys explicitly ignored" do
-      managed_keys = [:rlogin]
-      @provider.class.attribute_mapping_from.stubs(:include?).with(:rlogin).returns(false)
-      @provider.class.stubs(:attribute_ignore).returns([:rlogin])
-      expect(@provider.should_include?(:rlogin, managed_keys)).to be_falsey
+    it "returns :absent if the user stanza doesn't exist" do
+      resource[:name] = 'nonexistent_user'
+      expect(call_parse_password).to eql(:absent)
     end
 
-    it "should exclude keys not specified in manifest" do
-      managed_keys = [:su]
-      @provider.class.attribute_mapping_from.stubs(:include?).with(:rlogin).returns(false)
-      @provider.class.stubs(:attribute_ignore).returns([])
-      expect(@provider.should_include?(:rlogin, managed_keys)).to be_falsey
+    it "returns absent if the user does not have a password" do
+      resource[:name] = 'no_password_user'
+      expect(call_parse_password).to eql(:absent)
     end
 
-    it "should include keys specified in manifest if not translated or ignored" do
-      managed_keys = [:rlogin]
-      @provider.class.attribute_mapping_from.stubs(:include?).with(:rlogin).returns(false)
-      @provider.class.stubs(:attribute_ignore).returns([])
-      expect(@provider.should_include?(:rlogin, managed_keys)).to be_truthy
+    it "returns the user's password" do
+      expect(call_parse_password).to eql('some_password')
     end
   end
-  describe "when handling passwords" do
-    let(:passwd_without_spaces) do
-        # from http://pic.dhe.ibm.com/infocenter/aix/v7r1/index.jsp?topic=%2Fcom.ibm.aix.files%2Fdoc%2Faixfiles%2Fpasswd_security.htm
-        <<-OUTPUT
-smith:
-  password = MGURSj.F056Dj
-  lastupdate = 623078865
-  flags = ADMIN,NOCHECK
-        OUTPUT
+
+  # TODO: If we move from using Mocha to rspec's mocks,
+  # or a better and more robust mocking library, we should
+  # remove #parse_password and copy over its tests to here.
+  describe '#password' do
+  end
+
+  describe '#password=' do
+    let(:mock_tempfile) do
+      mock_tempfile_obj = mock()
+      mock_tempfile_obj.stubs(:<<)
+      mock_tempfile_obj.stubs(:close)
+      mock_tempfile_obj.stubs(:delete)
+      mock_tempfile_obj.stubs(:path).returns('tempfile_path')
+
+      Tempfile.stubs(:new)
+        .with("puppet_#{provider.name}_pw", :encoding => Encoding::ASCII)
+        .returns(mock_tempfile_obj)
+
+      mock_tempfile_obj
+    end
+    let(:cmd) do
+      [provider.class.command(:chpasswd), *provider.ia_module_args, '-e', '-c']
+    end
+    let(:execute_options) do
+      {
+        :failonfail => false,
+        :combine => true,
+        :stdinfile => mock_tempfile.path
+      }
     end
 
-    let(:passwd_with_spaces) do
-        # add trailing space to the password
-        passwd_without_spaces.gsub(/password = (.*)/, 'password = \1   ')
+    it 'raises a Puppet::Error if chpasswd fails' do
+      provider.stubs(:execute).with(cmd, execute_options).returns("failed to change passwd!")
+      expect { provider.password = 'foo' }.to raise_error do |error|
+        expect(error).to be_a(Puppet::Error)
+        expect(error.message).to match("failed to change passwd!")
+      end
+    end
+
+    it "changes the user's password" do
+      provider.expects(:execute).with(cmd, execute_options).returns("")
+      provider.password = 'foo'
     end
 
+    it "closes and deletes the tempfile" do
+      provider.stubs(:execute).with(cmd, execute_options).returns("")
 
-    it "should be able to read the hashed password" do
-      @provider.stubs(:open_security_passwd).returns(StringIO.new(passwd_without_spaces))
-      @resource.stubs(:[]).returns('smith')
+      mock_tempfile.expects(:close).times(2)
+      mock_tempfile.expects(:delete)
 
-      expect(@provider.password).to eq('MGURSj.F056Dj')
+      provider.password = 'foo'
     end
+  end
+
+  describe '#create' do
+    it 'should create the user' do
+      provider.resource.stubs(:should).with(anything).returns(nil)
+      provider.resource.stubs(:should).with(:groups).returns('g1,g2')
+      provider.resource.stubs(:should).with(:password).returns('password')
 
-    it "should be able to read the hashed password, even with trailing spaces" do
-      @provider.stubs(:open_security_passwd).returns(StringIO.new(passwd_with_spaces))
-      @resource.stubs(:[]).returns('smith')
+      provider.expects(:execute)
+      provider.expects(:groups=).with('g1,g2')
+      provider.expects(:password=).with('password')
 
-      expect(@provider.password).to eq('MGURSj.F056Dj')
+      provider.create
     end
   end
 end

data/spec/unit/provider/user/windows_adsi_spec.rb

@@ -218,6 +218,9 @@ describe Puppet::Type.type(:user).provider(:windows_adsi), :if => Puppet.feature
     end
 
     it "should set a user's password" do
+      provider.user.expects(:disabled?).returns(false)
+      provider.user.expects(:locked_out?).returns(false)
+      provider.user.expects(:expired?).returns(false)
       provider.user.expects(:password=).with('plaintextbad')
 
       provider.password = "plaintextbad"
@@ -259,10 +262,7 @@ describe Puppet::Type.type(:user).provider(:windows_adsi), :if => Puppet.feature
       connection.expects(:Put).with('UserFlags', true)
       connection.expects(:SetInfo).raises( WIN32OLERuntimeError.new("(in OLE method `SetInfo': )\n    OLE error code:8007089A in Active Directory\n      The specified username is invalid.\r\n\n    HRESULT error code:0x80020009\n      Exception occurred."))
 
-      expect{ provider.create }.to raise_error(
-        Puppet::Error,
-        /not able to create\/delete domain users/
-      )
+      expect{ provider.create }.to raise_error(Puppet::Error)
     end
   end
 

data/spec/unit/resource/catalog_spec.rb

@@ -48,8 +48,8 @@ describe Puppet::Resource::Catalog, "when compiling" do
     catalog.add_resource(res, res2, res3, res4, comp_res)
     catalog.write_resource_file
     expect(File.readlines(resourcefile).map(&:chomp)).to match_array([
-      "file[#{File.expand_path('/tmp/sam')}]",
-      "exec[#{File.expand_path('/bin/rm')} -rf /]"
+      "file[#{res.title.downcase}]",
+      "exec[#{res2.title.downcase}]"
     ])
   end
 

data/spec/unit/ssl/certificate_authority_spec.rb

@@ -943,7 +943,6 @@ describe Puppet::SSL::CertificateAuthority do
         end
 
         it "should be deprecated" do
-          Puppet.expects(:deprecation_warning).with(regexp_matches(/Accessing 'cacert' as a setting is deprecated/))
           Puppet.expects(:deprecation_warning).with(regexp_matches(/certificate_is_alive\? is deprecated/))
           @ca.certificate_is_alive?(@cert)
         end

data/spec/unit/type/group_spec.rb

@@ -2,8 +2,21 @@
 require 'spec_helper'
 
 describe Puppet::Type.type(:group) do
-  before do
+  let(:mock_group_provider) do
+    described_class.provide(:mock_group_provider) do
+      has_features :manages_members
+      mk_resource_methods
+      def create; end
+      def delete; end
+      def exists?; get(:ensure) != :absent; end
+      def flush; end
+      def self.instances; []; end
+    end
+  end
+
+  before(:each) do
     @class = Puppet::Type.type(:group)
+    described_class.stubs(:defaultprovider).returns mock_group_provider
   end
 
   it "should have a system_groups feature" do
@@ -70,23 +83,108 @@ describe Puppet::Type.type(:group) do
     expect(type.exists?).to eq(true)
   end
 
-  describe "should delegate :members implementation to the provider:"  do
+  describe "when managing members" do
+    def stub_property(resource_hash)
+      described_class.new(resource_hash).property(:members)
+    end
+
+    describe "validation" do
+      it "raises an error for a non-String value" do
+        expect {
+          described_class.new(:name => 'foo', :members => true)
+        }.to raise_error(Puppet::Error)
+      end
+
+      it "raises an error for an array value containing a non-String element" do
+        expect {
+          described_class.new(:name => 'foo', :members => [ true, 'foo' ])
+        }.to raise_error(Puppet::Error)
+      end
+
+      it "raises an error when the members are specified as UIDs instead of usernames" do
+        expect {
+          described_class.new(:name => 'foo', :members => [ '123', '456' ])
+        }.to raise_error(Puppet::Error)
+      end
+
+      it "raises an error when an empty string is passed for a member's username" do
+        expect {
+          described_class.new(:name => 'foo', :members => [ 'foo', '' ])
+        }.to raise_error(Puppet::Error)
+      end
+
+      it "passes for a single member" do
+        expect {
+          described_class.new(:name => 'foo', :members => 'foo')
+        }.to_not raise_error
+      end
+
+      it "passes for a member whose username has a number" do
+        expect {
+          described_class.new(:name => 'foo', :members => 'foo123')
+        }.to_not raise_error
+      end
+
+      it "passes for an array of members" do
+        expect {
+          described_class.new(:name => 'foo', :members => [ 'foo', 'bar' ])
+        }.to_not raise_error
+      end
 
-    let (:provider) { @class.provide(:testing) { has_features :manages_members } }
-    let (:provider_instance) { provider.new }
-    let (:type) { @class.new(:name => "group", :provider => provider_instance, :members => ['user1']) }
+      it "passes for a comma-separated list of members" do
+        expect {
+          described_class.new(:name => 'foo', :members => 'foo,bar')
+        }.to_not raise_error
+      end
+    end
 
-    it "insync? calls members_insync?" do
-      provider_instance.expects(:members_insync?).with(['user1'], ['user1']).returns true
-      expect(type.property(:members).insync?(['user1'])).to be_truthy
+    describe "#inclusive?" do
+      it "returns false when auth_membership == false" do
+        members_property = stub_property(
+          :name => 'foo',
+          :auth_membership => false,
+          :members => []
+        )
+
+        expect(members_property.inclusive?).to be false
+      end
+
+      it "returns true when auth_membership == true" do
+        members_property = stub_property(
+          :name => 'foo',
+          :auth_membership => true,
+          :members => []
+        )
+
+        expect(members_property.inclusive?).to be true
+      end
     end
 
-    it "is_to_s and should_to_s call members_to_s" do
-      provider_instance.expects(:members_to_s).with(['user2', 'user1']).returns "user2 (), user1 ()"
-      provider_instance.expects(:members_to_s).with(['user1']).returns "user1 ()"
+    describe "#should= munging the @should instance variable" do
+      def should_var_of(property)
+        property.instance_variable_get(:@should)
+      end
 
-      expect(type.property(:members).is_to_s('user1')).to eq('user1 ()')
-      expect(type.property(:members).should_to_s('user2,user1')).to eq('user2 (), user1 ()')
+      it "leaves a single member as-is" do
+        members_property = stub_property(:name => 'foo', :members => [])
+        members_property.should = 'foo'
+
+        expect(should_var_of(members_property)).to eql([ 'foo' ])
+      end
+
+      it "leaves an array of members as-is" do
+        members_property = stub_property(:name => 'foo', :members => [])
+        members_property.should = [ 'foo', 'bar' ]
+
+        expect(should_var_of(members_property)).to eql(['foo', 'bar'])
+      end
+
+      it "munges a comma-separated list of members into an array" do
+        members_property = stub_property(:name => 'foo', :members => [])
+        members_property.should = 'foo,bar' 
+
+        expect(should_var_of(members_property)).to eql(['foo', 'bar'])
+      end
     end
   end
 end