RubyGems - puppet - Versions diffs - 6.10.1 → 6.11.0 - Mend

puppet 6.10.1 → 6.11.0

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (242) hide show

checksums.yaml +4 -4
data/Gemfile +4 -4
data/Gemfile.lock +20 -12
data/ext/project_data.yaml +3 -2
data/ext/regexp_nodes/regexp_nodes.rb +4 -4
data/ext/windows/service/daemon.rb +33 -8
data/install.rb +6 -6
data/lib/puppet.rb +8 -0
data/lib/puppet/application.rb +1 -1
data/lib/puppet/application/agent.rb +3 -0
data/lib/puppet/application/apply.rb +2 -2
data/lib/puppet/application/describe.rb +3 -9
data/lib/puppet/application/device.rb +3 -0
data/lib/puppet/application/doc.rb +1 -1
data/lib/puppet/application/lookup.rb +1 -1
data/lib/puppet/application/script.rb +2 -2
data/lib/puppet/application/ssl.rb +25 -21
data/lib/puppet/configurer.rb +42 -0
data/lib/puppet/configurer/downloader.rb +2 -6
data/lib/puppet/context/trusted_information.rb +42 -4
data/lib/puppet/defaults.rb +19 -4
data/lib/puppet/face/module/list.rb +5 -5
data/lib/puppet/face/module/search.rb +1 -1
data/lib/puppet/face/module/uninstall.rb +1 -1
data/lib/puppet/face/module/upgrade.rb +1 -1
data/lib/puppet/file_serving/http_metadata.rb +1 -1
data/lib/puppet/file_system.rb +0 -8
data/lib/puppet/file_system/memory_file.rb +1 -1
data/lib/puppet/file_system/posix.rb +3 -2
data/lib/puppet/forge.rb +3 -3
data/lib/puppet/functions.rb +1 -2
data/lib/puppet/gettext/module_translations.rb +1 -1
data/lib/puppet/graph/rb_tree_map.rb +2 -2
data/lib/puppet/graph/simple_graph.rb +4 -3
data/lib/puppet/http.rb +29 -0
data/lib/puppet/http/client.rb +156 -0
data/lib/puppet/http/errors.rb +30 -0
data/lib/puppet/http/redirector.rb +48 -0
data/lib/puppet/http/resolver.rb +5 -0
data/lib/puppet/http/resolver/settings.rb +5 -0
data/lib/puppet/http/resolver/srv.rb +13 -0
data/lib/puppet/http/response.rb +34 -0
data/lib/puppet/http/retry_after_handler.rb +47 -0
data/lib/puppet/http/service.rb +18 -0
data/lib/puppet/http/service/ca.rb +49 -0
data/lib/puppet/http/session.rb +55 -0
data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
data/lib/puppet/indirector/hiera.rb +2 -0
data/lib/puppet/indirector/request.rb +1 -1
data/lib/puppet/indirector/resource/ral.rb +1 -3
data/lib/puppet/indirector/resource/validator.rb +1 -1
data/lib/puppet/interface.rb +2 -1
data/lib/puppet/interface/documentation.rb +1 -1
data/lib/puppet/loaders.rb +0 -1
data/lib/puppet/metatype/manager.rb +1 -1
data/lib/puppet/module.rb +1 -1
data/lib/puppet/module/task.rb +20 -4
data/lib/puppet/module_tool/applications/installer.rb +1 -1
data/lib/puppet/module_tool/applications/uninstaller.rb +3 -3
data/lib/puppet/module_tool/metadata.rb +1 -1
data/lib/puppet/module_tool/shared_behaviors.rb +4 -4
data/lib/puppet/module_tool/tar/mini.rb +1 -1
data/lib/puppet/network/http.rb +2 -6
data/lib/puppet/network/http/api/indirected_routes.rb +12 -11
data/lib/puppet/network/http/connection.rb +10 -12
data/lib/puppet/network/http/pool.rb +2 -0
data/lib/puppet/network/http/site.rb +5 -1
data/lib/puppet/network/resolver.rb +4 -4
data/lib/puppet/node/environment.rb +4 -2
data/lib/puppet/pal/pal_impl.rb +2 -2
data/lib/puppet/parser/ast.rb +1 -1
data/lib/puppet/parser/ast/resourceparam.rb +1 -1
data/lib/puppet/parser/functions.rb +1 -1
data/lib/puppet/parser/scope.rb +8 -7
data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +1 -1
data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +1 -1
data/lib/puppet/pops/evaluator/external_syntax_support.rb +3 -2
data/lib/puppet/pops/evaluator/runtime3_support.rb +4 -7
data/lib/puppet/pops/loader/module_loaders.rb +1 -1
data/lib/puppet/pops/loader/task_instantiator.rb +4 -0
data/lib/puppet/pops/loaders.rb +1 -1
data/lib/puppet/pops/lookup/hiera_config.rb +1 -0
data/lib/puppet/pops/lookup/sub_lookup.rb +1 -1
data/lib/puppet/pops/merge_strategy.rb +22 -18
data/lib/puppet/pops/parser/heredoc_support.rb +1 -1
data/lib/puppet/pops/parser/interpolation_support.rb +4 -4
data/lib/puppet/pops/parser/locator.rb +1 -1
data/lib/puppet/pops/parser/pn_parser.rb +17 -16
data/lib/puppet/pops/puppet_stack.rb +52 -48
data/lib/puppet/pops/types/p_sensitive_type.rb +1 -1
data/lib/puppet/pops/types/p_uri_type.rb +1 -1
data/lib/puppet/pops/types/string_converter.rb +10 -10
data/lib/puppet/pops/types/types.rb +3 -3
data/lib/puppet/property.rb +1 -1
data/lib/puppet/property/ensure.rb +1 -1
data/lib/puppet/provider/exec.rb +6 -2
data/lib/puppet/provider/nameservice/directoryservice.rb +1 -1
data/lib/puppet/provider/nameservice/pw.rb +2 -2
data/lib/puppet/provider/package/apt.rb +5 -1
data/lib/puppet/provider/package/dnfmodule.rb +87 -0
data/lib/puppet/provider/package/dpkg.rb +31 -17
data/lib/puppet/provider/package/openbsd.rb +1 -1
data/lib/puppet/provider/package/pip.rb +34 -9
data/lib/puppet/provider/package/portage.rb +1 -1
data/lib/puppet/provider/package/rpm.rb +5 -5
data/lib/puppet/provider/package/windows/package.rb +1 -1
data/lib/puppet/provider/package/yum.rb +1 -1
data/lib/puppet/provider/parsedfile.rb +1 -1
data/lib/puppet/provider/service/daemontools.rb +9 -9
data/lib/puppet/provider/service/openbsd.rb +1 -1
data/lib/puppet/provider/service/rcng.rb +2 -2
data/lib/puppet/provider/service/runit.rb +2 -8
data/lib/puppet/provider/service/systemd.rb +10 -10
data/lib/puppet/provider/user/directoryservice.rb +1 -1
data/lib/puppet/provider/user/user_role_add.rb +1 -1
data/lib/puppet/provider/user/useradd.rb +22 -13
data/lib/puppet/provider/user/windows_adsi.rb +4 -5
data/lib/puppet/reference/indirection.rb +2 -2
data/lib/puppet/reference/metaparameter.rb +1 -3
data/lib/puppet/reference/providers.rb +1 -1
data/lib/puppet/reference/type.rb +3 -9
data/lib/puppet/reports.rb +1 -1
data/lib/puppet/resource.rb +1 -1
data/lib/puppet/resource/catalog.rb +1 -1
data/lib/puppet/rest/errors.rb +1 -0
data/lib/puppet/rest/response.rb +1 -0
data/lib/puppet/rest/route.rb +1 -0
data/lib/puppet/rest/routes.rb +3 -0
data/lib/puppet/runtime.rb +25 -0
data/lib/puppet/settings.rb +3 -3
data/lib/puppet/settings/environment_conf.rb +1 -0
data/lib/puppet/ssl/host.rb +1 -1
data/lib/puppet/ssl/oids.rb +1 -1
data/lib/puppet/ssl/state_machine.rb +23 -15
data/lib/puppet/test/test_helper.rb +1 -1
data/lib/puppet/transaction/report.rb +1 -1
data/lib/puppet/trusted_external.rb +13 -0
data/lib/puppet/type.rb +1 -3
data/lib/puppet/type/exec.rb +7 -3
data/lib/puppet/type/file.rb +1 -2
data/lib/puppet/type/file/source.rb +2 -2
data/lib/puppet/type/package.rb +10 -3
data/lib/puppet/type/schedule.rb +1 -1
data/lib/puppet/type/service.rb +1 -1
data/lib/puppet/util.rb +2 -2
data/lib/puppet/util/command_line/trollop.rb +1 -1
data/lib/puppet/util/http_proxy.rb +2 -10
data/lib/puppet/util/log.rb +2 -2
data/lib/puppet/util/log/destinations.rb +2 -2
data/lib/puppet/util/logging.rb +2 -2
data/lib/puppet/util/metric.rb +2 -2
data/lib/puppet/util/platform.rb +15 -4
data/lib/puppet/util/provider_features.rb +2 -4
data/lib/puppet/util/rdoc.rb +1 -1
data/lib/puppet/util/reference.rb +1 -1
data/lib/puppet/util/resource_template.rb +1 -1
data/lib/puppet/util/selinux.rb +3 -1
data/lib/puppet/util/windows/registry.rb +7 -5
data/lib/puppet/vendor.rb +1 -1
data/lib/puppet/vendor/require_vendored.rb +0 -1
data/lib/puppet/version.rb +1 -1
data/lib/puppet/x509/cert_provider.rb +4 -1
data/locales/puppet.pot +279 -203
data/man/man5/puppet.conf.5 +30 -8
data/man/man8/puppet-agent.8 +4 -1
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +1 -1
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +1 -1
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +1 -1
data/man/man8/puppet-node.8 +1 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +1 -1
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/unit/provider/package/dnfmodule/dnf-module-list-installed.txt +11 -0
data/spec/integration/configurer_spec.rb +52 -0
data/spec/lib/puppet/certificate_factory.rb +2 -2
data/spec/spec_helper.rb +24 -0
data/spec/unit/application/device_spec.rb +6 -0
data/spec/unit/application/ssl_spec.rb +4 -7
data/spec/unit/configurer_spec.rb +1 -0
data/spec/unit/context/trusted_information_spec.rb +41 -2
data/spec/unit/http/client_spec.rb +440 -0
data/spec/unit/http/resolver_spec.rb +45 -0
data/spec/unit/http/service/ca_spec.rb +106 -0
data/spec/unit/http/service_spec.rb +32 -0
data/spec/unit/http/session_spec.rb +102 -0
data/spec/unit/indirector/resource/ral_spec.rb +4 -4
data/spec/unit/network/http/connection_spec.rb +119 -145
data/spec/unit/network/http/site_spec.rb +7 -0
data/spec/unit/parser/scope_spec.rb +10 -0
data/spec/unit/pops/loaders/loaders_spec.rb +13 -2
data/spec/unit/pops/loaders/module_loaders_spec.rb +37 -0
data/spec/unit/provider/exec_spec.rb +209 -0
data/spec/unit/provider/package/dnfmodule_spec.rb +186 -0
data/spec/unit/provider/package/dpkg_spec.rb +238 -78
data/spec/unit/provider/package/pip_spec.rb +51 -6
data/spec/unit/provider/service/daemontools_spec.rb +24 -0
data/spec/unit/provider/service/runit_spec.rb +24 -0
data/spec/unit/provider/service/systemd_spec.rb +25 -25
data/spec/unit/provider/user/useradd_spec.rb +46 -0
data/spec/unit/ssl/host_spec.rb +0 -5
data/spec/unit/ssl/state_machine_spec.rb +16 -10
data/spec/unit/type/exec_spec.rb +6 -12
data/spec/unit/type/file_spec.rb +9 -4
data/spec/unit/type/package_spec.rb +5 -0
data/spec/unit/util/execution_spec.rb +16 -0
data/spec/unit/util/http_proxy_spec.rb +79 -27
data/spec/unit/util/log/destinations_spec.rb +7 -3
metadata +45 -22
data/lib/puppet/pops/loader/null_loader.rb +0 -60
data/lib/puppet/vendor/deep_merge/CHANGELOG +0 -45
data/lib/puppet/vendor/deep_merge/Gemfile +0 -3
data/lib/puppet/vendor/deep_merge/LICENSE +0 -21
data/lib/puppet/vendor/deep_merge/PUPPET_README.md +0 -6
data/lib/puppet/vendor/deep_merge/README.md +0 -113
data/lib/puppet/vendor/deep_merge/Rakefile +0 -19
data/lib/puppet/vendor/deep_merge/deep_merge.gemspec +0 -35
data/lib/puppet/vendor/deep_merge/lib/deep_merge.rb +0 -2
data/lib/puppet/vendor/deep_merge/lib/deep_merge/core.rb +0 -210
data/lib/puppet/vendor/deep_merge/lib/deep_merge/deep_merge_hash.rb +0 -28
data/lib/puppet/vendor/deep_merge/lib/deep_merge/rails_compat.rb +0 -27
data/lib/puppet/vendor/deep_merge/test/test_deep_merge.rb +0 -608
data/lib/puppet/vendor/load_deep_merge.rb +0 -1
data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_get/should_yield_to_the_block.yml +0 -24
data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_head/should_yield_to_the_block.yml +0 -24
data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_post/should_yield_to_the_block.yml +0 -24

data/spec/unit/provider/service/daemontools_spec.rb CHANGED

@@ -163,4 +163,28 @@ describe 'Puppet::Type::Service::Provider::Daemontools',
       expect(@provider.status).to  eq(:stopped)
     end
   end
+  context '.instances' do
+    before do
+      allow(provider_class).to receive(:defpath).and_return(path)
+    end
+    context 'when defpath is nil' do
+      let(:path) { nil }
+      it 'returns info message' do
+        expect(Puppet).to receive(:info).with(/daemontools is unsuitable because service directory is nil/)
+        provider_class.instances
+      end
+    end
+    context 'when defpath does not exist' do
+      let(:path) { '/inexistent_path' }
+      it 'returns notice about missing path' do
+        expect(Puppet).to receive(:notice).with(/Service path #{path} does not exist/)
+        provider_class.instances
+      end
+    end
+  end
 end

data/spec/unit/provider/service/runit_spec.rb CHANGED

@@ -136,4 +136,28 @@ describe 'Puppet::Type::Service::Provider::Runit', unless: Puppet::Util::Platfor
       expect(@provider.status).to eq(:stopped)
     end
   end
+  context '.instances' do
+    before do
+      allow(provider_class).to receive(:defpath).and_return(path)
+    end
+    context 'when defpath is nil' do
+      let(:path) { nil }
+      it 'returns info message' do
+        expect(Puppet).to receive(:info).with(/runit is unsuitable because service directory is nil/)
+        provider_class.instances
+      end
+    end
+    context 'when defpath does not exist' do
+      let(:path) { '/inexistent_path' }
+      it 'returns notice about missing path' do
+        expect(Puppet).to receive(:notice).with(/Service path #{path} does not exist/)
+        provider_class.instances
+      end
+    end
+  end
 end

data/spec/unit/provider/service/systemd_spec.rb CHANGED

@@ -201,17 +201,17 @@ describe 'Puppet::Type::Service::Provider::Systemd', unless: Puppet::Util::Platf
     it "should start the service with systemctl start otherwise" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
-      expect(provider).to receive(:systemctl).with(:unmask, 'sshd.service')
+      expect(provider).to receive(:systemctl).with(:unmask, '--', 'sshd.service')
       expect(provider).to receive(:daemon_reload?).and_return('no')
-      expect(provider).to receive(:execute).with(['/bin/systemctl','start','sshd.service'], {:failonfail => true, :override_locale => false, :squelch => false, :combine => true})
+      expect(provider).to receive(:execute).with(['/bin/systemctl','start', '--', 'sshd.service'], {:failonfail => true, :override_locale => false, :squelch => false, :combine => true})
       provider.start
     end
     it "should show journald logs on failure" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
-      expect(provider).to receive(:systemctl).with(:unmask, 'sshd.service')
+      expect(provider).to receive(:systemctl).with(:unmask, '--', 'sshd.service')
       expect(provider).to receive(:daemon_reload?).and_return('no')
-      expect(provider).to receive(:execute).with(['/bin/systemctl','start','sshd.service'],{:failonfail => true, :override_locale => false, :squelch => false, :combine => true})
+      expect(provider).to receive(:execute).with(['/bin/systemctl','start', '--', 'sshd.service'],{:failonfail => true, :override_locale => false, :squelch => false, :combine => true})
         .and_raise(Puppet::ExecutionFailure, "Failed to start sshd.service: Unit sshd.service failed to load: Invalid argument. See system logs and 'systemctl status sshd.service' for details.")
       journalctl_logs = <<-EOS
 -- Logs begin at Tue 2016-06-14 11:59:21 UTC, end at Tue 2016-06-14 21:45:02 UTC. --
@@ -233,13 +233,13 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
     it "should stop the service with systemctl stop otherwise" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
-      expect(provider).to receive(:execute).with(['/bin/systemctl','stop','sshd.service'], :failonfail => true, :override_locale => false, :squelch => false, :combine => true)
+      expect(provider).to receive(:execute).with(['/bin/systemctl','stop', '--', 'sshd.service'], :failonfail => true, :override_locale => false, :squelch => false, :combine => true)
       provider.stop
     end
     it "should show journald logs on failure" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
-      expect(provider).to receive(:execute).with(['/bin/systemctl','stop','sshd.service'],{:failonfail => true, :override_locale => false, :squelch => false, :combine => true})
+      expect(provider).to receive(:execute).with(['/bin/systemctl','stop', '--', 'sshd.service'],{:failonfail => true, :override_locale => false, :squelch => false, :combine => true})
         .and_raise(Puppet::ExecutionFailure, "Failed to stop sshd.service: Unit sshd.service failed to load: Invalid argument. See system logs and 'systemctl status sshd.service' for details.")
       journalctl_logs = <<-EOS
 -- Logs begin at Tue 2016-06-14 11:59:21 UTC, end at Tue 2016-06-14 21:45:02 UTC. --
@@ -255,13 +255,13 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
   describe "#daemon_reload?" do
     it "should skip the systemctl daemon_reload if not required by the service" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
-      expect(provider).to receive(:execute).with(['/bin/systemctl','show','sshd.service','--property=NeedDaemonReload'], :failonfail => false).and_return("no")
+      expect(provider).to receive(:execute).with(['/bin/systemctl','show', '--', 'sshd.service','--property=NeedDaemonReload'], :failonfail => false).and_return("no")
       provider.daemon_reload?
     end
     it "should run a systemctl daemon_reload if the service has been modified" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
-      expect(provider).to receive(:execute).with(['/bin/systemctl','show','sshd.service','--property=NeedDaemonReload'], :failonfail => false).and_return("yes")
-      expect(provider).to receive(:execute).with(['/bin/systemctl','daemon-reload'], :failonfail => false)
+      expect(provider).to receive(:execute).with(['/bin/systemctl','show', '--', 'sshd.service','--property=NeedDaemonReload'], :failonfail => false).and_return("yes")
+      expect(provider).to receive(:execute).with(['/bin/systemctl', '--', 'daemon-reload'], :failonfail => false)
       provider.daemon_reload?
     end
   end
@@ -269,42 +269,42 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
   describe "#enabled?" do
     it "should return :true if the service is enabled" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
-      expect(provider).to receive(:execute).with(['/bin/systemctl','is-enabled','sshd.service'], :failonfail => false).and_return("enabled\n")
+      expect(provider).to receive(:execute).with(['/bin/systemctl','is-enabled', '--', 'sshd.service'], :failonfail => false).and_return("enabled\n")
       allow($CHILD_STATUS).to receive(:exitstatus).and_return(0)
       expect(provider.enabled?).to eq(:true)
     end
     it "should return :true if the service is static" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
-      expect(provider).to receive(:execute).with(['/bin/systemctl','is-enabled','sshd.service'], :failonfail => false).and_return("static\n")
+      expect(provider).to receive(:execute).with(['/bin/systemctl','is-enabled','--', 'sshd.service'], :failonfail => false).and_return("static\n")
       allow($CHILD_STATUS).to receive(:exitstatus).and_return(0)
       expect(provider.enabled?).to eq(:true)
     end
     it "should return :false if the service is disabled" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
-      expect(provider).to receive(:execute).with(['/bin/systemctl','is-enabled','sshd.service'], :failonfail => false).and_return("disabled\n")
+      expect(provider).to receive(:execute).with(['/bin/systemctl','is-enabled', '--', 'sshd.service'], :failonfail => false).and_return("disabled\n")
       allow($CHILD_STATUS).to receive(:exitstatus).and_return(1)
       expect(provider.enabled?).to eq(:false)
     end
     it "should return :false if the service is indirect" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
-      expect(provider).to receive(:execute).with(['/bin/systemctl','is-enabled','sshd.service'], :failonfail => false).and_return("indirect\n")
+      expect(provider).to receive(:execute).with(['/bin/systemctl','is-enabled', '--', 'sshd.service'], :failonfail => false).and_return("indirect\n")
       allow($CHILD_STATUS).to receive(:exitstatus).and_return(0)
       expect(provider.enabled?).to eq(:false)
     end
     it "should return :false if the service is masked and the resource is attempting to be disabled" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service', :enable => false))
-      expect(provider).to receive(:execute).with(['/bin/systemctl','is-enabled','sshd.service'], :failonfail => false).and_return("masked\n")
+      expect(provider).to receive(:execute).with(['/bin/systemctl','is-enabled', '--', 'sshd.service'], :failonfail => false).and_return("masked\n")
       allow($CHILD_STATUS).to receive(:exitstatus).and_return(1)
       expect(provider.enabled?).to eq(:false)
     end
     it "should return :mask if the service is masked and the resource is attempting to be masked" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service', :enable => 'mask'))
-      expect(provider).to receive(:execute).with(['/bin/systemctl','is-enabled','sshd.service'], :failonfail => false).and_return("masked\n")
+      expect(provider).to receive(:execute).with(['/bin/systemctl','is-enabled', '--', 'sshd.service'], :failonfail => false).and_return("masked\n")
       allow($CHILD_STATUS).to receive(:exitstatus).and_return(1)
       expect(provider.enabled?).to eq(:mask)
     end
@@ -313,8 +313,8 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
   describe "#enable" do
     it "should run systemctl enable to enable a service" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
-      expect(provider).to receive(:systemctl).with(:unmask, 'sshd.service')
-      expect(provider).to receive(:systemctl).with(:enable, 'sshd.service')
+      expect(provider).to receive(:systemctl).with(:unmask, '--', 'sshd.service')
+      expect(provider).to receive(:systemctl).with(:enable, '--', 'sshd.service')
       provider.enable
     end
   end
@@ -322,7 +322,7 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
   describe "#disable" do
     it "should run systemctl disable to disable a service" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
-      expect(provider).to receive(:systemctl).with(:disable, 'sshd.service')
+      expect(provider).to receive(:systemctl).with(:disable, '--', 'sshd.service')
       provider.disable
     end
   end
@@ -333,8 +333,8 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
       # :disable is the only call in the provider that uses a symbol instead of
       # a string.
       # This should be made consistent in the future and all tests updated.
-      expect(provider).to receive(:systemctl).with(:disable, 'sshd.service')
-      expect(provider).to receive(:systemctl).with(:mask, 'sshd.service')
+      expect(provider).to receive(:systemctl).with(:disable, '--', 'sshd.service')
+      expect(provider).to receive(:systemctl).with(:mask, '--', 'sshd.service')
       provider.mask
     end
   end
@@ -344,7 +344,7 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
   describe "#status" do
     it "should return running if if the command returns 0" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
-      expect(provider).to receive(:execute).with(['/bin/systemctl','is-active','sshd.service'], :failonfail => false, :override_locale => false, :squelch => false, :combine => true).and_return("active\n")
+      expect(provider).to receive(:execute).with(['/bin/systemctl','is-active', '--', 'sshd.service'], :failonfail => false, :override_locale => false, :squelch => false, :combine => true).and_return("active\n")
       allow($CHILD_STATUS).to receive(:exitstatus).and_return(0)
       expect(provider.status).to eq(:running)
     end
@@ -352,7 +352,7 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
     [-10,-1,3,10].each { |ec|
       it "should return stopped if the command returns something non-0" do
         provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
-        expect(provider).to receive(:execute).with(['/bin/systemctl','is-active','sshd.service'], :failonfail => false, :override_locale => false, :squelch => false, :combine => true).and_return("inactive\n")
+        expect(provider).to receive(:execute).with(['/bin/systemctl','is-active', '--', 'sshd.service'], :failonfail => false, :override_locale => false, :squelch => false, :combine => true).and_return("inactive\n")
         allow($CHILD_STATUS).to receive(:exitstatus).and_return(ec)
         expect(provider.status).to eq(:stopped)
       end
@@ -371,7 +371,7 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
     it "should use the supplied restart command if specified" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd', :restart => '/bin/foo'))
       expect(provider).to receive(:daemon_reload?).and_return('no')
-      expect(provider).to receive(:execute).with(['/bin/systemctl','restart','sshd.service'], :failonfail => true, :override_locale => false, :squelch => false, :combine => true).never
+      expect(provider).to receive(:execute).with(['/bin/systemctl','restart', '--', 'sshd.service'], :failonfail => true, :override_locale => false, :squelch => false, :combine => true).never
       expect(provider).to receive(:execute).with(['/bin/foo'], :failonfail => true, :override_locale => false, :squelch => false, :combine => true)
       provider.restart
     end
@@ -379,14 +379,14 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
     it "should restart the service with systemctl restart" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
       expect(provider).to receive(:daemon_reload?).and_return('no')
-      expect(provider).to receive(:execute).with(['/bin/systemctl','restart','sshd.service'], :failonfail => true, :override_locale => false, :squelch => false, :combine => true)
+      expect(provider).to receive(:execute).with(['/bin/systemctl','restart','--','sshd.service'], :failonfail => true, :override_locale => false, :squelch => false, :combine => true)
       provider.restart
     end
     it "should show journald logs on failure" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
       expect(provider).to receive(:daemon_reload?).and_return('no')
-      expect(provider).to receive(:execute).with(['/bin/systemctl','restart','sshd.service'],{:failonfail => true, :override_locale => false, :squelch => false, :combine => true})
+      expect(provider).to receive(:execute).with(['/bin/systemctl','restart','--','sshd.service'],{:failonfail => true, :override_locale => false, :squelch => false, :combine => true})
         .and_raise(Puppet::ExecutionFailure, "Failed to restart sshd.service: Unit sshd.service failed to load: Invalid argument. See system logs and 'systemctl status sshd.service' for details.")
       journalctl_logs = <<-EOS
 -- Logs begin at Tue 2016-06-14 11:59:21 UTC, end at Tue 2016-06-14 21:45:02 UTC. --

data/spec/unit/provider/user/useradd_spec.rb CHANGED

@@ -317,6 +317,52 @@ describe Puppet::Type.type(:user).provider(:useradd) do
     end
   end
+  describe "#comment" do
+    before { described_class.has_feature :libuser }
+    let(:content) { "myuser:x:x:x:local comment:x:x" }
+    it "should return the local comment string when forcelocal is true" do
+      resource[:forcelocal] = true
+      allow(File).to receive(:open).with('/etc/passwd').and_yield(content)
+      expect(provider.comment).to eq('local comment')
+    end
+    it "should fall back to nameservice comment string when forcelocal is false" do
+      resource[:forcelocal] = false
+      allow(provider).to receive(:get).with(:comment).and_return('remote comment')
+      expect(provider).not_to receive(:localcomment)
+      expect(provider.comment).to eq('remote comment')
+    end
+  end
+  describe "#finduser" do
+    before { allow(File).to receive(:open).with('/etc/passwd').and_yield(content) }
+    let(:content) { "sample_account:sample_password:sample_uid:sample_gid:sample_gecos:sample_directory:sample_shell" }
+    let(:output) do
+      {
+        account: 'sample_account',
+        password: 'sample_password',
+        uid: 'sample_uid',
+        gid: 'sample_gid',
+        gecos: 'sample_gecos',
+        directory: 'sample_directory',
+        shell: 'sample_shell',
+      }
+    end
+    [:account, :password, :uid, :gid, :gecos, :directory, :shell].each do |key|
+      it "finds an user by #{key} when asked" do
+        expect(provider.finduser(key, "sample_#{key}")).to eq(output)
+      end
+    end
+    it "returns false when specified key/value pair is not found" do
+      expect(provider.finduser(:account, 'invalid_account')).to eq(false)
+    end
+  end
   describe "#check_allow_dup" do
     it "should return an array with a flag if dup is allowed" do
       resource[:allowdupe] = :true

data/spec/unit/ssl/host_spec.rb CHANGED

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'webmock/rspec'
 require 'puppet/test_ca'
 require 'puppet/ssl/host'
@@ -308,10 +307,6 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
       allow(@host).to receive(:validate_certificate_with_key)
       allow(@host).to receive(:http_client).and_return(@http)
       allow(@host).to receive(:ssl_store).and_return(double("ssl store"))
-      WebMock.disable_net_connect!
-      allow_any_instance_of(Net::HTTP).to receive(:start)
-      allow_any_instance_of(Net::HTTP).to receive(:finish)
     end
     let(:ca_cert_response) { @pki[:ca_bundle] }

data/spec/unit/ssl/state_machine_spec.rb CHANGED

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'webmock/rspec'
 require 'puppet_spec/files'
 require 'puppet/ssl'
@@ -28,11 +27,6 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
   let(:refused_message) { %r{Connection refused|No connection could be made because the target machine actively refused it} }
   before(:each) do
-    WebMock.disable_net_connect!
-    allow_any_instance_of(Net::HTTP).to receive(:start)
-    allow_any_instance_of(Net::HTTP).to receive(:finish)
     Puppet[:ssl_lockfile] = tmpfile('ssllock')
     allow(Kernel).to receive(:sleep)
   end
@@ -304,9 +298,12 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
       stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: cacert_pem)
       allow(cert_provider).to receive(:save_cacerts)
-      expect_any_instance_of(Net::HTTP).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_NONE)
+      receive_count = 0
+      allow_any_instance_of(Net::HTTP).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_NONE) { receive_count += 1 }
       state.next_state
+      expect(receive_count).to eq(2)
     end
     it 'returns an Error if the server returns 404' do
@@ -416,9 +413,12 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
       stub_request(:get, %r{puppet-ca/v1/certificate_revocation_list/ca}).to_return(status: 200, body: crl_pem)
       allow(cert_provider).to receive(:save_crls)
-      expect_any_instance_of(Net::HTTP).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
+      receive_count = 0
+      allow_any_instance_of(Net::HTTP).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER) { receive_count += 1 }
       state.next_state
+      expect(receive_count).to eq(2)
     end
     it 'returns an Error if the server returns 404' do
@@ -730,9 +730,12 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
       it "verifies the server's certificate when submitting the CSR" do
         stub_request(:put, %r{puppet-ca/v1/certificate_request/#{Puppet[:certname]}}).to_return(status: 200)
-        expect_any_instance_of(Net::HTTP).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
+        receive_count = 0
+        allow_any_instance_of(Net::HTTP).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER) { receive_count += 1 }
         state.next_state
+        expect(receive_count).to eq(2)
       end
     end
@@ -780,9 +783,12 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
         allow(cert_provider).to receive(:save_client_cert)
         allow(cert_provider).to receive(:save_request)
-        expect_any_instance_of(Net::HTTP).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
+        receive_count = 0
+        allow_any_instance_of(Net::HTTP).to receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER) { receive_count += 1 }
         state.next_state
+        expect(receive_count).to eq(2)
       end
       it 'does not save an invalid client cert' do

data/spec/unit/type/exec_spec.rb CHANGED

@@ -150,16 +150,13 @@ RSpec.describe Puppet::Type.type(:exec) do
         end
       end
-      it "should redact the command on failure" do
+      it "should redact the sensitive command on failure" do
         output = "output1\noutput2\n"
         expect { exec_tester('false', 1, :output => output, :logoutput => :on_failure, :sensitive_parameters => [:command]).refresh }.
             to raise_error(Puppet::Error, /^\[command redacted\] returned 1 instead of/)
-        output.split("\n").each do |line|
-          log = @logs.shift
-          expect(log.level).to eq(:err)
-          expect(log.message).to eq(line)
-        end
+        expect(@logs).to include(an_object_having_attributes(level: :err, message: '[output redacted]'))
+        expect(@logs).to_not include(an_object_having_attributes(message: /output1|output2/))
       end
       it "should log the output on failure when returns is specified as an array" do
@@ -177,7 +174,7 @@ RSpec.describe Puppet::Type.type(:exec) do
         end
       end
-      it "should redact the command on failure when returns is specified as an array" do
+      it "should redact the sensitive command on failure when returns is specified as an array" do
         output = "output1\noutput2\n"
         expect {
@@ -185,11 +182,8 @@ RSpec.describe Puppet::Type.type(:exec) do
                       :logoutput => :on_failure, :sensitive_parameters => [:command]).refresh
         }.to raise_error(Puppet::Error, /^\[command redacted\] returned 1 instead of/)
-        output.split("\n").each do |line|
-          log = @logs.shift
-          expect(log.level).to eq(:err)
-          expect(log.message).to eq(line)
-        end
+        expect(@logs).to include(an_object_having_attributes(level: :err, message: '[output redacted]'))
+        expect(@logs).to_not include(an_object_having_attributes(message: /output1|output2/))
       end
       it "shouldn't log the output on success" do

data/spec/unit/type/file_spec.rb CHANGED

@@ -477,6 +477,9 @@ describe Puppet::Type.type(:file) do
   end
   describe "#recurse" do
+    let(:name) { 'bar' }
+    let(:child) { double('puppet_type_file') }
     before do
       file[:recurse] = true
       @metadata = Puppet::FileServing::Metadata
@@ -485,8 +488,9 @@ describe Puppet::Type.type(:file) do
     describe "and a source is set" do
       it "should pass the already-discovered resources to recurse_remote" do
         file[:source] = File.expand_path(__FILE__)
-        allow(file).to receive(:recurse_local).and_return(:foo => "bar")
-        expect(file).to receive(:recurse_remote).with(:foo => "bar").and_return([])
+        allow(child).to receive(:[]).with(:path).and_return(name)
+        allow(file).to receive(:recurse_local).and_return(name => child)
+        expect(file).to receive(:recurse_remote).with(name => child).and_return([])
         file.recurse
       end
     end
@@ -494,8 +498,9 @@ describe Puppet::Type.type(:file) do
     describe "and a target is set" do
       it "should use recurse_link" do
         file[:target] = File.expand_path(__FILE__)
-        allow(file).to receive(:recurse_local).and_return(:foo => "bar")
-        expect(file).to receive(:recurse_link).with(:foo => "bar").and_return([])
+        allow(child).to receive(:[]).with(:path).and_return(name)
+        allow(file).to receive(:recurse_local).and_return(name => child)
+        expect(file).to receive(:recurse_link).with(name => child).and_return([])
         file.recurse
       end
     end