puppet 6.15.0 → 6.16.0

data/spec/integration/http/client_spec.rb

@@ -132,7 +132,12 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
     it "detects when the server has closed the connection and reconnects" do
       Puppet[:http_debug] = true
 
-      https_server.start_server do |port|
+      # advertise that we support keep-alive, but we don't really
+      response_proc = -> (req, res) {
+        res['Connection'] = 'Keep-Alive'
+      }
+
+      https_server.start_server(response_proc: response_proc) do |port|
         uri = URI("https://127.0.0.1:#{port}")
         kwargs = {headers: {'Content-Type' => 'text/plain'}, options: {ssl_context: root_context}}
 

data/spec/integration/network/http_pool_spec.rb

@@ -116,6 +116,62 @@ describe Puppet::Network::HttpPool, unless: Puppet::Util::Platform.jruby? do
 
       include_examples 'HTTPS client'
     end
+
+    shared_examples_for "an HttpPool connection" do |klass, legacy_api|
+      before :each do
+        Puppet::Network::HttpPool.http_client_class = klass
+      end
+
+      it "connects using the scheme, host and port from the http instance" do
+        request_line = nil
+
+        response_proc = -> (req, res) {
+          request_line = req.request_line
+        }
+
+        server.start_server(response_proc: response_proc) do |port|
+          http = Puppet::Network::HttpPool.http_instance(hostname, port, true)
+          path  = "http://bogus.example.com:443/foo"
+          http.get(path)
+
+          if legacy_api
+            # The old API passed the bogus hostname which didn't match
+            # the host we connected to.
+            expect(request_line).to eq("GET http://bogus.example.com:443/foo HTTP/1.1\r\n")
+          else
+            expect(request_line).to eq("GET /foo HTTP/1.1\r\n")
+          end
+        end
+      end
+
+      it "requires the caller to URL encode the path" do
+        request_line = nil
+
+        response_proc = -> (req, res) {
+          request_line = req.request_line
+        }
+
+        server.start_server(response_proc: response_proc) do |port|
+          http = Puppet::Network::HttpPool.http_instance(hostname, port, true)
+          encoded_url = "https://#{hostname}:#{port}/foo%20bar"
+          http.get(encoded_url)
+
+          if legacy_api
+            expect(request_line).to eq("GET #{encoded_url} HTTP/1.1\r\n")
+          else
+            expect(request_line).to eq("GET /foo%20bar HTTP/1.1\r\n")
+          end
+        end
+      end
+    end
+
+    describe Puppet::Network::HTTP::Connection do
+      it_behaves_like "an HttpPool connection", described_class, true
+    end
+
+    describe Puppet::Network::HTTP::ConnectionAdapter do
+      it_behaves_like "an HttpPool connection", described_class, false
+    end
   end
 
   context "when calling HttpPool.connection method" do

data/spec/integration/util/windows/adsi_spec.rb

@@ -82,6 +82,9 @@ describe Puppet::Util::Windows::ADSI::Group,
     it 'should return a list of members resolvable with Puppet::Util::Windows::ADSI::Group.name_sid_hash' do
       temp_groupname = "g#{SecureRandom.uuid}"
       temp_username  = "u#{SecureRandom.uuid}"[0..12]
+      # From https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements
+      specials = "~!@#$%^&*_-+=`|\(){}[]:;\"'<>,.?/"
+      temp_password = "p#{SecureRandom.uuid[0..7]}-#{SecureRandom.uuid.upcase[0..7]}-#{specials[rand(specials.length)]}"
 
       # select a virtual account that requires an authority to be able to resolve to SID
       # the Dhcp service is chosen for no particular reason aside from it's a service available on all Windows versions
@@ -110,6 +113,8 @@ describe Puppet::Util::Windows::ADSI::Group,
       begin
         # :SidTypeUser as user on localhost, can be resolved with or without authority prefix
         user = Puppet::Util::Windows::ADSI::User.create(temp_username)
+        # appveyor sometimes requires a password
+        user.password = temp_password
         user.commit()
         users.push({ :sid => user.sid.sid, :name => Puppet::Util::Windows::ADSI.computer_name + '\\' + temp_username })
 

data/spec/lib/puppet_spec/https.rb

@@ -24,6 +24,12 @@ class PuppetSpec::HTTPSServer
     res = WEBrick::HTTPResponse.new(@config)
     res.status = 200
     res.body = 'OK'
+    # The server explicitly closes the connection after handling it,
+    # so explicitly tell the client we're not going to keep it open.
+    # Without this, ruby will add `Connection: Keep-Alive`, which
+    # confuses the client when it tries to reuse the half-closed
+    # connection.
+    res['Connection'] = 'close'
     response_proc.call(req, res) if response_proc
 
     res.send_response(ssl)

data/spec/unit/agent_spec.rb

@@ -179,6 +179,52 @@ describe Puppet::Agent do
       expect(@agent.run).to eq(:result)
     end
 
+    describe "and a puppet agent is already running" do
+      before(:each) do
+        allow_any_instance_of(Object).to receive(:sleep)
+        lockfile = double('lockfile')
+        expect(@agent).to receive(:lockfile).and_return(lockfile).at_least(:once)
+        # so the lock method raises Puppet::LockError
+        allow(lockfile).to receive(:lock).and_return(false)
+      end
+
+      it "should notify that a run is already in progres" do
+        client = AgentTestClient.new
+        expect(AgentTestClient).to receive(:new).and_return(client)
+        expect(Puppet).to receive(:notice).with(/Run of .* already in progress; skipping .* exists/)
+        @agent.run
+      end
+
+      it "should inform that a run is already in progres and try to run every X seconds if waitforlock is used" do
+        # so the locked file exists
+        allow(File).to receive(:file?).and_return(true)
+        # so we don't have to wait again for the run to exit (default maxwaitforcert is 60)
+        # first 0 is to get the time, second 0 is to inform user, then 1000 so the time expires
+        allow(Time).to receive(:now).and_return(0, 0, 1000)
+        allow(Puppet).to receive(:info)
+        client = AgentTestClient.new
+        expect(AgentTestClient).to receive(:new).and_return(client)
+
+        Puppet[:waitforlock] = 1
+        Puppet[:maxwaitforlock] = 2
+        expect(Puppet).to receive(:info).with(/Another puppet instance is already running; --waitforlock flag used, waiting for running instance to finish./)
+        expect(Puppet).to receive(:info).with(/Will try again in #{Puppet[:waitforlock]} seconds./)
+        @agent.run
+      end
+
+      it "should notify that the run is exiting if waitforlock is used and maxwaitforlock is exceeded" do
+        # so we don't have to wait again for the run to exit (default maxwaitforcert is 60)
+        # first 0 is to get the time, then 1000 so that the time expires
+        allow(Time).to receive(:now).and_return(0, 1000)
+        client = AgentTestClient.new
+        expect(AgentTestClient).to receive(:new).and_return(client)
+
+        Puppet[:waitforlock] = 1
+        expect(Puppet).to receive(:notice).with(/Exiting now because the maxwaitforlock timeout has been exceeded./)
+        @agent.run
+      end
+    end
+    
     describe "when should_fork is true", :if => Puppet.features.posix? && RUBY_PLATFORM != 'java' do
       before do
         @agent = Puppet::Agent.new(AgentTestClient, true)
@@ -291,7 +337,7 @@ describe Puppet::Agent do
         expect(client).not_to receive(:handling)
         expect(Puppet).to receive(:log_exception).with(be_an_instance_of(Puppet::Agent::RunTimeoutError), anything)
 
-        expect(@agent.run).to eq(1)
+        expect(@agent.run).to eq(nil)
       end
     end
   end

data/spec/unit/application/agent_spec.rb

@@ -12,16 +12,16 @@ describe Puppet::Application::Agent do
   before :each do
     @puppetd = Puppet::Application[:agent]
 
-    @daemon = Puppet::Daemon.new(nil)
+    @agent = double('agent')
+    allow(Puppet::Agent).to receive(:new).and_return(@agent)
+
+    @daemon = Puppet::Daemon.new(@agent, nil)
     allow(@daemon).to receive(:daemonize)
     allow(@daemon).to receive(:start)
     allow(@daemon).to receive(:stop)
     allow(Puppet::Daemon).to receive(:new).and_return(@daemon)
     Puppet[:daemonize] = false
 
-    @agent = double('agent')
-    allow(Puppet::Agent).to receive(:new).and_return(@agent)
-
     @puppetd.preinit
     allow(Puppet::Util::Log).to receive(:newdestination)
 

data/spec/unit/context/trusted_information_spec.rb

@@ -90,6 +90,23 @@ describe Puppet::Context::TrustedInformation, :unless => RUBY_PLATFORM == 'java'
 
       expect(trusted.external).to eq(external_data)
     end
+
+    it 'does not run the trusted external command when creating a trusted context' do
+      Puppet[:trusted_external_command] = '/usr/bin/generate_data.sh'
+
+      expect(Puppet::Util::Execution).to receive(:execute).never
+      Puppet::Context::TrustedInformation.remote(true, 'cert name', cert)
+    end
+
+    it 'only runs the trusted external command the first time it is invoked' do
+      Puppet[:trusted_external_command] = '/usr/bin/generate_data.sh'
+
+      expect(Puppet::Util::Execution).to receive(:execute).with(['/usr/bin/generate_data.sh', 'cert name'], anything).and_return(JSON.dump(external_data)).once
+
+      trusted = Puppet::Context::TrustedInformation.remote(true, 'cert name', cert)
+      trusted.external
+      trusted.external
+    end
   end
 
   context "when local" do

data/spec/unit/daemon_spec.rb

@@ -32,13 +32,17 @@ describe Puppet::Daemon, :unless => Puppet::Util::Platform.windows? do
   let(:pidfile) { double("PidFile", :lock => true, :unlock => true, :file_path => 'fake.pid') }
   let(:scheduler) { RecordingScheduler.new }
 
-  let(:daemon) { Puppet::Daemon.new(pidfile, scheduler) }
+  let(:daemon) { Puppet::Daemon.new(agent, pidfile, scheduler) }
 
   before(:each) do
     allow(Signal).to receive(:trap)
     allow(daemon).to receive(:close_streams).and_return(nil)
   end
 
+  it "should fail when no agent is provided" do
+    expect { Puppet::Daemon.new(nil, pidfile, scheduler) }.to raise_error(Puppet::DevError)
+  end
+
   it "should reopen the Log logs when told to reopen logs" do
     expect(Puppet::Util::Log).to receive(:reopen)
     daemon.reopen_logs
@@ -72,65 +76,21 @@ describe Puppet::Daemon, :unless => Puppet::Util::Platform.windows? do
       allow(daemon).to receive(:set_signal_traps)
     end
 
-    it "should fail if it has neither agent nor server" do
-      expect { daemon.start }.to raise_error(Puppet::DevError)
-    end
-
     it "should create its pidfile" do
       expect(pidfile).to receive(:lock).and_return(true)
-
-      daemon.agent = agent
       daemon.start
     end
 
     it "should fail if it cannot lock" do
       expect(pidfile).to receive(:lock).and_return(false)
-      daemon.agent = agent
-
       expect { daemon.start }.to raise_error(RuntimeError, "Could not create PID file: #{pidfile.file_path}")
     end
 
-    it "should start its server if one is configured" do
-      daemon.server = server
-
-      expect(server).to receive(:start)
-
-      daemon.start
-    end
-
     it "disables the reparse of configs if the filetimeout is 0" do
       Puppet[:filetimeout] = 0
-      daemon.agent = agent
-
       daemon.start
-
       expect(scheduler.jobs[0]).not_to be_enabled
     end
-
-    it "disables the agent run when there is no agent" do
-      Puppet[:filetimeout] = 0
-      daemon.server = server
-
-      daemon.start
-
-      expect(scheduler.jobs[1]).not_to be_enabled
-    end
-
-    it "waits for the server to shutdown when there is one" do
-      daemon.server = server
-
-      expect(server).to receive(:wait_for_shutdown)
-
-      daemon.start
-    end
-
-    it "waits for the server to shutdown when there is one" do
-      daemon.server = server
-
-      expect(server).to receive(:wait_for_shutdown)
-
-      daemon.start
-    end
   end
 
   describe "when stopping" do
@@ -146,14 +106,6 @@ describe Puppet::Daemon, :unless => Puppet::Util::Platform.windows? do
       without_warnings { Puppet::Application = Puppet::Application.superclass }
     end
 
-    it "should stop its server if one is configured" do
-      expect(server).to receive(:stop)
-
-      daemon.server = server
-
-      expect { daemon.stop }.to exit_with 0
-    end
-
     it 'should request a stop from Puppet::Application' do
       expect(Puppet::Application).to receive(:stop!)
       expect { daemon.stop }.to exit_with 0
@@ -161,7 +113,6 @@ describe Puppet::Daemon, :unless => Puppet::Util::Platform.windows? do
 
     it "should remove its pidfile" do
       expect(pidfile).to receive(:unlock)
-
       expect { daemon.stop }.to exit_with 0
     end
 
@@ -188,8 +139,6 @@ describe Puppet::Daemon, :unless => Puppet::Util::Platform.windows? do
       expect(agent).to receive(:run).with({:splay => false}).and_raise(Puppet::LockError, 'Failed to aquire lock')
       expect(Puppet).to receive(:notice).with('Not triggering already-running agent')
 
-      daemon.agent = agent
-
       daemon.reload
     end
 
@@ -197,8 +146,6 @@ describe Puppet::Daemon, :unless => Puppet::Util::Platform.windows? do
       expect(agent).to receive(:run).with({:splay => false})
       expect(Puppet).not_to receive(:notice).with('Not triggering already-running agent')
 
-      daemon.agent = agent
-
       daemon.reload
     end
   end
@@ -220,15 +167,11 @@ describe Puppet::Daemon, :unless => Puppet::Util::Platform.windows? do
 
     it "should reexec itself if no agent is available" do
       expect(daemon).to receive(:reexec)
-
       daemon.restart
     end
 
     it "should reexec itself if the agent is not running" do
-      expect(agent).to receive(:running?).and_return(false)
-      daemon.agent = agent
       expect(daemon).to receive(:reexec)
-
       daemon.restart
     end
   end
@@ -247,14 +190,12 @@ describe Puppet::Daemon, :unless => Puppet::Util::Platform.windows? do
     it "should shut down without exiting" do
       daemon.argv = %w{foo}
       expect(daemon).to receive(:stop).with(:exit => false)
-
       daemon.reexec
     end
 
     it "should call 'exec' with the original executable and arguments" do
       daemon.argv = %w{foo}
       expect(daemon).to receive(:exec).with($0 + " foo")
-
       daemon.reexec
     end
   end

data/spec/unit/face/module/search_spec.rb

@@ -211,4 +211,21 @@ describe "puppet module search" do
       end
     end
   end
+
+  it "should include a deprecation warning" do
+    stub_request(:get, "https://forgeapi.puppet.com/v3/modules?query=puppetlabs-apache").to_return(status: 200, body: [answers: [], result: :success])
+
+    subject.search("puppetlabs-apache")
+
+    expect(@logs).to include(an_object_having_attributes(level: :warning, message: /This action has been deprecated. Please use the Puppet Forge to search for modules./))
+  end
+
+  it "omits the warning when deprecations are disabled" do
+    stub_request(:get, "https://forgeapi.puppet.com/v3/modules?query=puppetlabs-apache").to_return(status: 200, body: [answers: [], result: :success])
+
+    Puppet[:disable_warnings] = 'deprecations'
+    subject.search("puppetlabs-apache")
+
+    expect(@logs).not_to include(an_object_having_attributes(level: :warning))
+  end
 end

data/spec/unit/file_system/uniquefile_spec.rb

@@ -1,6 +1,8 @@
 require 'spec_helper'
 
 describe Puppet::FileSystem::Uniquefile do
+  include PuppetSpec::Files
+
   it "makes the name of the file available" do
     Puppet::FileSystem::Uniquefile.open_tmp('foo') do |file|
       expect(file.path).to match(/foo/)
@@ -73,6 +75,15 @@ describe Puppet::FileSystem::Uniquefile do
     Puppet::FileSystem::Uniquefile.open_tmp('foo') { |tmp| }
   end
 
+  it "reports when a parent directory does not exist" do
+    dir = tmpdir('uniquefile')
+    lock = File.join(dir, 'path', 'to', 'lock')
+
+    expect {
+      Puppet::FileSystem::Uniquefile.open_tmp(lock) { |tmp| }
+    }.to raise_error(Errno::ENOENT, %r{No such file or directory - A directory component in .* does not exist or is a dangling symbolic link})
+  end
+
   context "Ruby 1.9.3 Tempfile tests" do
     # the remaining tests in this file are ported directly from the ruby 1.9.3 source,
     # since most of this file was ported from there

data/spec/unit/http/client_spec.rb

@@ -474,38 +474,38 @@ describe Puppet::HTTP::Client do
     it "submits credentials for GET requests" do
       stub_request(:get, uri).with(basic_auth: credentials)
 
-      client.get(uri, options: {user: 'user', password: 'pass'})
+      client.get(uri, options: {basic_auth: {user: 'user', password: 'pass'}})
     end
 
     it "submits credentials for PUT requests" do
       stub_request(:put, uri).with(basic_auth: credentials)
 
-      client.put(uri, "hello", headers: {'Content-Type' => 'text/plain'}, options: {user: 'user', password: 'pass'})
+      client.put(uri, "hello", headers: {'Content-Type' => 'text/plain'}, options: {basic_auth: {user: 'user', password: 'pass'}})
     end
 
     it "returns response containing access denied" do
       stub_request(:get, uri).with(basic_auth: credentials).to_return(status: [403, "Ye Shall Not Pass"])
 
-      response = client.get(uri, options: {user: 'user', password: 'pass'})
+      response = client.get(uri, options: {basic_auth: {user: 'user', password: 'pass'}})
       expect(response.code).to eq(403)
       expect(response.reason).to eq("Ye Shall Not Pass")
       expect(response).to_not be_success
     end
 
-    it 'omits basic auth if user is nil' do
+    it 'includes basic auth if user is nil' do
       stub_request(:get, uri).with do |req|
-        expect(req.headers).to_not include('Authorization')
+        expect(req.headers).to include('Authorization')
       end
 
-      client.get(uri, options: {user: nil, password: 'pass'})
+      client.get(uri, options: {basic_auth: {user: nil, password: 'pass'}})
     end
 
-    it 'omits basic auth if password is nil' do
+    it 'includes basic auth if password is nil' do
       stub_request(:get, uri).with do |req|
-        expect(req.headers).to_not include('Authorization')
+        expect(req.headers).to include('Authorization')
       end
 
-      client.get(uri, options: {user: 'user', password: nil})
+      client.get(uri, options: {basic_auth: {user: 'user', password: nil}})
     end
   end
 
@@ -557,7 +557,7 @@ describe Puppet::HTTP::Client do
       stub_request(:get, start_url).with(basic_auth: credentials).to_return(redirect_to(url: bar_url))
       stub_request(:get, bar_url).with(basic_auth: credentials).to_return(status: 200)
 
-      client.get(start_url, options: {user: 'user', password: 'pass'})
+      client.get(start_url, options: {basic_auth: {user: 'user', password: 'pass'}})
     end
 
     it "redirects given a relative location" do