puppet 6.16.0-x64-mingw32 → 7.0.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +5 -3
- data/Gemfile.lock +31 -33
- data/README.md +4 -5
- data/Rakefile +4 -12
- data/conf/fileserver.conf +5 -10
- data/ext/build_defaults.yaml +1 -1
- data/ext/osx/file_mapping.yaml +0 -5
- data/ext/project_data.yaml +1 -14
- data/ext/redhat/puppet.spec.erb +0 -1
- data/ext/windows/service/daemon.rb +6 -5
- data/install.rb +21 -17
- data/lib/puppet.rb +11 -20
- data/lib/puppet/agent.rb +2 -2
- data/lib/puppet/agent/locker.rb +0 -7
- data/lib/puppet/application.rb +172 -98
- data/lib/puppet/application/agent.rb +22 -6
- data/lib/puppet/application/apply.rb +18 -20
- data/lib/puppet/application/device.rb +100 -104
- data/lib/puppet/application/doc.rb +1 -1
- data/lib/puppet/application/filebucket.rb +15 -11
- data/lib/puppet/application/lookup.rb +16 -4
- data/lib/puppet/application/ssl.rb +1 -1
- data/lib/puppet/configurer.rb +66 -31
- data/lib/puppet/configurer/downloader.rb +31 -10
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/confine.rb +2 -2
- data/lib/puppet/confine/any.rb +1 -1
- data/lib/puppet/defaults.rb +166 -169
- data/lib/puppet/environments.rb +41 -15
- data/lib/puppet/face/catalog.rb +1 -1
- data/lib/puppet/face/config.rb +56 -16
- data/lib/puppet/face/epp.rb +12 -2
- data/lib/puppet/face/facts.rb +66 -6
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/node.rb +3 -3
- data/lib/puppet/face/node/clean.rb +2 -2
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/feature/base.rb +1 -1
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/file_bucket/dipper.rb +1 -1
- data/lib/puppet/file_serving/configuration.rb +0 -5
- data/lib/puppet/file_serving/configuration/parser.rb +3 -32
- data/lib/puppet/file_serving/http_metadata.rb +13 -1
- data/lib/puppet/file_serving/metadata.rb +4 -1
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/file_serving/mount/locales.rb +1 -2
- data/lib/puppet/file_serving/mount/pluginfacts.rb +1 -2
- data/lib/puppet/file_serving/mount/plugins.rb +1 -2
- data/lib/puppet/file_serving/terminus_selector.rb +7 -8
- data/lib/puppet/file_system/file_impl.rb +4 -4
- data/lib/puppet/file_system/uniquefile.rb +8 -16
- data/lib/puppet/forge.rb +1 -1
- data/lib/puppet/forge/cache.rb +1 -1
- data/lib/puppet/forge/repository.rb +3 -8
- data/lib/puppet/functions/epp.rb +1 -0
- data/lib/puppet/functions/inline_epp.rb +1 -0
- data/lib/puppet/functions/lstrip.rb +4 -4
- data/lib/puppet/functions/new.rb +8 -3
- data/lib/puppet/functions/reverse_each.rb +1 -1
- data/lib/puppet/functions/rstrip.rb +4 -4
- data/lib/puppet/functions/step.rb +1 -1
- data/lib/puppet/functions/strip.rb +4 -4
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/gettext/config.rb +5 -5
- data/lib/puppet/gettext/module_translations.rb +4 -4
- data/lib/puppet/http.rb +23 -13
- data/lib/puppet/http/client.rb +170 -115
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -11
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +13 -19
- data/lib/puppet/http/resolver.rb +10 -23
- data/lib/puppet/http/resolver/server_list.rb +23 -45
- data/lib/puppet/http/resolver/settings.rb +7 -10
- data/lib/puppet/http/resolver/srv.rb +11 -15
- data/lib/puppet/http/response.rb +49 -48
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service.rb +15 -27
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +23 -70
- data/lib/puppet/http/service/file_server.rb +19 -28
- data/lib/puppet/http/service/puppetserver.rb +53 -0
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/session.rb +16 -24
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/indirector.rb +1 -1
- data/lib/puppet/indirector/catalog/compiler.rb +1 -1
- data/lib/puppet/indirector/catalog/rest.rb +2 -4
- data/lib/puppet/indirector/exec.rb +1 -1
- data/lib/puppet/indirector/fact_search.rb +60 -0
- data/lib/puppet/indirector/facts/facter.rb +27 -6
- data/lib/puppet/indirector/facts/json.rb +27 -0
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/facts/yaml.rb +4 -59
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +3 -7
- data/lib/puppet/indirector/file_metadata/http.rb +25 -5
- data/lib/puppet/indirector/file_metadata/rest.rb +5 -11
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/hiera.rb +4 -0
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/json.rb +5 -1
- data/lib/puppet/indirector/msgpack.rb +1 -1
- data/lib/puppet/indirector/node/json.rb +8 -0
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/json.rb +34 -0
- data/lib/puppet/indirector/report/processor.rb +2 -2
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +2 -103
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/indirector/yaml.rb +1 -1
- data/lib/puppet/module.rb +1 -2
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/format_support.rb +2 -2
- data/lib/puppet/network/formats.rb +2 -1
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http/api/indirected_routes.rb +3 -21
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/api/master/v3/environments.rb +0 -1
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http/route.rb +2 -2
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node.rb +1 -30
- data/lib/puppet/node/environment.rb +12 -5
- data/lib/puppet/node/facts.rb +17 -0
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +93 -14
- data/lib/puppet/parameter.rb +1 -1
- data/lib/puppet/parser/ast/leaf.rb +5 -5
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -42
- data/lib/puppet/parser/compiler.rb +1 -199
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/functions.rb +21 -17
- data/lib/puppet/parser/functions/create_resources.rb +11 -7
- data/lib/puppet/parser/resource.rb +3 -71
- data/lib/puppet/parser/resource/param.rb +6 -0
- data/lib/puppet/parser/type_loader.rb +2 -2
- data/lib/puppet/pops/adaptable.rb +7 -13
- data/lib/puppet/pops/adapters.rb +8 -4
- data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +1 -3
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +27 -13
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +2 -2
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/loader/runtime3_type_loader.rb +4 -2
- data/lib/puppet/pops/loaders.rb +18 -11
- data/lib/puppet/pops/lookup/context.rb +1 -1
- data/lib/puppet/pops/lookup/hiera_config.rb +14 -1
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -290
- data/lib/puppet/pops/model/factory.rb +0 -45
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/egrammar.ra +0 -56
- data/lib/puppet/pops/parser/eparser.rb +1520 -1712
- data/lib/puppet/pops/parser/lexer2.rb +4 -4
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -22
- data/lib/puppet/pops/types/iterable.rb +34 -8
- data/lib/puppet/pops/types/p_meta_type.rb +1 -1
- data/lib/puppet/pops/types/p_type_set_type.rb +4 -0
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +0 -1
- data/lib/puppet/pops/validation/checker4_0.rb +28 -42
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -1
- data/lib/puppet/provider.rb +0 -13
- data/lib/puppet/provider/file/windows.rb +1 -1
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/apt.rb +34 -0
- data/lib/puppet/provider/package/aptitude.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +1 -11
- data/lib/puppet/provider/package/gem.rb +27 -5
- data/lib/puppet/provider/package/pip.rb +0 -1
- data/lib/puppet/provider/package/pip2.rb +17 -0
- data/lib/puppet/provider/package/pkg.rb +0 -4
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +6 -4
- data/lib/puppet/provider/package/puppetserver_gem.rb +180 -0
- data/lib/puppet/provider/package/yum.rb +2 -1
- data/lib/puppet/provider/package/zypper.rb +3 -0
- data/lib/puppet/provider/service/smf.rb +191 -73
- data/lib/puppet/provider/service/windows.rb +23 -7
- data/lib/puppet/provider/user/aix.rb +1 -1
- data/lib/puppet/provider/user/directoryservice.rb +0 -10
- data/lib/puppet/provider/user/user_role_add.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +11 -4
- data/lib/puppet/provider/user/windows_adsi.rb +18 -1
- data/lib/puppet/reference/configuration.rb +2 -0
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/reports/http.rb +2 -0
- data/lib/puppet/resource.rb +3 -90
- data/lib/puppet/resource/catalog.rb +1 -14
- data/lib/puppet/resource/type.rb +5 -112
- data/lib/puppet/resource/type_collection.rb +3 -48
- data/lib/puppet/runtime.rb +1 -2
- data/lib/puppet/settings.rb +84 -35
- data/lib/puppet/settings/base_setting.rb +26 -2
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_context.rb +2 -2
- data/lib/puppet/ssl/ssl_provider.rb +37 -1
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -0
- data/lib/puppet/test/test_helper.rb +19 -16
- data/lib/puppet/transaction.rb +3 -9
- data/lib/puppet/transaction/persistence.rb +1 -1
- data/lib/puppet/transaction/report.rb +10 -8
- data/lib/puppet/trusted_external.rb +29 -1
- data/lib/puppet/type.rb +9 -77
- data/lib/puppet/type/file.rb +45 -22
- data/lib/puppet/type/file/checksum.rb +5 -5
- data/lib/puppet/type/file/source.rb +33 -13
- data/lib/puppet/type/filebucket.rb +4 -4
- data/lib/puppet/type/notify.rb +2 -2
- data/lib/puppet/type/package.rb +5 -13
- data/lib/puppet/type/service.rb +53 -0
- data/lib/puppet/type/user.rb +18 -3
- data/lib/puppet/util.rb +41 -3
- data/lib/puppet/util/autoload.rb +9 -7
- data/lib/puppet/util/character_encoding.rb +9 -5
- data/lib/puppet/util/checksums.rb +19 -4
- data/lib/puppet/util/execution.rb +2 -13
- data/lib/puppet/util/fileparsing.rb +2 -2
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/monkey_patches.rb +0 -46
- data/lib/puppet/util/provider_features.rb +1 -1
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/rubygems.rb +5 -1
- data/lib/puppet/util/run_mode.rb +14 -2
- data/lib/puppet/util/windows.rb +3 -7
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +5 -15
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/principal.rb +8 -6
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/registry.rb +11 -11
- data/lib/puppet/util/windows/security.rb +4 -4
- data/lib/puppet/util/windows/service.rb +52 -486
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/windows/user.rb +242 -8
- data/lib/puppet/util/yaml.rb +0 -22
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/locales/puppet.pot +713 -1380
- data/man/man5/puppet.conf.5 +84 -98
- data/man/man8/puppet-agent.8 +7 -4
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +6 -6
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +55 -9
- data/man/man8/puppet-filebucket.8 +6 -6
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +2 -2
- data/man/man8/puppet-module.8 +1 -58
- data/man/man8/puppet-node.8 +7 -4
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +4 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/provider/applytest/applytest.rb +2 -0
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/type/applytest.rb +25 -0
- data/spec/fixtures/unit/forge/bacula-releases.json +128 -0
- data/spec/fixtures/unit/forge/bacula.tar.gz +0 -0
- data/spec/fixtures/unit/provider/package/puppetserver_gem/gem-list-local-packages +30 -0
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/integration/application/agent_spec.rb +157 -59
- data/spec/integration/application/apply_spec.rb +150 -150
- data/spec/integration/application/doc_spec.rb +16 -6
- data/spec/integration/application/filebucket_spec.rb +78 -29
- data/spec/integration/application/help_spec.rb +44 -0
- data/spec/integration/application/lookup_spec.rb +13 -0
- data/spec/integration/application/module_spec.rb +68 -0
- data/spec/integration/application/plugin_spec.rb +76 -4
- data/spec/integration/configurer_spec.rb +14 -0
- data/spec/integration/data_binding_spec.rb +82 -0
- data/spec/integration/defaults_spec.rb +33 -5
- data/spec/integration/directory_environments_spec.rb +17 -17
- data/spec/integration/environments/setting_hooks_spec.rb +1 -1
- data/spec/integration/indirector/facts/facter_spec.rb +8 -6
- data/spec/integration/network/http_pool_spec.rb +29 -30
- data/spec/integration/node/environment_spec.rb +1 -1
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/compiler_spec.rb +11 -0
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -37
- data/spec/integration/type/file_spec.rb +6 -5
- data/spec/integration/util/execution_spec.rb +22 -0
- data/spec/integration/util/windows/adsi_spec.rb +2 -2
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/process_spec.rb +26 -32
- data/spec/integration/util/windows/registry_spec.rb +7 -7
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/integration/util/windows/user_spec.rb +47 -5
- data/spec/integration/util_spec.rb +7 -33
- data/spec/lib/puppet_spec/matchers.rb +0 -80
- data/spec/lib/puppet_spec/puppetserver.rb +9 -1
- data/spec/lib/puppet_spec/settings.rb +7 -1
- data/spec/shared_contexts/types_setup.rb +2 -0
- data/spec/spec_helper.rb +2 -0
- data/spec/unit/agent_spec.rb +0 -2
- data/spec/unit/application/agent_spec.rb +3 -4
- data/spec/unit/application/config_spec.rb +224 -4
- data/spec/unit/application/doc_spec.rb +2 -2
- data/spec/unit/application/face_base_spec.rb +6 -4
- data/spec/unit/application/facts_spec.rb +74 -8
- data/spec/unit/application/filebucket_spec.rb +41 -39
- data/spec/unit/application/resource_spec.rb +3 -1
- data/spec/unit/application/ssl_spec.rb +17 -4
- data/spec/unit/application_spec.rb +9 -4
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +14 -0
- data/spec/unit/configurer/fact_handler_spec.rb +4 -4
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +96 -44
- data/spec/unit/confine_spec.rb +2 -1
- data/spec/unit/context/trusted_information_spec.rb +12 -10
- data/spec/unit/defaults_spec.rb +77 -28
- data/spec/unit/environments_spec.rb +96 -32
- data/spec/unit/face/config_spec.rb +65 -12
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/face/node_spec.rb +2 -2
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +14 -18
- data/spec/unit/file_serving/configuration_spec.rb +6 -12
- data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
- data/spec/unit/file_serving/mount/locales_spec.rb +2 -2
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +2 -2
- data/spec/unit/file_serving/mount/plugins_spec.rb +2 -2
- data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
- data/spec/unit/file_system/uniquefile_spec.rb +18 -0
- data/spec/unit/file_system_spec.rb +1 -2
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/inline_epp_spec.rb +26 -1
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/http/client_spec.rb +71 -17
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +34 -15
- data/spec/unit/http/response_spec.rb +6 -0
- data/spec/unit/http/service/ca_spec.rb +2 -3
- data/spec/unit/http/service/compiler_spec.rb +51 -65
- data/spec/unit/http/service/file_server_spec.rb +5 -6
- data/spec/unit/http/service/puppetserver_spec.rb +112 -0
- data/spec/unit/http/service/report_spec.rb +2 -3
- data/spec/unit/http/service_spec.rb +1 -3
- data/spec/unit/http/session_spec.rb +24 -35
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/catalog/json_spec.rb +1 -1
- data/spec/unit/indirector/catalog/rest_spec.rb +1 -1
- data/spec/unit/indirector/facts/facter_spec.rb +97 -0
- data/spec/unit/indirector/facts/json_spec.rb +255 -0
- data/spec/unit/indirector/facts/rest_spec.rb +1 -1
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/http_spec.rb +27 -0
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/json_spec.rb +8 -8
- data/spec/unit/indirector/msgpack_spec.rb +8 -8
- data/spec/unit/indirector/node/json_spec.rb +33 -0
- data/spec/unit/indirector/node/rest_spec.rb +1 -1
- data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/report/yaml_spec.rb +72 -8
- data/spec/unit/indirector/request_spec.rb +3 -267
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/indirector/yaml_spec.rb +7 -7
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/module_tool/tar/mini_spec.rb +20 -0
- data/spec/unit/network/authconfig_spec.rb +2 -132
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/format_support_spec.rb +3 -2
- data/spec/unit/network/formats_spec.rb +4 -4
- data/spec/unit/network/http/api/indirected_routes_spec.rb +3 -98
- data/spec/unit/network/http/api/master/v3/environments_spec.rb +12 -23
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +61 -73
- data/spec/unit/network/http/handler_spec.rb +0 -6
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +51 -22
- data/spec/unit/node_spec.rb +2 -54
- data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/parser/scope_spec.rb +1 -1
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +19 -8
- data/spec/unit/pops/loaders/loaders_spec.rb +77 -22
- data/spec/unit/pops/lookup/lookup_spec.rb +25 -0
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/type_calculator_spec.rb +7 -17
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -46
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/provider/exec_spec.rb +4 -3
- data/spec/unit/provider/nameservice_spec.rb +0 -57
- data/spec/unit/provider/package/apt_spec.rb +77 -0
- data/spec/unit/provider/package/aptitude_spec.rb +1 -0
- data/spec/unit/provider/package/dpkg_spec.rb +22 -55
- data/spec/unit/provider/package/gem_spec.rb +32 -0
- data/spec/unit/provider/package/openbsd_spec.rb +2 -0
- data/spec/unit/provider/package/pip2_spec.rb +36 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +6 -2
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +137 -0
- data/spec/unit/provider/package/yum_spec.rb +31 -0
- data/spec/unit/provider/package/zypper_spec.rb +14 -0
- data/spec/unit/provider/service/base_spec.rb +2 -4
- data/spec/unit/provider/service/bsd_spec.rb +5 -1
- data/spec/unit/provider/service/daemontools_spec.rb +1 -1
- data/spec/unit/provider/service/debian_spec.rb +3 -5
- data/spec/unit/provider/service/freebsd_spec.rb +1 -1
- data/spec/unit/provider/service/gentoo_spec.rb +4 -5
- data/spec/unit/provider/service/init_spec.rb +45 -5
- data/spec/unit/provider/service/launchd_spec.rb +5 -6
- data/spec/unit/provider/service/openrc_spec.rb +4 -5
- data/spec/unit/provider/service/openwrt_spec.rb +1 -1
- data/spec/unit/provider/service/redhat_spec.rb +1 -1
- data/spec/unit/provider/service/runit_spec.rb +2 -1
- data/spec/unit/provider/service/smf_spec.rb +402 -166
- data/spec/unit/provider/service/src_spec.rb +3 -5
- data/spec/unit/provider/service/systemd_spec.rb +3 -6
- data/spec/unit/provider/service/upstart_spec.rb +4 -5
- data/spec/unit/provider/service/windows_spec.rb +50 -15
- data/spec/unit/provider/user/openbsd_spec.rb +1 -0
- data/spec/unit/provider/user/useradd_spec.rb +22 -16
- data/spec/unit/provider/user/windows_adsi_spec.rb +82 -0
- data/spec/unit/provider_spec.rb +0 -12
- data/spec/unit/puppet_pal_2pec.rb +40 -0
- data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
- data/spec/unit/reports/store_spec.rb +17 -13
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource_spec.rb +3 -59
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +586 -239
- data/spec/unit/ssl/base_spec.rb +36 -3
- data/spec/unit/ssl/certificate_request_spec.rb +15 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +78 -49
- data/spec/unit/ssl/state_machine_spec.rb +0 -1
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/test/test_helper_spec.rb +17 -0
- data/spec/unit/transaction/persistence_spec.rb +15 -0
- data/spec/unit/transaction/report_spec.rb +3 -3
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +45 -79
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +1 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/source_spec.rb +4 -5
- data/spec/unit/type/file_spec.rb +134 -102
- data/spec/unit/type/filebucket_spec.rb +1 -1
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type/service_spec.rb +209 -0
- data/spec/unit/type/user_spec.rb +31 -2
- data/spec/unit/type_spec.rb +70 -0
- data/spec/unit/util/backups_spec.rb +0 -2
- data/spec/unit/util/character_encoding_spec.rb +4 -4
- data/spec/unit/util/checksums_spec.rb +16 -0
- data/spec/unit/util/command_line_spec.rb +11 -6
- data/spec/unit/util/execution_spec.rb +0 -29
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/rubygems_spec.rb +2 -2
- data/spec/unit/util/run_mode_spec.rb +27 -127
- data/spec/unit/util/windows/api_types_spec.rb +104 -40
- data/spec/unit/util/windows/service_spec.rb +4 -4
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +0 -54
- data/spec/unit/util_spec.rb +3 -21
- data/spec/unit/x509/cert_provider_spec.rb +1 -1
- metadata +76 -270
- data/conf/auth.conf +0 -150
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -85
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -182
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -64
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -20
- data/lib/puppet/parser/environment_compiler.rb +0 -199
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -282
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/integration/faces/config_spec.rb +0 -91
- data/spec/integration/faces/documentation_spec.rb +0 -57
- data/spec/integration/file_bucket/file_spec.rb +0 -50
- data/spec/integration/file_serving/content_spec.rb +0 -7
- data/spec/integration/file_serving/fileset_spec.rb +0 -12
- data/spec/integration/file_serving/metadata_spec.rb +0 -8
- data/spec/integration/file_serving/terminus_helper_spec.rb +0 -20
- data/spec/integration/file_system/uniquefile_spec.rb +0 -26
- data/spec/integration/module_tool/forge_spec.rb +0 -51
- data/spec/integration/module_tool/tar/mini_spec.rb +0 -28
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/provider/service/init_spec.rb +0 -48
- data/spec/integration/provider/service/systemd_spec.rb +0 -25
- data/spec/integration/provider/service/windows_spec.rb +0 -50
- data/spec/integration/reference/providers_spec.rb +0 -21
- data/spec/integration/reports_spec.rb +0 -13
- data/spec/integration/ssl/certificate_request_spec.rb +0 -44
- data/spec/integration/ssl/host_spec.rb +0 -72
- data/spec/integration/ssl/key_spec.rb +0 -99
- data/spec/integration/test/test_helper_spec.rb +0 -31
- data/spec/shared_behaviours/file_serving_model.rb +0 -51
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/face/catalog_spec.rb +0 -6
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/man_spec.rb +0 -25
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/module_spec.rb +0 -3
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -79
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/man_spec.rb +0 -31
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -422
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -723
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -143
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -650
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/ssl_spec.rb +0 -91
@@ -1,64 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
require 'puppet/network/http'
|
4
|
-
require 'puppet/network/http/connection'
|
5
|
-
|
6
|
-
describe Puppet::Network::HTTP::NoCachePool do
|
7
|
-
let(:site) { Puppet::Network::HTTP::Site.new('https', 'rubygems.org', 443) }
|
8
|
-
let(:verifier) { double('verifier', :setup_connection => nil) }
|
9
|
-
|
10
|
-
it 'yields a started connection' do
|
11
|
-
http = double('http', start: nil, finish: nil, started?: true)
|
12
|
-
|
13
|
-
factory = Puppet::Network::HTTP::Factory.new
|
14
|
-
allow(factory).to receive(:create_connection).and_return(http)
|
15
|
-
pool = Puppet::Network::HTTP::NoCachePool.new(factory)
|
16
|
-
|
17
|
-
expect { |b|
|
18
|
-
pool.with_connection(site, verifier, &b)
|
19
|
-
}.to yield_with_args(http)
|
20
|
-
end
|
21
|
-
|
22
|
-
it 'yields a new connection each time' do
|
23
|
-
http1 = double('http1', start: nil, finish: nil, started?: true)
|
24
|
-
http2 = double('http2', start: nil, finish: nil, started?: true)
|
25
|
-
|
26
|
-
factory = Puppet::Network::HTTP::Factory.new
|
27
|
-
allow(factory).to receive(:create_connection).and_return(http1, http2)
|
28
|
-
pool = Puppet::Network::HTTP::NoCachePool.new(factory)
|
29
|
-
|
30
|
-
expect { |b|
|
31
|
-
pool.with_connection(site, verifier, &b)
|
32
|
-
}.to yield_with_args(http1)
|
33
|
-
|
34
|
-
expect { |b|
|
35
|
-
pool.with_connection(site, verifier, &b)
|
36
|
-
}.to yield_with_args(http2)
|
37
|
-
end
|
38
|
-
|
39
|
-
it 'has a close method' do
|
40
|
-
Puppet::Network::HTTP::NoCachePool.new.close
|
41
|
-
end
|
42
|
-
|
43
|
-
it 'logs a deprecation warning' do
|
44
|
-
http = double('http', start: nil, finish: nil, started?: true)
|
45
|
-
|
46
|
-
factory = Puppet::Network::HTTP::Factory.new
|
47
|
-
allow(factory).to receive(:create_connection).and_return(http)
|
48
|
-
Puppet::Network::HTTP::NoCachePool.new(factory)
|
49
|
-
|
50
|
-
expect(@logs).to include(an_object_having_attributes(level: :warning, message: /Puppet::Network::HTTP::NoCachePool is deprecated/))
|
51
|
-
end
|
52
|
-
|
53
|
-
it 'omits the warning when deprecations are disabled' do
|
54
|
-
Puppet[:disable_warnings] = 'deprecations'
|
55
|
-
|
56
|
-
http = double('http', start: nil, finish: nil, started?: true)
|
57
|
-
|
58
|
-
factory = Puppet::Network::HTTP::Factory.new
|
59
|
-
allow(factory).to receive(:create_connection).and_return(http)
|
60
|
-
Puppet::Network::HTTP::NoCachePool.new(factory)
|
61
|
-
|
62
|
-
expect(@logs).to eq([])
|
63
|
-
end
|
64
|
-
end
|
@@ -1,439 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
require 'puppet/network/rights'
|
4
|
-
|
5
|
-
describe Puppet::Network::Rights do
|
6
|
-
before do
|
7
|
-
@right = Puppet::Network::Rights.new
|
8
|
-
end
|
9
|
-
|
10
|
-
describe "when validating a :head request" do
|
11
|
-
[:find, :save].each do |allowed_method|
|
12
|
-
it "should allow the request if only #{allowed_method} is allowed" do
|
13
|
-
rights = Puppet::Network::Rights.new
|
14
|
-
right = rights.newright("/")
|
15
|
-
right.allow("*")
|
16
|
-
right.restrict_method(allowed_method)
|
17
|
-
right.restrict_authenticated(:any)
|
18
|
-
expect(rights.is_request_forbidden_and_why?(:head, "/indirection_name/key", {})).to eq(nil)
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
it "should disallow the request if neither :find nor :save is allowed" do
|
23
|
-
rights = Puppet::Network::Rights.new
|
24
|
-
why_forbidden = rights.is_request_forbidden_and_why?(:head, "/indirection_name/key", {})
|
25
|
-
expect(why_forbidden).to be_instance_of(Puppet::Network::AuthorizationError)
|
26
|
-
expect(why_forbidden.to_s).to eq("Forbidden request: /indirection_name/key [find]")
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
it "should throw an error if type can't be determined" do
|
31
|
-
expect { @right.newright("name") }.to raise_error(ArgumentError, /Unknown right type/)
|
32
|
-
end
|
33
|
-
|
34
|
-
describe "when creating new path ACLs" do
|
35
|
-
it "should not throw an error if the ACL already exists" do
|
36
|
-
@right.newright("/name")
|
37
|
-
|
38
|
-
expect { @right.newright("/name")}.not_to raise_error
|
39
|
-
end
|
40
|
-
|
41
|
-
it "should throw an error if the acl uri path is not absolute" do
|
42
|
-
expect { @right.newright("name")}.to raise_error(ArgumentError, /Unknown right type/)
|
43
|
-
end
|
44
|
-
|
45
|
-
it "should create a new ACL with the correct path" do
|
46
|
-
@right.newright("/name")
|
47
|
-
|
48
|
-
expect(@right["/name"]).not_to be_nil
|
49
|
-
end
|
50
|
-
|
51
|
-
it "should create an ACL of type Puppet::Network::AuthStore" do
|
52
|
-
@right.newright("/name")
|
53
|
-
|
54
|
-
expect(@right["/name"]).to be_a_kind_of(Puppet::Network::AuthStore)
|
55
|
-
end
|
56
|
-
end
|
57
|
-
|
58
|
-
describe "when creating new regex ACLs" do
|
59
|
-
it "should not throw an error if the ACL already exists" do
|
60
|
-
@right.newright("~ .rb$")
|
61
|
-
|
62
|
-
expect { @right.newright("~ .rb$")}.not_to raise_error
|
63
|
-
end
|
64
|
-
|
65
|
-
it "should create a new ACL with the correct regex" do
|
66
|
-
@right.newright("~ .rb$")
|
67
|
-
|
68
|
-
expect(@right.include?(".rb$")).not_to be_nil
|
69
|
-
end
|
70
|
-
|
71
|
-
it "should be able to lookup the regex" do
|
72
|
-
@right.newright("~ .rb$")
|
73
|
-
|
74
|
-
expect(@right[".rb$"]).not_to be_nil
|
75
|
-
end
|
76
|
-
|
77
|
-
it "should be able to lookup the regex by its full name" do
|
78
|
-
@right.newright("~ .rb$")
|
79
|
-
|
80
|
-
expect(@right["~ .rb$"]).not_to be_nil
|
81
|
-
end
|
82
|
-
|
83
|
-
it "should create an ACL of type Puppet::Network::AuthStore" do
|
84
|
-
expect(@right.newright("~ .rb$")).to be_a_kind_of(Puppet::Network::AuthStore)
|
85
|
-
end
|
86
|
-
end
|
87
|
-
|
88
|
-
describe "when checking ACLs existence" do
|
89
|
-
it "should return false if there are no matching rights" do
|
90
|
-
expect(@right.include?("name")).to be_falsey
|
91
|
-
end
|
92
|
-
|
93
|
-
it "should return true if a path right exists" do
|
94
|
-
@right.newright("/name")
|
95
|
-
|
96
|
-
expect(@right.include?("/name")).to be_truthy
|
97
|
-
end
|
98
|
-
|
99
|
-
it "should return false if no matching path rights exist" do
|
100
|
-
@right.newright("/name")
|
101
|
-
|
102
|
-
expect(@right.include?("/differentname")).to be_falsey
|
103
|
-
end
|
104
|
-
|
105
|
-
it "should return true if a regex right exists" do
|
106
|
-
@right.newright("~ .rb$")
|
107
|
-
|
108
|
-
expect(@right.include?(".rb$")).to be_truthy
|
109
|
-
end
|
110
|
-
|
111
|
-
it "should return false if no matching path rights exist" do
|
112
|
-
@right.newright("~ .rb$")
|
113
|
-
|
114
|
-
expect(@right.include?(".pp$")).to be_falsey
|
115
|
-
end
|
116
|
-
end
|
117
|
-
|
118
|
-
describe "when checking if right is allowed" do
|
119
|
-
before :each do
|
120
|
-
allow(@right).to receive(:right).and_return(nil)
|
121
|
-
|
122
|
-
@pathacl = double('pathacl', :"<=>" => 1, :line => 0, :file => 'dummy')
|
123
|
-
allow(Puppet::Network::Rights::Right).to receive(:new).and_return(@pathacl)
|
124
|
-
end
|
125
|
-
|
126
|
-
it "should delegate to is_forbidden_and_why?" do
|
127
|
-
expect(@right).to receive(:is_forbidden_and_why?).with("namespace", :node => "host.domain.com", :ip => "127.0.0.1").and_return(nil)
|
128
|
-
|
129
|
-
@right.allowed?("namespace", "host.domain.com", "127.0.0.1")
|
130
|
-
end
|
131
|
-
|
132
|
-
it "should return true if is_forbidden_and_why? returns nil" do
|
133
|
-
allow(@right).to receive(:is_forbidden_and_why?).and_return(nil)
|
134
|
-
expect(@right.allowed?("namespace", :args)).to be_truthy
|
135
|
-
end
|
136
|
-
|
137
|
-
it "should return false if is_forbidden_and_why? returns an AuthorizationError" do
|
138
|
-
allow(@right).to receive(:is_forbidden_and_why?).and_return(Puppet::Network::AuthorizationError.new("forbidden"))
|
139
|
-
expect(@right.allowed?("namespace", :args1, :args2)).to be_falsey
|
140
|
-
end
|
141
|
-
|
142
|
-
it "should pass the match? return to allowed?" do
|
143
|
-
@right.newright("/path/to/there")
|
144
|
-
|
145
|
-
expect(@pathacl).to receive(:match?).and_return(:match)
|
146
|
-
expect(@pathacl).to receive(:allowed?).with(anything, anything, hash_including(match: :match)).and_return(true)
|
147
|
-
|
148
|
-
expect(@right.is_forbidden_and_why?("/path/to/there", {})).to eq(nil)
|
149
|
-
end
|
150
|
-
|
151
|
-
describe "with path acls" do
|
152
|
-
before :each do
|
153
|
-
@long_acl = double('longpathacl', :name => "/path/to/there", :line => 0, :file => 'dummy')
|
154
|
-
allow(Puppet::Network::Rights::Right).to receive(:new).with("/path/to/there", 0, nil).and_return(@long_acl)
|
155
|
-
|
156
|
-
@short_acl = double('shortpathacl', :name => "/path/to", :line => 0, :file => 'dummy')
|
157
|
-
allow(Puppet::Network::Rights::Right).to receive(:new).with("/path/to", 0, nil).and_return(@short_acl)
|
158
|
-
|
159
|
-
allow(@long_acl).to receive(:"<=>").with(@short_acl).and_return(0)
|
160
|
-
allow(@short_acl).to receive(:"<=>").with(@long_acl).and_return(0)
|
161
|
-
end
|
162
|
-
|
163
|
-
it "should select the first match" do
|
164
|
-
@right.newright("/path/to", 0)
|
165
|
-
@right.newright("/path/to/there", 0)
|
166
|
-
|
167
|
-
allow(@long_acl).to receive(:match?).and_return(true)
|
168
|
-
allow(@short_acl).to receive(:match?).and_return(true)
|
169
|
-
|
170
|
-
expect(@short_acl).to receive(:allowed?).and_return(true)
|
171
|
-
expect(@long_acl).not_to receive(:allowed?)
|
172
|
-
|
173
|
-
expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
|
174
|
-
end
|
175
|
-
|
176
|
-
it "should select the first match that doesn't return :dunno" do
|
177
|
-
@right.newright("/path/to/there", 0, nil)
|
178
|
-
@right.newright("/path/to", 0, nil)
|
179
|
-
|
180
|
-
allow(@long_acl).to receive(:match?).and_return(true)
|
181
|
-
allow(@short_acl).to receive(:match?).and_return(true)
|
182
|
-
|
183
|
-
expect(@long_acl).to receive(:allowed?).and_return(:dunno)
|
184
|
-
expect(@short_acl).to receive(:allowed?).and_return(true)
|
185
|
-
|
186
|
-
expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
|
187
|
-
end
|
188
|
-
|
189
|
-
it "should not select an ACL that doesn't match" do
|
190
|
-
@right.newright("/path/to/there", 0)
|
191
|
-
@right.newright("/path/to", 0)
|
192
|
-
|
193
|
-
allow(@long_acl).to receive(:match?).and_return(false)
|
194
|
-
allow(@short_acl).to receive(:match?).and_return(true)
|
195
|
-
|
196
|
-
expect(@long_acl).not_to receive(:allowed?)
|
197
|
-
expect(@short_acl).to receive(:allowed?).and_return(true)
|
198
|
-
|
199
|
-
expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
|
200
|
-
end
|
201
|
-
|
202
|
-
it "should not raise an AuthorizationError if allowed" do
|
203
|
-
@right.newright("/path/to/there", 0)
|
204
|
-
|
205
|
-
allow(@long_acl).to receive(:match?).and_return(true)
|
206
|
-
allow(@long_acl).to receive(:allowed?).and_return(true)
|
207
|
-
|
208
|
-
expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
|
209
|
-
end
|
210
|
-
|
211
|
-
it "should raise an AuthorizationError if the match is denied" do
|
212
|
-
@right.newright("/path/to/there", 0, nil)
|
213
|
-
|
214
|
-
allow(@long_acl).to receive(:match?).and_return(true)
|
215
|
-
allow(@long_acl).to receive(:allowed?).and_return(false)
|
216
|
-
|
217
|
-
expect(@right.is_forbidden_and_why?("/path/to/there", {})).to be_instance_of(Puppet::Network::AuthorizationError)
|
218
|
-
end
|
219
|
-
|
220
|
-
it "should raise an AuthorizationError if no path match" do
|
221
|
-
expect(@right.is_forbidden_and_why?("/nomatch", {})).to be_instance_of(Puppet::Network::AuthorizationError)
|
222
|
-
end
|
223
|
-
end
|
224
|
-
|
225
|
-
describe "with regex acls" do
|
226
|
-
before :each do
|
227
|
-
@regex_acl1 = double('regex_acl1', :name => "/files/(.*)/myfile", :line => 0, :file => 'dummy')
|
228
|
-
allow(Puppet::Network::Rights::Right).to receive(:new).with("~ /files/(.*)/myfile", 0, nil).and_return(@regex_acl1)
|
229
|
-
|
230
|
-
@regex_acl2 = double('regex_acl2', :name => "/files/(.*)/myfile/", :line => 0, :file => 'dummy')
|
231
|
-
allow(Puppet::Network::Rights::Right).to receive(:new).with("~ /files/(.*)/myfile/", 0, nil).and_return(@regex_acl2)
|
232
|
-
|
233
|
-
allow(@regex_acl1).to receive(:"<=>").with(@regex_acl2).and_return(0)
|
234
|
-
allow(@regex_acl2).to receive(:"<=>").with(@regex_acl1).and_return(0)
|
235
|
-
end
|
236
|
-
|
237
|
-
it "should select the first match" do
|
238
|
-
@right.newright("~ /files/(.*)/myfile", 0)
|
239
|
-
@right.newright("~ /files/(.*)/myfile/", 0)
|
240
|
-
|
241
|
-
allow(@regex_acl1).to receive(:match?).and_return(true)
|
242
|
-
allow(@regex_acl2).to receive(:match?).and_return(true)
|
243
|
-
|
244
|
-
expect(@regex_acl1).to receive(:allowed?).and_return(true)
|
245
|
-
expect(@regex_acl2).not_to receive(:allowed?)
|
246
|
-
|
247
|
-
expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
|
248
|
-
end
|
249
|
-
|
250
|
-
it "should select the first match that doesn't return :dunno" do
|
251
|
-
@right.newright("~ /files/(.*)/myfile", 0)
|
252
|
-
@right.newright("~ /files/(.*)/myfile/", 0)
|
253
|
-
|
254
|
-
allow(@regex_acl1).to receive(:match?).and_return(true)
|
255
|
-
allow(@regex_acl2).to receive(:match?).and_return(true)
|
256
|
-
|
257
|
-
expect(@regex_acl1).to receive(:allowed?).and_return(:dunno)
|
258
|
-
expect(@regex_acl2).to receive(:allowed?).and_return(true)
|
259
|
-
|
260
|
-
expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
|
261
|
-
end
|
262
|
-
|
263
|
-
it "should not select an ACL that doesn't match" do
|
264
|
-
@right.newright("~ /files/(.*)/myfile", 0)
|
265
|
-
@right.newright("~ /files/(.*)/myfile/", 0)
|
266
|
-
|
267
|
-
allow(@regex_acl1).to receive(:match?).and_return(false)
|
268
|
-
allow(@regex_acl2).to receive(:match?).and_return(true)
|
269
|
-
|
270
|
-
expect(@regex_acl1).not_to receive(:allowed?)
|
271
|
-
expect(@regex_acl2).to receive(:allowed?).and_return(true)
|
272
|
-
|
273
|
-
expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
|
274
|
-
end
|
275
|
-
|
276
|
-
it "should not raise an AuthorizationError if allowed" do
|
277
|
-
@right.newright("~ /files/(.*)/myfile", 0)
|
278
|
-
|
279
|
-
allow(@regex_acl1).to receive(:match?).and_return(true)
|
280
|
-
allow(@regex_acl1).to receive(:allowed?).and_return(true)
|
281
|
-
|
282
|
-
expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
|
283
|
-
end
|
284
|
-
|
285
|
-
it "should raise an error if no regex acl match" do
|
286
|
-
expect(@right.is_forbidden_and_why?("/path", {})).to be_instance_of(Puppet::Network::AuthorizationError)
|
287
|
-
end
|
288
|
-
|
289
|
-
it "should raise an AuthorizedError on deny" do
|
290
|
-
expect(@right.is_forbidden_and_why?("/path", {})).to be_instance_of(Puppet::Network::AuthorizationError)
|
291
|
-
end
|
292
|
-
|
293
|
-
end
|
294
|
-
end
|
295
|
-
|
296
|
-
describe Puppet::Network::Rights::Right do
|
297
|
-
before :each do
|
298
|
-
@acl = Puppet::Network::Rights::Right.new("/path",0, nil)
|
299
|
-
end
|
300
|
-
|
301
|
-
describe "with path" do
|
302
|
-
it "should match up to its path length" do
|
303
|
-
expect(@acl.match?("/path/that/works")).not_to be_nil
|
304
|
-
end
|
305
|
-
|
306
|
-
it "should match up to its path length" do
|
307
|
-
expect(@acl.match?("/paththatalsoworks")).not_to be_nil
|
308
|
-
end
|
309
|
-
|
310
|
-
it "should return nil if no match" do
|
311
|
-
expect(@acl.match?("/notpath")).to be_nil
|
312
|
-
end
|
313
|
-
end
|
314
|
-
|
315
|
-
describe "with regex" do
|
316
|
-
before :each do
|
317
|
-
@acl = Puppet::Network::Rights::Right.new("~ .rb$",0, nil)
|
318
|
-
end
|
319
|
-
|
320
|
-
it "should match as a regex" do
|
321
|
-
expect(@acl.match?("this should work.rb")).not_to be_nil
|
322
|
-
end
|
323
|
-
|
324
|
-
it "should return nil if no match" do
|
325
|
-
expect(@acl.match?("do not match")).to be_nil
|
326
|
-
end
|
327
|
-
end
|
328
|
-
|
329
|
-
it "should allow all rest methods by default" do
|
330
|
-
expect(@acl.methods).to eq(Puppet::Network::Rights::Right::ALL)
|
331
|
-
end
|
332
|
-
|
333
|
-
it "should allow only authenticated request by default" do
|
334
|
-
expect(@acl.authentication).to be_truthy
|
335
|
-
end
|
336
|
-
|
337
|
-
it "should allow modification of the methods filters" do
|
338
|
-
@acl.restrict_method(:save)
|
339
|
-
|
340
|
-
expect(@acl.methods).to eq([:save])
|
341
|
-
end
|
342
|
-
|
343
|
-
it "should stack methods filters" do
|
344
|
-
@acl.restrict_method(:save)
|
345
|
-
@acl.restrict_method(:destroy)
|
346
|
-
|
347
|
-
expect(@acl.methods).to eq([:save, :destroy])
|
348
|
-
end
|
349
|
-
|
350
|
-
it "should raise an error if the method is already filtered" do
|
351
|
-
@acl.restrict_method(:save)
|
352
|
-
|
353
|
-
expect { @acl.restrict_method(:save) }.to raise_error(ArgumentError, /'save' is already in the '\/path'/)
|
354
|
-
end
|
355
|
-
|
356
|
-
it "should allow setting an environment filters" do
|
357
|
-
env = Puppet::Node::Environment.create(:acltest, [])
|
358
|
-
Puppet.override(:environments => Puppet::Environments::Static.new(env)) do
|
359
|
-
@acl.restrict_environment(:acltest)
|
360
|
-
|
361
|
-
expect(@acl.environment).to eq([env])
|
362
|
-
end
|
363
|
-
end
|
364
|
-
|
365
|
-
["on", "yes", "true", true].each do |auth|
|
366
|
-
it "should allow filtering on authenticated requests with '#{auth}'" do
|
367
|
-
@acl.restrict_authenticated(auth)
|
368
|
-
|
369
|
-
expect(@acl.authentication).to be_truthy
|
370
|
-
end
|
371
|
-
end
|
372
|
-
|
373
|
-
["off", "no", "false", false, "all", "any", :all, :any].each do |auth|
|
374
|
-
it "should allow filtering on authenticated or unauthenticated requests with '#{auth}'" do
|
375
|
-
@acl.restrict_authenticated(auth)
|
376
|
-
expect(@acl.authentication).to be_falsey
|
377
|
-
end
|
378
|
-
end
|
379
|
-
|
380
|
-
describe "when checking right authorization" do
|
381
|
-
it "should return :dunno if this right is not restricted to the given method" do
|
382
|
-
@acl.restrict_method(:destroy)
|
383
|
-
|
384
|
-
expect(@acl.allowed?("me","127.0.0.1", { :method => :save } )).to eq(:dunno)
|
385
|
-
end
|
386
|
-
|
387
|
-
it "should return true if this right is restricted to the given method" do
|
388
|
-
@acl.restrict_method(:save)
|
389
|
-
@acl.allow("me")
|
390
|
-
|
391
|
-
expect(@acl.allowed?("me","127.0.0.1", { :method => :save, :authenticated => true })).to eq true
|
392
|
-
end
|
393
|
-
|
394
|
-
it "should return :dunno if this right is not restricted to the given environment" do
|
395
|
-
prod = Puppet::Node::Environment.create(:production, [])
|
396
|
-
dev = Puppet::Node::Environment.create(:development, [])
|
397
|
-
Puppet.override(:environments => Puppet::Environments::Static.new(prod, dev)) do
|
398
|
-
@acl.restrict_environment(:production)
|
399
|
-
|
400
|
-
expect(@acl.allowed?("me","127.0.0.1", { :method => :save, :environment => dev })).to eq(:dunno)
|
401
|
-
end
|
402
|
-
end
|
403
|
-
|
404
|
-
it "returns true if the request is permitted for this environment" do
|
405
|
-
@acl.allow("me")
|
406
|
-
prod = Puppet::Node::Environment.create(:production, [])
|
407
|
-
Puppet.override(:environments => Puppet::Environments::Static.new(prod)) do
|
408
|
-
@acl.restrict_environment(:production)
|
409
|
-
expect(@acl.allowed?("me", "127.0.0.1", { :method => :save, :authenticated => true, :environment => prod })).to eq true
|
410
|
-
end
|
411
|
-
end
|
412
|
-
|
413
|
-
it "should return :dunno if this right is not restricted to the given request authentication state" do
|
414
|
-
@acl.restrict_authenticated(true)
|
415
|
-
|
416
|
-
expect(@acl.allowed?("me","127.0.0.1", { :method => :save, :authenticated => false })).to eq(:dunno)
|
417
|
-
end
|
418
|
-
|
419
|
-
it "returns true if this right is restricted to the given request authentication state" do
|
420
|
-
@acl.restrict_authenticated(false)
|
421
|
-
@acl.allow("me")
|
422
|
-
|
423
|
-
expect(@acl.allowed?("me","127.0.0.1", {:method => :save, :authenticated => false })).to eq true
|
424
|
-
end
|
425
|
-
|
426
|
-
it "should interpolate allow/deny patterns with the given match" do
|
427
|
-
expect(@acl).to receive(:interpolate).with(:match)
|
428
|
-
|
429
|
-
@acl.allowed?("me","127.0.0.1", { :method => :save, :match => :match, :authenticated => true })
|
430
|
-
end
|
431
|
-
|
432
|
-
it "should reset interpolation after the match" do
|
433
|
-
expect(@acl).to receive(:reset_interpolation)
|
434
|
-
|
435
|
-
@acl.allowed?("me","127.0.0.1", { :method => :save, :match => :match, :authenticated => true })
|
436
|
-
end
|
437
|
-
end
|
438
|
-
end
|
439
|
-
end
|