puppet 6.16.0-x86-mingw32 → 6.20.0-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +2 -16
- data/Gemfile +6 -2
- data/Gemfile.lock +40 -36
- data/README.md +3 -4
- data/Rakefile +4 -12
- data/lib/puppet/agent.rb +2 -2
- data/lib/puppet/agent/locker.rb +0 -7
- data/lib/puppet/application.rb +10 -6
- data/lib/puppet/application/agent.rb +23 -6
- data/lib/puppet/application/apply.rb +20 -21
- data/lib/puppet/application/device.rb +1 -0
- data/lib/puppet/application/doc.rb +1 -1
- data/lib/puppet/application/filebucket.rb +2 -2
- data/lib/puppet/application/lookup.rb +16 -4
- data/lib/puppet/application/script.rb +1 -0
- data/lib/puppet/application_support.rb +7 -0
- data/lib/puppet/configurer.rb +70 -20
- data/lib/puppet/configurer/downloader.rb +31 -10
- data/lib/puppet/confine.rb +2 -2
- data/lib/puppet/confine/any.rb +1 -1
- data/lib/puppet/defaults.rb +113 -46
- data/lib/puppet/environments.rb +84 -59
- data/lib/puppet/face/catalog.rb +1 -1
- data/lib/puppet/face/config.rb +56 -16
- data/lib/puppet/face/epp.rb +12 -2
- data/lib/puppet/face/facts.rb +60 -0
- data/lib/puppet/face/node.rb +3 -3
- data/lib/puppet/face/node/clean.rb +2 -2
- data/lib/puppet/face/status.rb +1 -1
- data/lib/puppet/feature/base.rb +1 -1
- data/lib/puppet/ffi/posix.rb +10 -0
- data/lib/puppet/ffi/posix/constants.rb +14 -0
- data/lib/puppet/ffi/posix/functions.rb +24 -0
- data/lib/puppet/file_bucket/dipper.rb +1 -1
- data/lib/puppet/file_serving/http_metadata.rb +13 -1
- data/lib/puppet/file_serving/metadata.rb +4 -1
- data/lib/puppet/file_serving/mount/locales.rb +1 -2
- data/lib/puppet/file_serving/mount/pluginfacts.rb +1 -2
- data/lib/puppet/file_serving/mount/plugins.rb +1 -2
- data/lib/puppet/file_serving/terminus_selector.rb +7 -8
- data/lib/puppet/file_system/file_impl.rb +4 -4
- data/lib/puppet/file_system/uniquefile.rb +8 -16
- data/lib/puppet/forge.rb +1 -1
- data/lib/puppet/forge/cache.rb +1 -1
- data/lib/puppet/forge/repository.rb +3 -7
- data/lib/puppet/functions/epp.rb +1 -0
- data/lib/puppet/functions/inline_epp.rb +1 -0
- data/lib/puppet/functions/lstrip.rb +4 -4
- data/lib/puppet/functions/new.rb +8 -3
- data/lib/puppet/functions/reverse_each.rb +1 -1
- data/lib/puppet/functions/rstrip.rb +4 -4
- data/lib/puppet/functions/step.rb +1 -1
- data/lib/puppet/functions/strip.rb +4 -4
- data/lib/puppet/gettext/config.rb +5 -5
- data/lib/puppet/gettext/module_translations.rb +4 -4
- data/lib/puppet/http.rb +1 -0
- data/lib/puppet/http/client.rb +6 -1
- data/lib/puppet/http/redirector.rb +9 -7
- data/lib/puppet/http/resolver.rb +5 -8
- data/lib/puppet/http/resolver/server_list.rb +18 -36
- data/lib/puppet/http/resolver/settings.rb +4 -4
- data/lib/puppet/http/resolver/srv.rb +5 -5
- data/lib/puppet/http/response.rb +19 -0
- data/lib/puppet/http/service.rb +3 -1
- data/lib/puppet/http/service/compiler.rb +1 -1
- data/lib/puppet/http/service/file_server.rb +1 -1
- data/lib/puppet/http/service/puppetserver.rb +39 -0
- data/lib/puppet/http/session.rb +5 -4
- data/lib/puppet/indirector.rb +1 -1
- data/lib/puppet/indirector/catalog/compiler.rb +1 -1
- data/lib/puppet/indirector/exec.rb +1 -1
- data/lib/puppet/indirector/fact_search.rb +60 -0
- data/lib/puppet/indirector/facts/facter.rb +3 -3
- data/lib/puppet/indirector/facts/json.rb +27 -0
- data/lib/puppet/indirector/facts/yaml.rb +4 -59
- data/lib/puppet/indirector/file_content/rest.rb +1 -1
- data/lib/puppet/indirector/file_metadata/http.rb +25 -5
- data/lib/puppet/indirector/file_metadata/rest.rb +2 -2
- data/lib/puppet/indirector/hiera.rb +4 -0
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/json.rb +5 -1
- data/lib/puppet/indirector/msgpack.rb +1 -1
- data/lib/puppet/indirector/node/json.rb +8 -0
- data/lib/puppet/indirector/report/json.rb +34 -0
- data/lib/puppet/indirector/report/processor.rb +2 -2
- data/lib/puppet/indirector/request.rb +5 -5
- data/lib/puppet/indirector/yaml.rb +1 -1
- data/lib/puppet/module.rb +1 -2
- data/lib/puppet/module_tool/applications/installer.rb +48 -2
- data/lib/puppet/module_tool/errors/shared.rb +17 -2
- data/lib/puppet/network/format_support.rb +2 -2
- data/lib/puppet/network/formats.rb +2 -1
- data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
- data/lib/puppet/network/http/api/master/v3/environment.rb +3 -0
- data/lib/puppet/network/http/api/master/v3/environments.rb +0 -1
- data/lib/puppet/network/http/connection_adapter.rb +6 -4
- data/lib/puppet/network/http/route.rb +2 -2
- data/lib/puppet/node/environment.rb +12 -5
- data/lib/puppet/node/facts.rb +17 -0
- data/lib/puppet/pal/pal_impl.rb +90 -13
- data/lib/puppet/parameter.rb +1 -1
- data/lib/puppet/parser/ast/leaf.rb +7 -6
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -4
- data/lib/puppet/parser/compiler.rb +1 -1
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +2 -0
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +2 -0
- data/lib/puppet/parser/environment_compiler.rb +4 -1
- data/lib/puppet/parser/functions.rb +21 -17
- data/lib/puppet/parser/functions/create_resources.rb +11 -7
- data/lib/puppet/parser/resource.rb +3 -2
- data/lib/puppet/parser/resource/param.rb +6 -0
- data/lib/puppet/parser/templatewrapper.rb +1 -1
- data/lib/puppet/parser/type_loader.rb +2 -2
- data/lib/puppet/pops/adaptable.rb +7 -13
- data/lib/puppet/pops/adapters.rb +8 -4
- data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +1 -3
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +5 -3
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +27 -8
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +2 -2
- data/lib/puppet/pops/issues.rb +5 -0
- data/lib/puppet/pops/loader/runtime3_type_loader.rb +4 -2
- data/lib/puppet/pops/loaders.rb +18 -11
- data/lib/puppet/pops/lookup/context.rb +1 -1
- data/lib/puppet/pops/lookup/hiera_config.rb +14 -1
- data/lib/puppet/pops/model/ast_transformer.rb +1 -1
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -0
- data/lib/puppet/pops/types/iterable.rb +34 -8
- data/lib/puppet/pops/types/p_meta_type.rb +1 -1
- data/lib/puppet/pops/types/p_type_set_type.rb +4 -0
- data/lib/puppet/pops/validation/checker4_0.rb +29 -15
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
- data/lib/puppet/provider/file/windows.rb +1 -1
- data/lib/puppet/provider/package/apt.rb +38 -0
- data/lib/puppet/provider/package/aptitude.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +1 -1
- data/lib/puppet/provider/package/gem.rb +4 -2
- data/lib/puppet/provider/package/pip2.rb +17 -0
- data/lib/puppet/provider/package/puppet_gem.rb +5 -0
- data/lib/puppet/provider/package/puppetserver_gem.rb +180 -0
- data/lib/puppet/provider/package/yum.rb +2 -1
- data/lib/puppet/provider/package/zypper.rb +3 -0
- data/lib/puppet/provider/service/windows.rb +23 -7
- data/lib/puppet/provider/user/aix.rb +3 -3
- data/lib/puppet/provider/user/user_role_add.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +11 -4
- data/lib/puppet/provider/user/windows_adsi.rb +18 -1
- data/lib/puppet/reference/configuration.rb +6 -5
- data/lib/puppet/reports/http.rb +2 -0
- data/lib/puppet/resource.rb +2 -1
- data/lib/puppet/resource/type.rb +10 -1
- data/lib/puppet/rest/route.rb +2 -2
- data/lib/puppet/settings.rb +63 -21
- data/lib/puppet/settings/alias_setting.rb +37 -0
- data/lib/puppet/settings/base_setting.rb +26 -2
- data/lib/puppet/ssl/ssl_context.rb +2 -2
- data/lib/puppet/ssl/ssl_provider.rb +20 -1
- data/lib/puppet/ssl/validator/default_validator.rb +1 -1
- data/lib/puppet/test/test_helper.rb +18 -13
- data/lib/puppet/transaction.rb +2 -2
- data/lib/puppet/transaction/persistence.rb +1 -1
- data/lib/puppet/transaction/report.rb +12 -8
- data/lib/puppet/trusted_external.rb +29 -1
- data/lib/puppet/type.rb +15 -7
- data/lib/puppet/type/file.rb +40 -15
- data/lib/puppet/type/file/checksum.rb +4 -4
- data/lib/puppet/type/file/source.rb +32 -12
- data/lib/puppet/type/filebucket.rb +1 -1
- data/lib/puppet/type/notify.rb +2 -2
- data/lib/puppet/type/service.rb +53 -0
- data/lib/puppet/type/user.rb +18 -3
- data/lib/puppet/util.rb +41 -3
- data/lib/puppet/util/autoload.rb +10 -15
- data/lib/puppet/util/character_encoding.rb +9 -5
- data/lib/puppet/util/checksums.rb +19 -4
- data/lib/puppet/util/connection.rb +8 -8
- data/lib/puppet/util/execution.rb +2 -2
- data/lib/puppet/util/fact_dif.rb +62 -0
- data/lib/puppet/util/fileparsing.rb +2 -2
- data/lib/puppet/util/posix.rb +54 -5
- data/lib/puppet/util/provider_features.rb +1 -1
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/rubygems.rb +5 -1
- data/lib/puppet/util/run_mode.rb +5 -1
- data/lib/puppet/util/windows.rb +1 -0
- data/lib/puppet/util/windows/api_types.rb +60 -33
- data/lib/puppet/util/windows/eventlog.rb +1 -6
- data/lib/puppet/util/windows/monkey_patches/dir.rb +40 -0
- data/lib/puppet/util/windows/principal.rb +8 -6
- data/lib/puppet/util/windows/registry.rb +11 -11
- data/lib/puppet/util/windows/security.rb +4 -4
- data/lib/puppet/util/windows/service.rb +43 -26
- data/lib/puppet/util/windows/user.rb +242 -8
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +501 -443
- data/man/man5/puppet.conf.5 +70 -24
- data/man/man8/puppet-agent.8 +8 -5
- data/man/man8/puppet-apply.8 +2 -2
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +6 -6
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +32 -1
- data/man/man8/puppet-filebucket.8 +3 -3
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +2 -2
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +7 -4
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +4 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +2 -2
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +2 -2
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +91 -0
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/provider/applytest/applytest.rb +2 -0
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/type/applytest.rb +25 -0
- data/spec/fixtures/unit/forge/bacula-releases.json +128 -0
- data/spec/fixtures/unit/forge/bacula.tar.gz +0 -0
- data/spec/fixtures/unit/provider/package/puppetserver_gem/gem-list-local-packages +30 -0
- data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +4 -0
- data/spec/integration/application/agent_spec.rb +263 -54
- data/spec/integration/application/apply_spec.rb +168 -149
- data/spec/integration/application/doc_spec.rb +16 -6
- data/spec/integration/application/filebucket_spec.rb +70 -21
- data/spec/integration/application/help_spec.rb +42 -0
- data/spec/integration/application/lookup_spec.rb +13 -0
- data/spec/integration/application/module_spec.rb +68 -0
- data/spec/integration/application/plugin_spec.rb +53 -3
- data/spec/integration/configurer_spec.rb +14 -0
- data/spec/integration/data_binding_spec.rb +82 -0
- data/spec/integration/defaults_spec.rb +20 -3
- data/spec/integration/directory_environments_spec.rb +17 -17
- data/spec/integration/environments/setting_hooks_spec.rb +1 -1
- data/spec/integration/indirector/facts/facter_spec.rb +8 -6
- data/spec/integration/network/http_pool_spec.rb +26 -9
- data/spec/integration/node/environment_spec.rb +1 -1
- data/spec/integration/parser/compiler_spec.rb +11 -0
- data/spec/integration/resource/type_collection_spec.rb +2 -6
- data/spec/integration/transaction_spec.rb +4 -9
- data/spec/integration/type/file_spec.rb +1 -1
- data/spec/integration/util/execution_spec.rb +22 -0
- data/spec/integration/util/windows/adsi_spec.rb +5 -3
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +11 -0
- data/spec/integration/util/windows/process_spec.rb +26 -32
- data/spec/integration/util/windows/registry_spec.rb +7 -17
- data/spec/integration/util/windows/user_spec.rb +47 -5
- data/spec/integration/util_spec.rb +7 -33
- data/spec/lib/puppet_spec/matchers.rb +0 -80
- data/spec/lib/puppet_spec/puppetserver.rb +8 -0
- data/spec/lib/puppet_spec/settings.rb +6 -1
- data/spec/shared_contexts/types_setup.rb +2 -0
- data/spec/spec_helper.rb +1 -4
- data/spec/unit/agent_spec.rb +8 -6
- data/spec/unit/application/agent_spec.rb +3 -5
- data/spec/unit/application/config_spec.rb +224 -4
- data/spec/unit/application/doc_spec.rb +2 -2
- data/spec/unit/application/face_base_spec.rb +6 -4
- data/spec/unit/application/facts_spec.rb +41 -10
- data/spec/unit/application/filebucket_spec.rb +0 -2
- data/spec/unit/application/man_spec.rb +52 -0
- data/spec/unit/application/resource_spec.rb +3 -1
- data/spec/unit/application/ssl_spec.rb +15 -2
- data/spec/unit/application_spec.rb +60 -13
- data/spec/unit/configurer/downloader_spec.rb +10 -0
- data/spec/unit/configurer/fact_handler_spec.rb +4 -4
- data/spec/unit/configurer_spec.rb +86 -37
- data/spec/unit/confine/feature_spec.rb +1 -1
- data/spec/unit/confine_spec.rb +10 -3
- data/spec/unit/context/trusted_information_spec.rb +10 -4
- data/spec/unit/defaults_spec.rb +20 -1
- data/spec/unit/environments_spec.rb +176 -32
- data/spec/unit/face/config_spec.rb +65 -12
- data/spec/unit/face/node_spec.rb +2 -13
- data/spec/unit/file_serving/configuration/parser_spec.rb +0 -1
- data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
- data/spec/unit/file_serving/metadata_spec.rb +3 -3
- data/spec/unit/file_serving/mount/locales_spec.rb +2 -2
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +2 -2
- data/spec/unit/file_serving/mount/plugins_spec.rb +2 -2
- data/spec/unit/file_serving/terminus_helper_spec.rb +11 -4
- data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
- data/spec/unit/file_system/uniquefile_spec.rb +18 -0
- data/spec/unit/file_system_spec.rb +1 -2
- data/spec/unit/forge/module_release_spec.rb +2 -7
- data/spec/unit/functions/inline_epp_spec.rb +26 -1
- data/spec/unit/http/client_spec.rb +64 -9
- data/spec/unit/http/resolver_spec.rb +24 -5
- data/spec/unit/http/response_spec.rb +6 -0
- data/spec/unit/http/service/ca_spec.rb +2 -3
- data/spec/unit/http/service/compiler_spec.rb +51 -3
- data/spec/unit/http/service/file_server_spec.rb +2 -3
- data/spec/unit/http/service/puppetserver_spec.rb +82 -0
- data/spec/unit/http/service/report_spec.rb +2 -3
- data/spec/unit/http/service_spec.rb +1 -2
- data/spec/unit/http/session_spec.rb +8 -21
- data/spec/unit/indirector/catalog/json_spec.rb +1 -1
- data/spec/unit/indirector/catalog/rest_spec.rb +1 -1
- data/spec/unit/indirector/face_spec.rb +0 -1
- data/spec/unit/indirector/facts/facter_spec.rb +0 -1
- data/spec/unit/indirector/facts/json_spec.rb +255 -0
- data/spec/unit/indirector/facts/rest_spec.rb +1 -1
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +26 -8
- data/spec/unit/indirector/file_metadata/http_spec.rb +27 -0
- data/spec/unit/indirector/indirection_spec.rb +8 -12
- data/spec/unit/indirector/json_spec.rb +8 -8
- data/spec/unit/indirector/key/file_spec.rb +0 -1
- data/spec/unit/indirector/msgpack_spec.rb +8 -8
- data/spec/unit/indirector/node/json_spec.rb +33 -0
- data/spec/unit/indirector/node/rest_spec.rb +1 -1
- data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
- data/spec/unit/indirector/report/yaml_spec.rb +72 -8
- data/spec/unit/indirector/request_spec.rb +5 -5
- data/spec/unit/indirector/rest_spec.rb +1 -1
- data/spec/unit/indirector/status/rest_spec.rb +1 -1
- data/spec/unit/indirector/yaml_spec.rb +7 -7
- data/spec/unit/indirector_spec.rb +2 -2
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/module_tool/applications/installer_spec.rb +66 -0
- data/spec/unit/module_tool/tar/mini_spec.rb +20 -0
- data/spec/unit/network/authconfig_spec.rb +0 -3
- data/spec/unit/network/format_support_spec.rb +3 -2
- data/spec/unit/network/http/api/indirected_routes_spec.rb +2 -10
- data/spec/unit/network/http/api/master/v3/environments_spec.rb +12 -23
- data/spec/unit/network/http/connection_spec.rb +42 -32
- data/spec/unit/network/http/handler_spec.rb +0 -5
- data/spec/unit/node/environment_spec.rb +18 -1
- data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
- data/spec/unit/parser/compiler_spec.rb +3 -19
- data/spec/unit/parser/environment_compiler_spec.rb +7 -0
- data/spec/unit/parser/resource_spec.rb +14 -8
- data/spec/unit/parser/scope_spec.rb +1 -1
- data/spec/unit/parser/templatewrapper_spec.rb +4 -3
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +20 -0
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +15 -1
- data/spec/unit/pops/loaders/loaders_spec.rb +71 -1
- data/spec/unit/pops/lookup/lookup_spec.rb +25 -0
- data/spec/unit/pops/types/type_calculator_spec.rb +1 -11
- data/spec/unit/property_spec.rb +1 -0
- data/spec/unit/provider/exec_spec.rb +4 -3
- data/spec/unit/provider/nameservice_spec.rb +66 -65
- data/spec/unit/provider/package/apt_spec.rb +76 -3
- data/spec/unit/provider/package/aptitude_spec.rb +1 -0
- data/spec/unit/provider/package/base_spec.rb +6 -5
- data/spec/unit/provider/package/dpkg_spec.rb +22 -7
- data/spec/unit/provider/package/openbsd_spec.rb +2 -0
- data/spec/unit/provider/package/pacman_spec.rb +18 -12
- data/spec/unit/provider/package/pip2_spec.rb +36 -0
- data/spec/unit/provider/package/pip_spec.rb +6 -11
- data/spec/unit/provider/package/pkgdmg_spec.rb +0 -4
- data/spec/unit/provider/package/puppet_gem_spec.rb +4 -1
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +137 -0
- data/spec/unit/provider/package/yum_spec.rb +31 -0
- data/spec/unit/provider/package/zypper_spec.rb +14 -0
- data/spec/unit/provider/service/base_spec.rb +2 -4
- data/spec/unit/provider/service/bsd_spec.rb +5 -1
- data/spec/unit/provider/service/daemontools_spec.rb +1 -1
- data/spec/unit/provider/service/debian_spec.rb +3 -5
- data/spec/unit/provider/service/freebsd_spec.rb +1 -1
- data/spec/unit/provider/service/gentoo_spec.rb +4 -5
- data/spec/unit/provider/service/init_spec.rb +45 -5
- data/spec/unit/provider/service/launchd_spec.rb +5 -6
- data/spec/unit/provider/service/openrc_spec.rb +4 -5
- data/spec/unit/provider/service/openwrt_spec.rb +1 -1
- data/spec/unit/provider/service/redhat_spec.rb +1 -1
- data/spec/unit/provider/service/runit_spec.rb +2 -1
- data/spec/unit/provider/service/smf_spec.rb +1 -1
- data/spec/unit/provider/service/src_spec.rb +3 -5
- data/spec/unit/provider/service/systemd_spec.rb +3 -6
- data/spec/unit/provider/service/upstart_spec.rb +4 -5
- data/spec/unit/provider/service/windows_spec.rb +50 -14
- data/spec/unit/provider/user/aix_spec.rb +5 -0
- data/spec/unit/provider/user/hpux_spec.rb +1 -1
- data/spec/unit/provider/user/openbsd_spec.rb +1 -0
- data/spec/unit/provider/user/pw_spec.rb +2 -0
- data/spec/unit/provider/user/useradd_spec.rb +23 -16
- data/spec/unit/provider/user/windows_adsi_spec.rb +82 -0
- data/spec/unit/provider_spec.rb +8 -10
- data/spec/unit/puppet_pal_2pec.rb +40 -0
- data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
- data/spec/unit/reports/store_spec.rb +17 -13
- data/spec/unit/resource/capability_finder_spec.rb +6 -1
- data/spec/unit/resource/type_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +14 -13
- data/spec/unit/rest/route_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +576 -239
- data/spec/unit/ssl/base_spec.rb +0 -1
- data/spec/unit/ssl/host_spec.rb +0 -5
- data/spec/unit/ssl/ssl_provider_spec.rb +82 -50
- data/spec/unit/test/test_helper_spec.rb +17 -0
- data/spec/unit/transaction/additional_resource_generator_spec.rb +3 -7
- data/spec/unit/transaction/event_manager_spec.rb +14 -11
- data/spec/unit/transaction/persistence_spec.rb +15 -0
- data/spec/unit/transaction/report_spec.rb +3 -1
- data/spec/unit/transaction_spec.rb +13 -4
- data/spec/unit/type/file/content_spec.rb +0 -1
- data/spec/unit/type/file/selinux_spec.rb +0 -2
- data/spec/unit/type/file/source_spec.rb +4 -4
- data/spec/unit/type/file_spec.rb +122 -102
- data/spec/unit/type/filebucket_spec.rb +1 -1
- data/spec/unit/type/group_spec.rb +13 -6
- data/spec/unit/type/resources_spec.rb +7 -7
- data/spec/unit/type/service_spec.rb +210 -1
- data/spec/unit/type/tidy_spec.rb +0 -1
- data/spec/unit/type/user_spec.rb +31 -2
- data/spec/unit/type_spec.rb +52 -2
- data/spec/unit/util/at_fork_spec.rb +2 -2
- data/spec/unit/util/autoload_spec.rb +5 -1
- data/spec/unit/util/backups_spec.rb +1 -2
- data/spec/unit/util/character_encoding_spec.rb +4 -4
- data/spec/unit/util/checksums_spec.rb +16 -0
- data/spec/unit/util/command_line_spec.rb +11 -6
- data/spec/unit/util/execution_spec.rb +15 -11
- data/spec/unit/util/inifile_spec.rb +6 -14
- data/spec/unit/util/log_spec.rb +8 -7
- data/spec/unit/util/logging_spec.rb +3 -3
- data/spec/unit/util/posix_spec.rb +363 -15
- data/spec/unit/util/rubygems_spec.rb +2 -2
- data/spec/unit/util/run_mode_spec.rb +6 -6
- data/spec/unit/util/selinux_spec.rb +76 -52
- data/spec/unit/util/storage_spec.rb +3 -1
- data/spec/unit/util/suidmanager_spec.rb +44 -41
- data/spec/unit/util/windows/api_types_spec.rb +104 -40
- data/spec/unit/util/windows/service_spec.rb +4 -4
- data/spec/unit/util_spec.rb +16 -9
- data/spec/unit/x509/cert_provider_spec.rb +1 -1
- metadata +52 -53
- data/spec/integration/faces/config_spec.rb +0 -91
- data/spec/integration/faces/documentation_spec.rb +0 -57
- data/spec/integration/file_bucket/file_spec.rb +0 -50
- data/spec/integration/file_serving/content_spec.rb +0 -7
- data/spec/integration/file_serving/fileset_spec.rb +0 -12
- data/spec/integration/file_serving/metadata_spec.rb +0 -8
- data/spec/integration/file_serving/terminus_helper_spec.rb +0 -20
- data/spec/integration/file_system/uniquefile_spec.rb +0 -26
- data/spec/integration/module_tool/forge_spec.rb +0 -51
- data/spec/integration/module_tool/tar/mini_spec.rb +0 -28
- data/spec/integration/provider/service/init_spec.rb +0 -48
- data/spec/integration/provider/service/systemd_spec.rb +0 -25
- data/spec/integration/provider/service/windows_spec.rb +0 -50
- data/spec/integration/reference/providers_spec.rb +0 -21
- data/spec/integration/reports_spec.rb +0 -13
- data/spec/integration/ssl/certificate_request_spec.rb +0 -44
- data/spec/integration/ssl/host_spec.rb +0 -72
- data/spec/integration/ssl/key_spec.rb +0 -99
- data/spec/integration/test/test_helper_spec.rb +0 -31
- data/spec/shared_behaviours/file_serving_model.rb +0 -51
- data/spec/unit/face/catalog_spec.rb +0 -6
- data/spec/unit/face/man_spec.rb +0 -25
- data/spec/unit/face/module_spec.rb +0 -3
- data/spec/unit/man_spec.rb +0 -31
data/spec/unit/ssl/base_spec.rb
CHANGED
|
@@ -47,7 +47,6 @@ describe Puppet::SSL::Certificate do
|
|
|
47
47
|
describe "when initializing wrapped class from a file with #read" do
|
|
48
48
|
it "should open the file with ASCII encoding" do
|
|
49
49
|
path = '/foo/bar/cert'
|
|
50
|
-
allow(Puppet::SSL::Base).to receive(:valid_certname).and_return(true)
|
|
51
50
|
expect(Puppet::FileSystem).to receive(:read).with(path, :encoding => Encoding::ASCII).and_return("bar")
|
|
52
51
|
@base.read(path)
|
|
53
52
|
end
|
data/spec/unit/ssl/host_spec.rb
CHANGED
|
@@ -263,8 +263,6 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
|
263
263
|
end
|
|
264
264
|
|
|
265
265
|
it "should send a new request to the CA for signing" do
|
|
266
|
-
@http = double("http")
|
|
267
|
-
allow(@host).to receive(:http_client).and_return(@http)
|
|
268
266
|
allow(@host).to receive(:ssl_store).and_return(double("ssl store"))
|
|
269
267
|
allow(@host).to receive(:key).and_return(key)
|
|
270
268
|
request = double("request")
|
|
@@ -307,7 +305,6 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
|
307
305
|
Puppet[:certdir] = tmpdir('certs')
|
|
308
306
|
allow(@host).to receive(:key).and_return(double("key"))
|
|
309
307
|
allow(@host).to receive(:validate_certificate_with_key)
|
|
310
|
-
allow(@host).to receive(:http_client).and_return(@http)
|
|
311
308
|
allow(@host).to receive(:ssl_store).and_return(double("ssl store"))
|
|
312
309
|
end
|
|
313
310
|
|
|
@@ -464,8 +461,6 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
|
|
|
464
461
|
@revoked_cert = @pki[:revoked_root_node_cert]
|
|
465
462
|
localcacert = Puppet.settings[:localcacert]
|
|
466
463
|
Puppet::Util.replace_file(localcacert, 0644) {|f| f.write @pki[:ca_bundle] }
|
|
467
|
-
@http = double('http')
|
|
468
|
-
allow(@host).to receive(:http_client).and_return(@http)
|
|
469
464
|
end
|
|
470
465
|
|
|
471
466
|
after do
|
|
@@ -42,20 +42,20 @@ describe Puppet::SSL::SSLProvider do
|
|
|
42
42
|
let(:config) { { cacerts: [], crls: [], revocation: false } }
|
|
43
43
|
|
|
44
44
|
it 'accepts empty list of certs and crls' do
|
|
45
|
-
sslctx = subject.create_root_context(config)
|
|
45
|
+
sslctx = subject.create_root_context(**config)
|
|
46
46
|
expect(sslctx.cacerts).to eq([])
|
|
47
47
|
expect(sslctx.crls).to eq([])
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
it 'accepts valid root certs' do
|
|
51
51
|
certs = [cert_fixture('ca.pem')]
|
|
52
|
-
sslctx = subject.create_root_context(config.merge(cacerts: certs))
|
|
52
|
+
sslctx = subject.create_root_context(**config.merge(cacerts: certs))
|
|
53
53
|
expect(sslctx.cacerts).to eq(certs)
|
|
54
54
|
end
|
|
55
55
|
|
|
56
56
|
it 'accepts valid intermediate certs' do
|
|
57
57
|
certs = [cert_fixture('ca.pem'), cert_fixture('intermediate.pem')]
|
|
58
|
-
sslctx = subject.create_root_context(config.merge(cacerts: certs))
|
|
58
|
+
sslctx = subject.create_root_context(**config.merge(cacerts: certs))
|
|
59
59
|
expect(sslctx.cacerts).to eq(certs)
|
|
60
60
|
end
|
|
61
61
|
|
|
@@ -63,19 +63,19 @@ describe Puppet::SSL::SSLProvider do
|
|
|
63
63
|
expired = [cert_fixture('ca.pem'), cert_fixture('intermediate.pem')]
|
|
64
64
|
expired.each { |x509| x509.not_after = Time.at(0) }
|
|
65
65
|
|
|
66
|
-
sslctx = subject.create_root_context(config.merge(cacerts: expired))
|
|
66
|
+
sslctx = subject.create_root_context(**config.merge(cacerts: expired))
|
|
67
67
|
expect(sslctx.cacerts).to eq(expired)
|
|
68
68
|
end
|
|
69
69
|
|
|
70
70
|
it 'raises if the frozen context is modified' do
|
|
71
|
-
sslctx = subject.create_root_context(config)
|
|
71
|
+
sslctx = subject.create_root_context(**config)
|
|
72
72
|
expect {
|
|
73
73
|
sslctx.verify_peer = false
|
|
74
74
|
}.to raise_error(/can't modify frozen/)
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
it 'verifies peer' do
|
|
78
|
-
sslctx = subject.create_root_context(config)
|
|
78
|
+
sslctx = subject.create_root_context(**config)
|
|
79
79
|
expect(sslctx.verify_peer).to eq(true)
|
|
80
80
|
end
|
|
81
81
|
end
|
|
@@ -134,6 +134,32 @@ describe Puppet::SSL::SSLProvider do
|
|
|
134
134
|
expect(sslctx.client_cert).to be_nil
|
|
135
135
|
expect(sslctx.private_key).to be_nil
|
|
136
136
|
end
|
|
137
|
+
|
|
138
|
+
it 'trusts additional system certs' do
|
|
139
|
+
path = tmpfile('system_cacerts')
|
|
140
|
+
File.write(path, cert_fixture('ca.pem').to_pem)
|
|
141
|
+
|
|
142
|
+
expect_any_instance_of(OpenSSL::X509::Store).to receive(:add_file).with(path)
|
|
143
|
+
|
|
144
|
+
subject.create_system_context(cacerts: [], path: path)
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
it 'ignores empty files' do
|
|
148
|
+
path = tmpfile('system_cacerts')
|
|
149
|
+
FileUtils.touch(path)
|
|
150
|
+
|
|
151
|
+
subject.create_system_context(cacerts: [], path: path)
|
|
152
|
+
|
|
153
|
+
expect(@logs).to eq([])
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
it 'prints an error if it is not a file' do
|
|
157
|
+
path = tmpdir('system_cacerts')
|
|
158
|
+
|
|
159
|
+
subject.create_system_context(cacerts: [], path: path)
|
|
160
|
+
|
|
161
|
+
expect(@logs).to include(an_object_having_attributes(level: :warning, message: /^The 'ssl_trust_store' setting does not refer to a file and will be ignored/))
|
|
162
|
+
end
|
|
137
163
|
end
|
|
138
164
|
|
|
139
165
|
context 'when creating an ssl context with crls' do
|
|
@@ -142,14 +168,14 @@ describe Puppet::SSL::SSLProvider do
|
|
|
142
168
|
it 'accepts valid CRLs' do
|
|
143
169
|
certs = [cert_fixture('ca.pem')]
|
|
144
170
|
crls = [crl_fixture('crl.pem')]
|
|
145
|
-
sslctx = subject.create_root_context(config.merge(cacerts: certs, crls: crls))
|
|
171
|
+
sslctx = subject.create_root_context(**config.merge(cacerts: certs, crls: crls))
|
|
146
172
|
expect(sslctx.crls).to eq(crls)
|
|
147
173
|
end
|
|
148
174
|
|
|
149
175
|
it 'accepts valid CRLs for intermediate certs' do
|
|
150
176
|
certs = [cert_fixture('ca.pem'), cert_fixture('intermediate.pem')]
|
|
151
177
|
crls = [crl_fixture('crl.pem'), crl_fixture('intermediate-crl.pem')]
|
|
152
|
-
sslctx = subject.create_root_context(config.merge(cacerts: certs, crls: crls))
|
|
178
|
+
sslctx = subject.create_root_context(**config.merge(cacerts: certs, crls: crls))
|
|
153
179
|
expect(sslctx.crls).to eq(crls)
|
|
154
180
|
end
|
|
155
181
|
|
|
@@ -157,12 +183,12 @@ describe Puppet::SSL::SSLProvider do
|
|
|
157
183
|
expired = [crl_fixture('crl.pem'), crl_fixture('intermediate-crl.pem')]
|
|
158
184
|
expired.each { |x509| x509.last_update = Time.at(0) }
|
|
159
185
|
|
|
160
|
-
sslctx = subject.create_root_context(config.merge(crls: expired))
|
|
186
|
+
sslctx = subject.create_root_context(**config.merge(crls: expired))
|
|
161
187
|
expect(sslctx.crls).to eq(expired)
|
|
162
188
|
end
|
|
163
189
|
|
|
164
190
|
it 'verifies peer' do
|
|
165
|
-
sslctx = subject.create_root_context(config)
|
|
191
|
+
sslctx = subject.create_root_context(**config)
|
|
166
192
|
expect(sslctx.verify_peer).to eq(true)
|
|
167
193
|
end
|
|
168
194
|
end
|
|
@@ -174,49 +200,49 @@ describe Puppet::SSL::SSLProvider do
|
|
|
174
200
|
|
|
175
201
|
it 'raises if CA certs are missing' do
|
|
176
202
|
expect {
|
|
177
|
-
subject.create_context(config.merge(cacerts: nil))
|
|
203
|
+
subject.create_context(**config.merge(cacerts: nil))
|
|
178
204
|
}.to raise_error(ArgumentError, /CA certs are missing/)
|
|
179
205
|
end
|
|
180
206
|
|
|
181
207
|
it 'raises if CRLs are are missing' do
|
|
182
208
|
expect {
|
|
183
|
-
subject.create_context(config.merge(crls: nil))
|
|
209
|
+
subject.create_context(**config.merge(crls: nil))
|
|
184
210
|
}.to raise_error(ArgumentError, /CRLs are missing/)
|
|
185
211
|
end
|
|
186
212
|
|
|
187
213
|
it 'raises if private key is missing' do
|
|
188
214
|
expect {
|
|
189
|
-
subject.create_context(config.merge(private_key: nil))
|
|
215
|
+
subject.create_context(**config.merge(private_key: nil))
|
|
190
216
|
}.to raise_error(ArgumentError, /Private key is missing/)
|
|
191
217
|
end
|
|
192
218
|
|
|
193
219
|
it 'raises if client cert is missing' do
|
|
194
220
|
expect {
|
|
195
|
-
subject.create_context(config.merge(client_cert: nil))
|
|
221
|
+
subject.create_context(**config.merge(client_cert: nil))
|
|
196
222
|
}.to raise_error(ArgumentError, /Client cert is missing/)
|
|
197
223
|
end
|
|
198
224
|
|
|
199
225
|
it 'accepts RSA keys' do
|
|
200
|
-
sslctx = subject.create_context(config)
|
|
226
|
+
sslctx = subject.create_context(**config)
|
|
201
227
|
expect(sslctx.private_key).to eq(private_key)
|
|
202
228
|
end
|
|
203
229
|
|
|
204
230
|
it 'accepts EC keys' do
|
|
205
231
|
ec_key = ec_key_fixture('ec-key.pem')
|
|
206
232
|
ec_cert = cert_fixture('ec.pem')
|
|
207
|
-
sslctx = subject.create_context(config.merge(client_cert: ec_cert, private_key: ec_key))
|
|
233
|
+
sslctx = subject.create_context(**config.merge(client_cert: ec_cert, private_key: ec_key))
|
|
208
234
|
expect(sslctx.private_key).to eq(ec_key)
|
|
209
235
|
end
|
|
210
236
|
|
|
211
237
|
it 'raises if private key is unsupported' do
|
|
212
238
|
dsa_key = OpenSSL::PKey::DSA.new
|
|
213
239
|
expect {
|
|
214
|
-
subject.create_context(config.merge(private_key: dsa_key))
|
|
240
|
+
subject.create_context(**config.merge(private_key: dsa_key))
|
|
215
241
|
}.to raise_error(Puppet::SSL::SSLError, /Unsupported key 'OpenSSL::PKey::DSA'/)
|
|
216
242
|
end
|
|
217
243
|
|
|
218
244
|
it 'resolves the client chain from leaf to root' do
|
|
219
|
-
sslctx = subject.create_context(config)
|
|
245
|
+
sslctx = subject.create_context(**config)
|
|
220
246
|
expect(
|
|
221
247
|
sslctx.client_chain.map(&:subject).map(&:to_utf8)
|
|
222
248
|
).to eq(['CN=signed', 'CN=Test CA Subauthority', 'CN=Test CA'])
|
|
@@ -225,34 +251,40 @@ describe Puppet::SSL::SSLProvider do
|
|
|
225
251
|
it 'raises if client cert signature is invalid' do
|
|
226
252
|
client_cert.sign(wrong_key, OpenSSL::Digest::SHA256.new)
|
|
227
253
|
expect {
|
|
228
|
-
subject.create_context(config.merge(client_cert: client_cert))
|
|
254
|
+
subject.create_context(**config.merge(client_cert: client_cert))
|
|
229
255
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
230
256
|
"Invalid signature for certificate 'CN=signed'")
|
|
231
257
|
end
|
|
232
258
|
|
|
233
259
|
it 'raises if client cert and private key are mismatched' do
|
|
234
260
|
expect {
|
|
235
|
-
subject.create_context(config.merge(private_key: wrong_key))
|
|
261
|
+
subject.create_context(**config.merge(private_key: wrong_key))
|
|
236
262
|
}.to raise_error(Puppet::SSL::SSLError,
|
|
237
263
|
"The certificate for 'CN=signed' does not match its private key")
|
|
238
264
|
end
|
|
239
265
|
|
|
240
266
|
it "raises if client cert's public key has been replaced" do
|
|
241
267
|
expect {
|
|
242
|
-
subject.create_context(config.merge(client_cert: cert_fixture('tampered-cert.pem')))
|
|
268
|
+
subject.create_context(**config.merge(client_cert: cert_fixture('tampered-cert.pem')))
|
|
243
269
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
244
270
|
"Invalid signature for certificate 'CN=signed'")
|
|
245
271
|
end
|
|
246
272
|
|
|
247
273
|
# This option is only available in openssl 1.1
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
274
|
+
# OpenSSL 1.1.1h no longer reports expired root CAs when using "verify".
|
|
275
|
+
# This regression was fixed in 1.1.1i, so only skip this test if we're on
|
|
276
|
+
# the affected version.
|
|
277
|
+
# See: https://github.com/openssl/openssl/pull/13585
|
|
278
|
+
if Puppet::Util::Package.versioncmp(OpenSSL::OPENSSL_LIBRARY_VERSION.split[1], '1.1.1h') != 0
|
|
279
|
+
it 'raises if root cert signature is invalid', if: defined?(OpenSSL::X509::V_FLAG_CHECK_SS_SIGNATURE) do
|
|
280
|
+
ca = global_cacerts.first
|
|
281
|
+
ca.sign(wrong_key, OpenSSL::Digest::SHA256.new)
|
|
282
|
+
|
|
283
|
+
expect {
|
|
284
|
+
subject.create_context(**config.merge(cacerts: global_cacerts))
|
|
285
|
+
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
286
|
+
"Invalid signature for certificate 'CN=Test CA'")
|
|
287
|
+
end
|
|
256
288
|
end
|
|
257
289
|
|
|
258
290
|
it 'raises if intermediate CA signature is invalid' do
|
|
@@ -260,7 +292,7 @@ describe Puppet::SSL::SSLProvider do
|
|
|
260
292
|
int.sign(wrong_key, OpenSSL::Digest::SHA256.new)
|
|
261
293
|
|
|
262
294
|
expect {
|
|
263
|
-
subject.create_context(config.merge(cacerts: global_cacerts))
|
|
295
|
+
subject.create_context(**config.merge(cacerts: global_cacerts))
|
|
264
296
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
265
297
|
"Invalid signature for certificate 'CN=Test CA Subauthority'")
|
|
266
298
|
end
|
|
@@ -270,7 +302,7 @@ describe Puppet::SSL::SSLProvider do
|
|
|
270
302
|
crl.sign(wrong_key, OpenSSL::Digest::SHA256.new)
|
|
271
303
|
|
|
272
304
|
expect {
|
|
273
|
-
subject.create_context(config.merge(crls: global_crls))
|
|
305
|
+
subject.create_context(**config.merge(crls: global_crls))
|
|
274
306
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
275
307
|
"Invalid signature for CRL issued by 'CN=Test CA'")
|
|
276
308
|
end
|
|
@@ -280,14 +312,14 @@ describe Puppet::SSL::SSLProvider do
|
|
|
280
312
|
crl.sign(wrong_key, OpenSSL::Digest::SHA256.new)
|
|
281
313
|
|
|
282
314
|
expect {
|
|
283
|
-
subject.create_context(config.merge(crls: global_crls))
|
|
315
|
+
subject.create_context(**config.merge(crls: global_crls))
|
|
284
316
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
285
317
|
"Invalid signature for CRL issued by 'CN=Test CA Subauthority'")
|
|
286
318
|
end
|
|
287
319
|
|
|
288
320
|
it 'raises if client cert is revoked' do
|
|
289
321
|
expect {
|
|
290
|
-
subject.create_context(config.merge(private_key: key_fixture('revoked-key.pem'), client_cert: cert_fixture('revoked.pem')))
|
|
322
|
+
subject.create_context(**config.merge(private_key: key_fixture('revoked-key.pem'), client_cert: cert_fixture('revoked.pem')))
|
|
291
323
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
292
324
|
"Certificate 'CN=revoked' is revoked")
|
|
293
325
|
end
|
|
@@ -295,12 +327,12 @@ describe Puppet::SSL::SSLProvider do
|
|
|
295
327
|
it 'warns if intermediate issuer is missing' do
|
|
296
328
|
expect(Puppet).to receive(:warning).with("The issuer 'CN=Test CA Subauthority' of certificate 'CN=signed' cannot be found locally")
|
|
297
329
|
|
|
298
|
-
subject.create_context(config.merge(cacerts: [cert_fixture('ca.pem')]))
|
|
330
|
+
subject.create_context(**config.merge(cacerts: [cert_fixture('ca.pem')]))
|
|
299
331
|
end
|
|
300
332
|
|
|
301
333
|
it 'raises if root issuer is missing' do
|
|
302
334
|
expect {
|
|
303
|
-
subject.create_context(config.merge(cacerts: [cert_fixture('intermediate.pem')]))
|
|
335
|
+
subject.create_context(**config.merge(cacerts: [cert_fixture('intermediate.pem')]))
|
|
304
336
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
305
337
|
"The issuer 'CN=Test CA' of certificate 'CN=Test CA Subauthority' is missing")
|
|
306
338
|
end
|
|
@@ -308,7 +340,7 @@ describe Puppet::SSL::SSLProvider do
|
|
|
308
340
|
it 'raises if cert is not valid yet', unless: Puppet::Util::Platform.jruby? do
|
|
309
341
|
client_cert.not_before = Time.now + (5 * 60 * 60)
|
|
310
342
|
expect {
|
|
311
|
-
subject.create_context(config.merge(client_cert: client_cert))
|
|
343
|
+
subject.create_context(**config.merge(client_cert: client_cert))
|
|
312
344
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
313
345
|
"The certificate 'CN=signed' is not yet valid, verify time is synchronized")
|
|
314
346
|
end
|
|
@@ -316,7 +348,7 @@ describe Puppet::SSL::SSLProvider do
|
|
|
316
348
|
it 'raises if cert is expired', unless: Puppet::Util::Platform.jruby? do
|
|
317
349
|
client_cert.not_after = Time.at(0)
|
|
318
350
|
expect {
|
|
319
|
-
subject.create_context(config.merge(client_cert: client_cert))
|
|
351
|
+
subject.create_context(**config.merge(client_cert: client_cert))
|
|
320
352
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
321
353
|
"The certificate 'CN=signed' has expired, verify time is synchronized")
|
|
322
354
|
end
|
|
@@ -327,7 +359,7 @@ describe Puppet::SSL::SSLProvider do
|
|
|
327
359
|
future_crls.first.last_update = Time.now + (5 * 60 * 60)
|
|
328
360
|
|
|
329
361
|
expect {
|
|
330
|
-
subject.create_context(config.merge(crls: future_crls))
|
|
362
|
+
subject.create_context(**config.merge(crls: future_crls))
|
|
331
363
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
332
364
|
"The CRL issued by 'CN=Test CA' is not yet valid, verify time is synchronized")
|
|
333
365
|
end
|
|
@@ -338,7 +370,7 @@ describe Puppet::SSL::SSLProvider do
|
|
|
338
370
|
past_crls.first.next_update = Time.at(0)
|
|
339
371
|
|
|
340
372
|
expect {
|
|
341
|
-
subject.create_context(config.merge(crls: past_crls))
|
|
373
|
+
subject.create_context(**config.merge(crls: past_crls))
|
|
342
374
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
343
375
|
"The CRL issued by 'CN=Test CA' has expired, verify time is synchronized")
|
|
344
376
|
end
|
|
@@ -346,7 +378,7 @@ describe Puppet::SSL::SSLProvider do
|
|
|
346
378
|
it 'raises if the root CRL is missing' do
|
|
347
379
|
crls = [crl_fixture('intermediate-crl.pem')]
|
|
348
380
|
expect {
|
|
349
|
-
subject.create_context(config.merge(crls: crls, revocation: :chain))
|
|
381
|
+
subject.create_context(**config.merge(crls: crls, revocation: :chain))
|
|
350
382
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
351
383
|
"The CRL issued by 'CN=Test CA' is missing")
|
|
352
384
|
end
|
|
@@ -354,23 +386,23 @@ describe Puppet::SSL::SSLProvider do
|
|
|
354
386
|
it 'raises if the intermediate CRL is missing' do
|
|
355
387
|
crls = [crl_fixture('crl.pem')]
|
|
356
388
|
expect {
|
|
357
|
-
subject.create_context(config.merge(crls: crls))
|
|
389
|
+
subject.create_context(**config.merge(crls: crls))
|
|
358
390
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
359
391
|
"The CRL issued by 'CN=Test CA Subauthority' is missing")
|
|
360
392
|
end
|
|
361
393
|
|
|
362
394
|
it "doesn't raise if the root CRL is missing and we're just checking the leaf" do
|
|
363
395
|
crls = [crl_fixture('intermediate-crl.pem')]
|
|
364
|
-
subject.create_context(config.merge(crls: crls, revocation: :leaf))
|
|
396
|
+
subject.create_context(**config.merge(crls: crls, revocation: :leaf))
|
|
365
397
|
end
|
|
366
398
|
|
|
367
399
|
it "doesn't raise if the intermediate CRL is missing and revocation checking is disabled" do
|
|
368
400
|
crls = [crl_fixture('crl.pem')]
|
|
369
|
-
subject.create_context(config.merge(crls: crls, revocation: false))
|
|
401
|
+
subject.create_context(**config.merge(crls: crls, revocation: false))
|
|
370
402
|
end
|
|
371
403
|
|
|
372
404
|
it "doesn't raise if both CRLs are missing and revocation checking is disabled" do
|
|
373
|
-
subject.create_context(config.merge(crls: [], revocation: false))
|
|
405
|
+
subject.create_context(**config.merge(crls: [], revocation: false))
|
|
374
406
|
end
|
|
375
407
|
|
|
376
408
|
# OpenSSL < 1.1 does not verify basicConstraints
|
|
@@ -378,7 +410,7 @@ describe Puppet::SSL::SSLProvider do
|
|
|
378
410
|
certs = [cert_fixture('bad-basic-constraints.pem'), cert_fixture('intermediate.pem')]
|
|
379
411
|
|
|
380
412
|
expect {
|
|
381
|
-
subject.create_context(config.merge(cacerts: certs, crls: [], revocation: false))
|
|
413
|
+
subject.create_context(**config.merge(cacerts: certs, crls: [], revocation: false))
|
|
382
414
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
383
415
|
"Certificate 'CN=Test CA' failed verification (24): invalid CA certificate")
|
|
384
416
|
end
|
|
@@ -388,32 +420,32 @@ describe Puppet::SSL::SSLProvider do
|
|
|
388
420
|
certs = [cert_fixture('ca.pem'), cert_fixture('bad-int-basic-constraints.pem')]
|
|
389
421
|
|
|
390
422
|
expect {
|
|
391
|
-
subject.create_context(config.merge(cacerts: certs, crls: [], revocation: false))
|
|
423
|
+
subject.create_context(**config.merge(cacerts: certs, crls: [], revocation: false))
|
|
392
424
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
393
425
|
"Certificate 'CN=Test CA Subauthority' failed verification (24): invalid CA certificate")
|
|
394
426
|
end
|
|
395
427
|
|
|
396
428
|
it 'accepts CA certs in any order' do
|
|
397
|
-
sslctx = subject.create_context(config.merge(cacerts: global_cacerts.reverse))
|
|
429
|
+
sslctx = subject.create_context(**config.merge(cacerts: global_cacerts.reverse))
|
|
398
430
|
# certs in ruby+openssl 1.0.x are not comparable, so compare subjects
|
|
399
431
|
expect(sslctx.client_chain.map(&:subject).map(&:to_utf8)).to contain_exactly('CN=Test CA', 'CN=Test CA Subauthority', 'CN=signed')
|
|
400
432
|
end
|
|
401
433
|
|
|
402
434
|
it 'accepts CRLs in any order' do
|
|
403
|
-
sslctx = subject.create_context(config.merge(crls: global_crls.reverse))
|
|
435
|
+
sslctx = subject.create_context(**config.merge(crls: global_crls.reverse))
|
|
404
436
|
# certs in ruby+openssl 1.0.x are not comparable, so compare subjects
|
|
405
437
|
expect(sslctx.client_chain.map(&:subject).map(&:to_utf8)).to contain_exactly('CN=Test CA', 'CN=Test CA Subauthority', 'CN=signed')
|
|
406
438
|
end
|
|
407
439
|
|
|
408
440
|
it 'raises if the frozen context is modified' do
|
|
409
|
-
sslctx = subject.create_context(config)
|
|
441
|
+
sslctx = subject.create_context(**config)
|
|
410
442
|
expect {
|
|
411
443
|
sslctx.verify_peer = false
|
|
412
444
|
}.to raise_error(/can't modify frozen/)
|
|
413
445
|
end
|
|
414
446
|
|
|
415
447
|
it 'verifies peer' do
|
|
416
|
-
sslctx = subject.create_context(config)
|
|
448
|
+
sslctx = subject.create_context(**config)
|
|
417
449
|
expect(sslctx.verify_peer).to eq(true)
|
|
418
450
|
end
|
|
419
451
|
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe "TestHelper" do
|
|
4
|
+
context "#after_each_test" do
|
|
5
|
+
it "restores the original environment" do
|
|
6
|
+
varname = 'test_helper_spec-test_variable'
|
|
7
|
+
Puppet::Util.set_env(varname, "\u16A0")
|
|
8
|
+
|
|
9
|
+
expect(Puppet::Util.get_env(varname)).to eq("\u16A0")
|
|
10
|
+
|
|
11
|
+
# Prematurely trigger the after_each_test method
|
|
12
|
+
Puppet::Test::TestHelper.after_each_test
|
|
13
|
+
|
|
14
|
+
expect(Puppet::Util::get_env(varname)).to be_nil
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -33,10 +33,6 @@ describe Puppet::Transaction::AdditionalResourceGenerator do
|
|
|
33
33
|
|
|
34
34
|
newparam(:code)
|
|
35
35
|
|
|
36
|
-
def respond_to?(method_name)
|
|
37
|
-
method_name == self[:kind] || super
|
|
38
|
-
end
|
|
39
|
-
|
|
40
36
|
def eval_generate
|
|
41
37
|
eval_code
|
|
42
38
|
end
|
|
@@ -314,13 +310,13 @@ describe Puppet::Transaction::AdditionalResourceGenerator do
|
|
|
314
310
|
|
|
315
311
|
it "sets resources_failed_to_generate to true if resource#eval_generate raises an exception" do
|
|
316
312
|
catalog = compile_to_ral(<<-MANIFEST)
|
|
317
|
-
|
|
313
|
+
generator { thing: }
|
|
318
314
|
MANIFEST
|
|
319
315
|
|
|
320
|
-
allow(catalog.resource("
|
|
316
|
+
allow(catalog.resource("Generator[thing]")).to receive(:eval_generate).and_raise(RuntimeError)
|
|
321
317
|
relationship_graph = relationship_graph_for(catalog)
|
|
322
318
|
generator = Puppet::Transaction::AdditionalResourceGenerator.new(catalog, relationship_graph, prioritizer)
|
|
323
|
-
generator.eval_generate(catalog.resource("
|
|
319
|
+
generator.eval_generate(catalog.resource("Generator[thing]"))
|
|
324
320
|
|
|
325
321
|
expect(generator.resources_failed_to_generate).to be_truthy
|
|
326
322
|
end
|