puppet 6.19.1-universal-darwin → 7.0.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/Gemfile.lock +19 -20
- data/README.md +1 -1
- data/conf/fileserver.conf +5 -10
- data/ext/build_defaults.yaml +1 -1
- data/ext/osx/file_mapping.yaml +0 -5
- data/ext/project_data.yaml +1 -14
- data/ext/redhat/puppet.spec.erb +0 -1
- data/ext/windows/service/daemon.rb +6 -5
- data/install.rb +21 -17
- data/lib/puppet.rb +11 -20
- data/lib/puppet/application.rb +172 -98
- data/lib/puppet/application/device.rb +100 -104
- data/lib/puppet/application/filebucket.rb +15 -11
- data/lib/puppet/application/ssl.rb +1 -1
- data/lib/puppet/configurer.rb +28 -33
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/defaults.rb +95 -159
- data/lib/puppet/environments.rb +10 -25
- data/lib/puppet/face/config.rb +10 -0
- data/lib/puppet/face/epp.rb +12 -2
- data/lib/puppet/face/facts.rb +66 -6
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/file_serving/configuration.rb +0 -5
- data/lib/puppet/file_serving/configuration/parser.rb +3 -32
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/functions/epp.rb +1 -0
- data/lib/puppet/functions/inline_epp.rb +1 -0
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/http.rb +22 -13
- data/lib/puppet/http/client.rb +164 -114
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -11
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -12
- data/lib/puppet/http/resolver.rb +5 -15
- data/lib/puppet/http/resolver/server_list.rb +6 -10
- data/lib/puppet/http/resolver/settings.rb +4 -7
- data/lib/puppet/http/resolver/srv.rb +7 -11
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service.rb +12 -26
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +22 -69
- data/lib/puppet/http/service/file_server.rb +18 -27
- data/lib/puppet/http/service/puppetserver.rb +26 -12
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/session.rb +11 -20
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/indirector/catalog/rest.rb +2 -4
- data/lib/puppet/indirector/fact_search.rb +60 -0
- data/lib/puppet/indirector/facts/facter.rb +24 -3
- data/lib/puppet/indirector/facts/json.rb +27 -0
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/facts/yaml.rb +3 -58
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -9
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/json.rb +5 -1
- data/lib/puppet/indirector/node/json.rb +8 -0
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/json.rb +34 -0
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +0 -101
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/formats.rb +2 -1
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node.rb +1 -30
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +73 -18
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/resource.rb +0 -69
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +22 -8
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -290
- data/lib/puppet/pops/model/factory.rb +0 -45
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/egrammar.ra +0 -56
- data/lib/puppet/pops/parser/eparser.rb +1520 -1712
- data/lib/puppet/pops/parser/lexer2.rb +4 -4
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +0 -1
- data/lib/puppet/pops/validation/checker4_0.rb +9 -37
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/provider.rb +0 -13
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/dpkg.rb +0 -10
- data/lib/puppet/provider/package/gem.rb +23 -3
- data/lib/puppet/provider/package/pip.rb +0 -1
- data/lib/puppet/provider/package/pkg.rb +0 -4
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -4
- data/lib/puppet/provider/service/smf.rb +191 -73
- data/lib/puppet/provider/user/directoryservice.rb +0 -10
- data/lib/puppet/reference/configuration.rb +2 -0
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/resource.rb +1 -89
- data/lib/puppet/resource/catalog.rb +1 -14
- data/lib/puppet/resource/type.rb +3 -119
- data/lib/puppet/resource/type_collection.rb +3 -48
- data/lib/puppet/runtime.rb +1 -2
- data/lib/puppet/settings.rb +45 -33
- data/lib/puppet/settings/base_setting.rb +26 -2
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +17 -0
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -0
- data/lib/puppet/test/test_helper.rb +1 -3
- data/lib/puppet/transaction.rb +1 -7
- data/lib/puppet/transaction/report.rb +2 -4
- data/lib/puppet/type.rb +0 -76
- data/lib/puppet/type/file.rb +5 -7
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/filebucket.rb +3 -3
- data/lib/puppet/type/package.rb +5 -13
- data/lib/puppet/util/execution.rb +0 -11
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/monkey_patches.rb +0 -46
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/rubygems.rb +5 -1
- data/lib/puppet/util/run_mode.rb +9 -1
- data/lib/puppet/util/windows.rb +3 -8
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/service.rb +9 -460
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/yaml.rb +0 -22
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/locales/puppet.pot +531 -1232
- data/man/man5/puppet.conf.5 +37 -97
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +55 -9
- data/man/man8/puppet-filebucket.8 +6 -6
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -58
- data/man/man8/puppet-node.8 +4 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +4 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/integration/application/agent_spec.rb +24 -11
- data/spec/integration/application/apply_spec.rb +1 -1
- data/spec/integration/application/filebucket_spec.rb +16 -16
- data/spec/integration/application/help_spec.rb +2 -0
- data/spec/integration/application/plugin_spec.rb +23 -1
- data/spec/integration/defaults_spec.rb +7 -3
- data/spec/integration/environments/setting_hooks_spec.rb +1 -1
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -37
- data/spec/integration/type/file_spec.rb +5 -4
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/lib/puppet_spec/puppetserver.rb +1 -1
- data/spec/lib/puppet_spec/settings.rb +7 -1
- data/spec/spec_helper.rb +2 -0
- data/spec/unit/agent_spec.rb +0 -2
- data/spec/unit/application/config_spec.rb +224 -4
- data/spec/unit/application/facts_spec.rb +35 -0
- data/spec/unit/application/filebucket_spec.rb +41 -39
- data/spec/unit/application/ssl_spec.rb +2 -2
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +6 -2
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +12 -9
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/defaults_spec.rb +77 -28
- data/spec/unit/environments_spec.rb +0 -3
- data/spec/unit/face/config_spec.rb +27 -32
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +14 -18
- data/spec/unit/file_serving/configuration_spec.rb +6 -12
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/inline_epp_spec.rb +26 -1
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/http/client_spec.rb +7 -8
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +13 -13
- data/spec/unit/http/service/compiler_spec.rb +49 -62
- data/spec/unit/http/service/file_server_spec.rb +3 -3
- data/spec/unit/http/service/puppetserver_spec.rb +34 -4
- data/spec/unit/http/service_spec.rb +1 -2
- data/spec/unit/http/session_spec.rb +16 -14
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/facts/facter_spec.rb +97 -0
- data/spec/unit/indirector/facts/json_spec.rb +255 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/node/json_spec.rb +33 -0
- data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/report/yaml_spec.rb +72 -8
- data/spec/unit/indirector/request_spec.rb +0 -264
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/network/authconfig_spec.rb +2 -132
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/formats_spec.rb +4 -4
- data/spec/unit/network/http/api/indirected_routes_spec.rb +1 -97
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -6
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +33 -21
- data/spec/unit/node_spec.rb +2 -54
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -46
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/provider/nameservice_spec.rb +0 -57
- data/spec/unit/provider/package/dpkg_spec.rb +0 -48
- data/spec/unit/provider/package/gem_spec.rb +32 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
- data/spec/unit/provider/service/smf_spec.rb +401 -165
- data/spec/unit/provider/service/windows_spec.rb +0 -1
- data/spec/unit/provider_spec.rb +0 -12
- data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource_spec.rb +0 -56
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +423 -236
- data/spec/unit/ssl/base_spec.rb +36 -3
- data/spec/unit/ssl/certificate_request_spec.rb +15 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +11 -8
- data/spec/unit/ssl/state_machine_spec.rb +0 -1
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/report_spec.rb +0 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +45 -79
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +1 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/source_spec.rb +0 -1
- data/spec/unit/type/file_spec.rb +12 -6
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type_spec.rb +20 -0
- data/spec/unit/util/backups_spec.rb +0 -2
- data/spec/unit/util/execution_spec.rb +0 -29
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/rubygems_spec.rb +2 -2
- data/spec/unit/util/run_mode_spec.rb +21 -121
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +0 -54
- data/spec/unit/util_spec.rb +0 -18
- metadata +50 -176
- data/conf/auth.conf +0 -150
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -309
- data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/integration/application/config_spec.rb +0 -74
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
- data/spec/unit/application/man_spec.rb +0 -52
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/face/catalog_spec.rb +0 -6
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/module_spec.rb +0 -3
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -79
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -422
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -143
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -650
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/ssl_spec.rb +0 -91
@@ -1,439 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
require 'puppet/network/rights'
|
4
|
-
|
5
|
-
describe Puppet::Network::Rights do
|
6
|
-
before do
|
7
|
-
@right = Puppet::Network::Rights.new
|
8
|
-
end
|
9
|
-
|
10
|
-
describe "when validating a :head request" do
|
11
|
-
[:find, :save].each do |allowed_method|
|
12
|
-
it "should allow the request if only #{allowed_method} is allowed" do
|
13
|
-
rights = Puppet::Network::Rights.new
|
14
|
-
right = rights.newright("/")
|
15
|
-
right.allow("*")
|
16
|
-
right.restrict_method(allowed_method)
|
17
|
-
right.restrict_authenticated(:any)
|
18
|
-
expect(rights.is_request_forbidden_and_why?(:head, "/indirection_name/key", {})).to eq(nil)
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
it "should disallow the request if neither :find nor :save is allowed" do
|
23
|
-
rights = Puppet::Network::Rights.new
|
24
|
-
why_forbidden = rights.is_request_forbidden_and_why?(:head, "/indirection_name/key", {})
|
25
|
-
expect(why_forbidden).to be_instance_of(Puppet::Network::AuthorizationError)
|
26
|
-
expect(why_forbidden.to_s).to eq("Forbidden request: /indirection_name/key [find]")
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
it "should throw an error if type can't be determined" do
|
31
|
-
expect { @right.newright("name") }.to raise_error(ArgumentError, /Unknown right type/)
|
32
|
-
end
|
33
|
-
|
34
|
-
describe "when creating new path ACLs" do
|
35
|
-
it "should not throw an error if the ACL already exists" do
|
36
|
-
@right.newright("/name")
|
37
|
-
|
38
|
-
expect { @right.newright("/name")}.not_to raise_error
|
39
|
-
end
|
40
|
-
|
41
|
-
it "should throw an error if the acl uri path is not absolute" do
|
42
|
-
expect { @right.newright("name")}.to raise_error(ArgumentError, /Unknown right type/)
|
43
|
-
end
|
44
|
-
|
45
|
-
it "should create a new ACL with the correct path" do
|
46
|
-
@right.newright("/name")
|
47
|
-
|
48
|
-
expect(@right["/name"]).not_to be_nil
|
49
|
-
end
|
50
|
-
|
51
|
-
it "should create an ACL of type Puppet::Network::AuthStore" do
|
52
|
-
@right.newright("/name")
|
53
|
-
|
54
|
-
expect(@right["/name"]).to be_a_kind_of(Puppet::Network::AuthStore)
|
55
|
-
end
|
56
|
-
end
|
57
|
-
|
58
|
-
describe "when creating new regex ACLs" do
|
59
|
-
it "should not throw an error if the ACL already exists" do
|
60
|
-
@right.newright("~ .rb$")
|
61
|
-
|
62
|
-
expect { @right.newright("~ .rb$")}.not_to raise_error
|
63
|
-
end
|
64
|
-
|
65
|
-
it "should create a new ACL with the correct regex" do
|
66
|
-
@right.newright("~ .rb$")
|
67
|
-
|
68
|
-
expect(@right.include?(".rb$")).not_to be_nil
|
69
|
-
end
|
70
|
-
|
71
|
-
it "should be able to lookup the regex" do
|
72
|
-
@right.newright("~ .rb$")
|
73
|
-
|
74
|
-
expect(@right[".rb$"]).not_to be_nil
|
75
|
-
end
|
76
|
-
|
77
|
-
it "should be able to lookup the regex by its full name" do
|
78
|
-
@right.newright("~ .rb$")
|
79
|
-
|
80
|
-
expect(@right["~ .rb$"]).not_to be_nil
|
81
|
-
end
|
82
|
-
|
83
|
-
it "should create an ACL of type Puppet::Network::AuthStore" do
|
84
|
-
expect(@right.newright("~ .rb$")).to be_a_kind_of(Puppet::Network::AuthStore)
|
85
|
-
end
|
86
|
-
end
|
87
|
-
|
88
|
-
describe "when checking ACLs existence" do
|
89
|
-
it "should return false if there are no matching rights" do
|
90
|
-
expect(@right.include?("name")).to be_falsey
|
91
|
-
end
|
92
|
-
|
93
|
-
it "should return true if a path right exists" do
|
94
|
-
@right.newright("/name")
|
95
|
-
|
96
|
-
expect(@right.include?("/name")).to be_truthy
|
97
|
-
end
|
98
|
-
|
99
|
-
it "should return false if no matching path rights exist" do
|
100
|
-
@right.newright("/name")
|
101
|
-
|
102
|
-
expect(@right.include?("/differentname")).to be_falsey
|
103
|
-
end
|
104
|
-
|
105
|
-
it "should return true if a regex right exists" do
|
106
|
-
@right.newright("~ .rb$")
|
107
|
-
|
108
|
-
expect(@right.include?(".rb$")).to be_truthy
|
109
|
-
end
|
110
|
-
|
111
|
-
it "should return false if no matching path rights exist" do
|
112
|
-
@right.newright("~ .rb$")
|
113
|
-
|
114
|
-
expect(@right.include?(".pp$")).to be_falsey
|
115
|
-
end
|
116
|
-
end
|
117
|
-
|
118
|
-
describe "when checking if right is allowed" do
|
119
|
-
before :each do
|
120
|
-
allow(@right).to receive(:right).and_return(nil)
|
121
|
-
|
122
|
-
@pathacl = double('pathacl', :"<=>" => 1, :line => 0, :file => 'dummy')
|
123
|
-
allow(Puppet::Network::Rights::Right).to receive(:new).and_return(@pathacl)
|
124
|
-
end
|
125
|
-
|
126
|
-
it "should delegate to is_forbidden_and_why?" do
|
127
|
-
expect(@right).to receive(:is_forbidden_and_why?).with("namespace", :node => "host.domain.com", :ip => "127.0.0.1").and_return(nil)
|
128
|
-
|
129
|
-
@right.allowed?("namespace", "host.domain.com", "127.0.0.1")
|
130
|
-
end
|
131
|
-
|
132
|
-
it "should return true if is_forbidden_and_why? returns nil" do
|
133
|
-
allow(@right).to receive(:is_forbidden_and_why?).and_return(nil)
|
134
|
-
expect(@right.allowed?("namespace", :args)).to be_truthy
|
135
|
-
end
|
136
|
-
|
137
|
-
it "should return false if is_forbidden_and_why? returns an AuthorizationError" do
|
138
|
-
allow(@right).to receive(:is_forbidden_and_why?).and_return(Puppet::Network::AuthorizationError.new("forbidden"))
|
139
|
-
expect(@right.allowed?("namespace", :args1, :args2)).to be_falsey
|
140
|
-
end
|
141
|
-
|
142
|
-
it "should pass the match? return to allowed?" do
|
143
|
-
@right.newright("/path/to/there")
|
144
|
-
|
145
|
-
expect(@pathacl).to receive(:match?).and_return(:match)
|
146
|
-
expect(@pathacl).to receive(:allowed?).with(anything, anything, hash_including(match: :match)).and_return(true)
|
147
|
-
|
148
|
-
expect(@right.is_forbidden_and_why?("/path/to/there", {})).to eq(nil)
|
149
|
-
end
|
150
|
-
|
151
|
-
describe "with path acls" do
|
152
|
-
before :each do
|
153
|
-
@long_acl = double('longpathacl', :name => "/path/to/there", :line => 0, :file => 'dummy')
|
154
|
-
allow(Puppet::Network::Rights::Right).to receive(:new).with("/path/to/there", 0, nil).and_return(@long_acl)
|
155
|
-
|
156
|
-
@short_acl = double('shortpathacl', :name => "/path/to", :line => 0, :file => 'dummy')
|
157
|
-
allow(Puppet::Network::Rights::Right).to receive(:new).with("/path/to", 0, nil).and_return(@short_acl)
|
158
|
-
|
159
|
-
allow(@long_acl).to receive(:"<=>").with(@short_acl).and_return(0)
|
160
|
-
allow(@short_acl).to receive(:"<=>").with(@long_acl).and_return(0)
|
161
|
-
end
|
162
|
-
|
163
|
-
it "should select the first match" do
|
164
|
-
@right.newright("/path/to", 0)
|
165
|
-
@right.newright("/path/to/there", 0)
|
166
|
-
|
167
|
-
allow(@long_acl).to receive(:match?).and_return(true)
|
168
|
-
allow(@short_acl).to receive(:match?).and_return(true)
|
169
|
-
|
170
|
-
expect(@short_acl).to receive(:allowed?).and_return(true)
|
171
|
-
expect(@long_acl).not_to receive(:allowed?)
|
172
|
-
|
173
|
-
expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
|
174
|
-
end
|
175
|
-
|
176
|
-
it "should select the first match that doesn't return :dunno" do
|
177
|
-
@right.newright("/path/to/there", 0, nil)
|
178
|
-
@right.newright("/path/to", 0, nil)
|
179
|
-
|
180
|
-
allow(@long_acl).to receive(:match?).and_return(true)
|
181
|
-
allow(@short_acl).to receive(:match?).and_return(true)
|
182
|
-
|
183
|
-
expect(@long_acl).to receive(:allowed?).and_return(:dunno)
|
184
|
-
expect(@short_acl).to receive(:allowed?).and_return(true)
|
185
|
-
|
186
|
-
expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
|
187
|
-
end
|
188
|
-
|
189
|
-
it "should not select an ACL that doesn't match" do
|
190
|
-
@right.newright("/path/to/there", 0)
|
191
|
-
@right.newright("/path/to", 0)
|
192
|
-
|
193
|
-
allow(@long_acl).to receive(:match?).and_return(false)
|
194
|
-
allow(@short_acl).to receive(:match?).and_return(true)
|
195
|
-
|
196
|
-
expect(@long_acl).not_to receive(:allowed?)
|
197
|
-
expect(@short_acl).to receive(:allowed?).and_return(true)
|
198
|
-
|
199
|
-
expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
|
200
|
-
end
|
201
|
-
|
202
|
-
it "should not raise an AuthorizationError if allowed" do
|
203
|
-
@right.newright("/path/to/there", 0)
|
204
|
-
|
205
|
-
allow(@long_acl).to receive(:match?).and_return(true)
|
206
|
-
allow(@long_acl).to receive(:allowed?).and_return(true)
|
207
|
-
|
208
|
-
expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
|
209
|
-
end
|
210
|
-
|
211
|
-
it "should raise an AuthorizationError if the match is denied" do
|
212
|
-
@right.newright("/path/to/there", 0, nil)
|
213
|
-
|
214
|
-
allow(@long_acl).to receive(:match?).and_return(true)
|
215
|
-
allow(@long_acl).to receive(:allowed?).and_return(false)
|
216
|
-
|
217
|
-
expect(@right.is_forbidden_and_why?("/path/to/there", {})).to be_instance_of(Puppet::Network::AuthorizationError)
|
218
|
-
end
|
219
|
-
|
220
|
-
it "should raise an AuthorizationError if no path match" do
|
221
|
-
expect(@right.is_forbidden_and_why?("/nomatch", {})).to be_instance_of(Puppet::Network::AuthorizationError)
|
222
|
-
end
|
223
|
-
end
|
224
|
-
|
225
|
-
describe "with regex acls" do
|
226
|
-
before :each do
|
227
|
-
@regex_acl1 = double('regex_acl1', :name => "/files/(.*)/myfile", :line => 0, :file => 'dummy')
|
228
|
-
allow(Puppet::Network::Rights::Right).to receive(:new).with("~ /files/(.*)/myfile", 0, nil).and_return(@regex_acl1)
|
229
|
-
|
230
|
-
@regex_acl2 = double('regex_acl2', :name => "/files/(.*)/myfile/", :line => 0, :file => 'dummy')
|
231
|
-
allow(Puppet::Network::Rights::Right).to receive(:new).with("~ /files/(.*)/myfile/", 0, nil).and_return(@regex_acl2)
|
232
|
-
|
233
|
-
allow(@regex_acl1).to receive(:"<=>").with(@regex_acl2).and_return(0)
|
234
|
-
allow(@regex_acl2).to receive(:"<=>").with(@regex_acl1).and_return(0)
|
235
|
-
end
|
236
|
-
|
237
|
-
it "should select the first match" do
|
238
|
-
@right.newright("~ /files/(.*)/myfile", 0)
|
239
|
-
@right.newright("~ /files/(.*)/myfile/", 0)
|
240
|
-
|
241
|
-
allow(@regex_acl1).to receive(:match?).and_return(true)
|
242
|
-
allow(@regex_acl2).to receive(:match?).and_return(true)
|
243
|
-
|
244
|
-
expect(@regex_acl1).to receive(:allowed?).and_return(true)
|
245
|
-
expect(@regex_acl2).not_to receive(:allowed?)
|
246
|
-
|
247
|
-
expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
|
248
|
-
end
|
249
|
-
|
250
|
-
it "should select the first match that doesn't return :dunno" do
|
251
|
-
@right.newright("~ /files/(.*)/myfile", 0)
|
252
|
-
@right.newright("~ /files/(.*)/myfile/", 0)
|
253
|
-
|
254
|
-
allow(@regex_acl1).to receive(:match?).and_return(true)
|
255
|
-
allow(@regex_acl2).to receive(:match?).and_return(true)
|
256
|
-
|
257
|
-
expect(@regex_acl1).to receive(:allowed?).and_return(:dunno)
|
258
|
-
expect(@regex_acl2).to receive(:allowed?).and_return(true)
|
259
|
-
|
260
|
-
expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
|
261
|
-
end
|
262
|
-
|
263
|
-
it "should not select an ACL that doesn't match" do
|
264
|
-
@right.newright("~ /files/(.*)/myfile", 0)
|
265
|
-
@right.newright("~ /files/(.*)/myfile/", 0)
|
266
|
-
|
267
|
-
allow(@regex_acl1).to receive(:match?).and_return(false)
|
268
|
-
allow(@regex_acl2).to receive(:match?).and_return(true)
|
269
|
-
|
270
|
-
expect(@regex_acl1).not_to receive(:allowed?)
|
271
|
-
expect(@regex_acl2).to receive(:allowed?).and_return(true)
|
272
|
-
|
273
|
-
expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
|
274
|
-
end
|
275
|
-
|
276
|
-
it "should not raise an AuthorizationError if allowed" do
|
277
|
-
@right.newright("~ /files/(.*)/myfile", 0)
|
278
|
-
|
279
|
-
allow(@regex_acl1).to receive(:match?).and_return(true)
|
280
|
-
allow(@regex_acl1).to receive(:allowed?).and_return(true)
|
281
|
-
|
282
|
-
expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
|
283
|
-
end
|
284
|
-
|
285
|
-
it "should raise an error if no regex acl match" do
|
286
|
-
expect(@right.is_forbidden_and_why?("/path", {})).to be_instance_of(Puppet::Network::AuthorizationError)
|
287
|
-
end
|
288
|
-
|
289
|
-
it "should raise an AuthorizedError on deny" do
|
290
|
-
expect(@right.is_forbidden_and_why?("/path", {})).to be_instance_of(Puppet::Network::AuthorizationError)
|
291
|
-
end
|
292
|
-
|
293
|
-
end
|
294
|
-
end
|
295
|
-
|
296
|
-
describe Puppet::Network::Rights::Right do
|
297
|
-
before :each do
|
298
|
-
@acl = Puppet::Network::Rights::Right.new("/path",0, nil)
|
299
|
-
end
|
300
|
-
|
301
|
-
describe "with path" do
|
302
|
-
it "should match up to its path length" do
|
303
|
-
expect(@acl.match?("/path/that/works")).not_to be_nil
|
304
|
-
end
|
305
|
-
|
306
|
-
it "should match up to its path length" do
|
307
|
-
expect(@acl.match?("/paththatalsoworks")).not_to be_nil
|
308
|
-
end
|
309
|
-
|
310
|
-
it "should return nil if no match" do
|
311
|
-
expect(@acl.match?("/notpath")).to be_nil
|
312
|
-
end
|
313
|
-
end
|
314
|
-
|
315
|
-
describe "with regex" do
|
316
|
-
before :each do
|
317
|
-
@acl = Puppet::Network::Rights::Right.new("~ .rb$",0, nil)
|
318
|
-
end
|
319
|
-
|
320
|
-
it "should match as a regex" do
|
321
|
-
expect(@acl.match?("this should work.rb")).not_to be_nil
|
322
|
-
end
|
323
|
-
|
324
|
-
it "should return nil if no match" do
|
325
|
-
expect(@acl.match?("do not match")).to be_nil
|
326
|
-
end
|
327
|
-
end
|
328
|
-
|
329
|
-
it "should allow all rest methods by default" do
|
330
|
-
expect(@acl.methods).to eq(Puppet::Network::Rights::Right::ALL)
|
331
|
-
end
|
332
|
-
|
333
|
-
it "should allow only authenticated request by default" do
|
334
|
-
expect(@acl.authentication).to be_truthy
|
335
|
-
end
|
336
|
-
|
337
|
-
it "should allow modification of the methods filters" do
|
338
|
-
@acl.restrict_method(:save)
|
339
|
-
|
340
|
-
expect(@acl.methods).to eq([:save])
|
341
|
-
end
|
342
|
-
|
343
|
-
it "should stack methods filters" do
|
344
|
-
@acl.restrict_method(:save)
|
345
|
-
@acl.restrict_method(:destroy)
|
346
|
-
|
347
|
-
expect(@acl.methods).to eq([:save, :destroy])
|
348
|
-
end
|
349
|
-
|
350
|
-
it "should raise an error if the method is already filtered" do
|
351
|
-
@acl.restrict_method(:save)
|
352
|
-
|
353
|
-
expect { @acl.restrict_method(:save) }.to raise_error(ArgumentError, /'save' is already in the '\/path'/)
|
354
|
-
end
|
355
|
-
|
356
|
-
it "should allow setting an environment filters" do
|
357
|
-
env = Puppet::Node::Environment.create(:acltest, [])
|
358
|
-
Puppet.override(:environments => Puppet::Environments::Static.new(env)) do
|
359
|
-
@acl.restrict_environment(:acltest)
|
360
|
-
|
361
|
-
expect(@acl.environment).to eq([env])
|
362
|
-
end
|
363
|
-
end
|
364
|
-
|
365
|
-
["on", "yes", "true", true].each do |auth|
|
366
|
-
it "should allow filtering on authenticated requests with '#{auth}'" do
|
367
|
-
@acl.restrict_authenticated(auth)
|
368
|
-
|
369
|
-
expect(@acl.authentication).to be_truthy
|
370
|
-
end
|
371
|
-
end
|
372
|
-
|
373
|
-
["off", "no", "false", false, "all", "any", :all, :any].each do |auth|
|
374
|
-
it "should allow filtering on authenticated or unauthenticated requests with '#{auth}'" do
|
375
|
-
@acl.restrict_authenticated(auth)
|
376
|
-
expect(@acl.authentication).to be_falsey
|
377
|
-
end
|
378
|
-
end
|
379
|
-
|
380
|
-
describe "when checking right authorization" do
|
381
|
-
it "should return :dunno if this right is not restricted to the given method" do
|
382
|
-
@acl.restrict_method(:destroy)
|
383
|
-
|
384
|
-
expect(@acl.allowed?("me","127.0.0.1", { :method => :save } )).to eq(:dunno)
|
385
|
-
end
|
386
|
-
|
387
|
-
it "should return true if this right is restricted to the given method" do
|
388
|
-
@acl.restrict_method(:save)
|
389
|
-
@acl.allow("me")
|
390
|
-
|
391
|
-
expect(@acl.allowed?("me","127.0.0.1", { :method => :save, :authenticated => true })).to eq true
|
392
|
-
end
|
393
|
-
|
394
|
-
it "should return :dunno if this right is not restricted to the given environment" do
|
395
|
-
prod = Puppet::Node::Environment.create(:production, [])
|
396
|
-
dev = Puppet::Node::Environment.create(:development, [])
|
397
|
-
Puppet.override(:environments => Puppet::Environments::Static.new(prod, dev)) do
|
398
|
-
@acl.restrict_environment(:production)
|
399
|
-
|
400
|
-
expect(@acl.allowed?("me","127.0.0.1", { :method => :save, :environment => dev })).to eq(:dunno)
|
401
|
-
end
|
402
|
-
end
|
403
|
-
|
404
|
-
it "returns true if the request is permitted for this environment" do
|
405
|
-
@acl.allow("me")
|
406
|
-
prod = Puppet::Node::Environment.create(:production, [])
|
407
|
-
Puppet.override(:environments => Puppet::Environments::Static.new(prod)) do
|
408
|
-
@acl.restrict_environment(:production)
|
409
|
-
expect(@acl.allowed?("me", "127.0.0.1", { :method => :save, :authenticated => true, :environment => prod })).to eq true
|
410
|
-
end
|
411
|
-
end
|
412
|
-
|
413
|
-
it "should return :dunno if this right is not restricted to the given request authentication state" do
|
414
|
-
@acl.restrict_authenticated(true)
|
415
|
-
|
416
|
-
expect(@acl.allowed?("me","127.0.0.1", { :method => :save, :authenticated => false })).to eq(:dunno)
|
417
|
-
end
|
418
|
-
|
419
|
-
it "returns true if this right is restricted to the given request authentication state" do
|
420
|
-
@acl.restrict_authenticated(false)
|
421
|
-
@acl.allow("me")
|
422
|
-
|
423
|
-
expect(@acl.allowed?("me","127.0.0.1", {:method => :save, :authenticated => false })).to eq true
|
424
|
-
end
|
425
|
-
|
426
|
-
it "should interpolate allow/deny patterns with the given match" do
|
427
|
-
expect(@acl).to receive(:interpolate).with(:match)
|
428
|
-
|
429
|
-
@acl.allowed?("me","127.0.0.1", { :method => :save, :match => :match, :authenticated => true })
|
430
|
-
end
|
431
|
-
|
432
|
-
it "should reset interpolation after the match" do
|
433
|
-
expect(@acl).to receive(:reset_interpolation)
|
434
|
-
|
435
|
-
@acl.allowed?("me","127.0.0.1", { :method => :save, :match => :match, :authenticated => true })
|
436
|
-
end
|
437
|
-
end
|
438
|
-
end
|
439
|
-
end
|
@@ -1,730 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'puppet_spec/compiler'
|
3
|
-
require 'puppet/parser/environment_compiler'
|
4
|
-
|
5
|
-
describe "Application instantiation" do
|
6
|
-
include PuppetSpec::Compiler
|
7
|
-
|
8
|
-
let(:env) { Puppet::Node::Environment.create(:testing, []) }
|
9
|
-
let(:node) { Puppet::Node.new('test', :environment => env) }
|
10
|
-
let(:loaders) { Puppet::Pops::Loaders.new(env) }
|
11
|
-
let(:logs) { [] }
|
12
|
-
let(:notices) { logs.select { |log| log.level == :notice }.map { |log| log.message } }
|
13
|
-
let(:warnings) { logs.select { |log| log.level == :warning }.map { |log| log.message } }
|
14
|
-
|
15
|
-
def compile_collect_log(string)
|
16
|
-
Puppet::Util::Log.with_destination(Puppet::Test::LogCollector.new(logs)) do
|
17
|
-
compile_to_catalog(string, Puppet::Node.new('other', :environment => env))
|
18
|
-
end
|
19
|
-
end
|
20
|
-
|
21
|
-
def compile_to_env_catalog(string, code_id=nil)
|
22
|
-
Puppet[:code] = string
|
23
|
-
Puppet::Parser::EnvironmentCompiler.compile(env, code_id).filter { |r| r.virtual? }
|
24
|
-
end
|
25
|
-
|
26
|
-
before(:each) do
|
27
|
-
allow_any_instance_of(Puppet::Parser::Compiler).to receive(:loaders).and_return(loaders)
|
28
|
-
allow_any_instance_of(Puppet::Parser::EnvironmentCompiler).to receive(:loaders).and_return(loaders)
|
29
|
-
Puppet.push_context({:loaders => loaders, :current_environment => env})
|
30
|
-
Puppet::Type.newtype :cap, :is_capability => true do
|
31
|
-
newparam :name
|
32
|
-
newparam :host
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
after(:each) do
|
37
|
-
Puppet::Type.rmtype(:cap)
|
38
|
-
Puppet.pop_context()
|
39
|
-
end
|
40
|
-
|
41
|
-
MANIFEST = <<-EOS
|
42
|
-
define prod($host) {
|
43
|
-
notify { "host ${host}":}
|
44
|
-
}
|
45
|
-
|
46
|
-
Prod produces Cap { }
|
47
|
-
|
48
|
-
define cons($host) {
|
49
|
-
notify { "host ${host}": }
|
50
|
-
}
|
51
|
-
|
52
|
-
Cons consumes Cap { }
|
53
|
-
|
54
|
-
application app {
|
55
|
-
prod { one: host => ahost, export => Cap[cap] }
|
56
|
-
cons { two: host => ahost, consume => Cap[cap] }
|
57
|
-
cons { three: consume => Cap[cap] }
|
58
|
-
}
|
59
|
-
|
60
|
-
site {
|
61
|
-
app { anapp:
|
62
|
-
nodes => {
|
63
|
-
Node[first] => Prod[one],
|
64
|
-
Node[second] => Cons[two]
|
65
|
-
}
|
66
|
-
}
|
67
|
-
}
|
68
|
-
EOS
|
69
|
-
|
70
|
-
MANIFEST_WO_EXPORT = <<-EOS
|
71
|
-
define prod($host) {
|
72
|
-
notify { "host ${host}":}
|
73
|
-
}
|
74
|
-
|
75
|
-
Prod produces Cap { }
|
76
|
-
|
77
|
-
define cons($host) {
|
78
|
-
notify { "host ${host}": }
|
79
|
-
}
|
80
|
-
|
81
|
-
Cons consumes Cap { }
|
82
|
-
|
83
|
-
application app {
|
84
|
-
cons { two: host => ahost, consume => Cap[cap] }
|
85
|
-
}
|
86
|
-
|
87
|
-
site {
|
88
|
-
app { anapp:
|
89
|
-
nodes => {
|
90
|
-
Node[first] => Prod[one],
|
91
|
-
Node[second] => Cons[two]
|
92
|
-
}
|
93
|
-
}
|
94
|
-
}
|
95
|
-
EOS
|
96
|
-
|
97
|
-
MANIFEST_WO_NODE = <<-EOS
|
98
|
-
define prod($host) {
|
99
|
-
notify { "host ${host}":}
|
100
|
-
}
|
101
|
-
|
102
|
-
Prod produces Cap { }
|
103
|
-
|
104
|
-
define cons($host) {
|
105
|
-
notify { "host ${host}": }
|
106
|
-
}
|
107
|
-
|
108
|
-
Cons consumes Cap { }
|
109
|
-
|
110
|
-
application app {
|
111
|
-
prod { one: host => ahost, export => Cap[cap] }
|
112
|
-
cons { two: host => ahost, consume => Cap[cap] }
|
113
|
-
}
|
114
|
-
|
115
|
-
site {
|
116
|
-
app { anapp:
|
117
|
-
}
|
118
|
-
}
|
119
|
-
EOS
|
120
|
-
|
121
|
-
MANIFEST_WITH_STRING_NODES = <<-EOS
|
122
|
-
application app {
|
123
|
-
}
|
124
|
-
|
125
|
-
site {
|
126
|
-
app { anapp:
|
127
|
-
nodes => "foobar",
|
128
|
-
}
|
129
|
-
}
|
130
|
-
EOS
|
131
|
-
|
132
|
-
MANIFEST_WITH_FALSE_NODES = <<-EOS
|
133
|
-
application app {
|
134
|
-
}
|
135
|
-
|
136
|
-
site {
|
137
|
-
app { anapp:
|
138
|
-
nodes => false,
|
139
|
-
}
|
140
|
-
}
|
141
|
-
EOS
|
142
|
-
|
143
|
-
MANIFEST_REQ_WO_EXPORT = <<-EOS
|
144
|
-
define prod($host) {
|
145
|
-
notify { "host ${host}":}
|
146
|
-
}
|
147
|
-
|
148
|
-
Prod produces Cap { }
|
149
|
-
|
150
|
-
define cons($host) {
|
151
|
-
notify { "host ${host}": }
|
152
|
-
}
|
153
|
-
|
154
|
-
Cons consumes Cap { }
|
155
|
-
|
156
|
-
application app {
|
157
|
-
cons { two: host => ahost, require => Cap[cap] }
|
158
|
-
}
|
159
|
-
|
160
|
-
site {
|
161
|
-
app { anapp:
|
162
|
-
nodes => {
|
163
|
-
Node[first] => Prod[one],
|
164
|
-
Node[second] => Cons[two]
|
165
|
-
}
|
166
|
-
}
|
167
|
-
}
|
168
|
-
EOS
|
169
|
-
|
170
|
-
MANIFEST_WITH_DOUBLE_EXPORT = <<-EOS
|
171
|
-
define prod($host) {
|
172
|
-
notify { "host ${host}":}
|
173
|
-
}
|
174
|
-
|
175
|
-
Prod produces Cap { }
|
176
|
-
|
177
|
-
define cons($host) {
|
178
|
-
notify { "host ${host}": }
|
179
|
-
}
|
180
|
-
|
181
|
-
Cons consumes Cap { }
|
182
|
-
|
183
|
-
application app {
|
184
|
-
prod { one: host => ahost, export => Cap[cap] }
|
185
|
-
prod { two: host => anotherhost, export => Cap[cap] }
|
186
|
-
cons { two: host => ahost, consume => Cap[cap] }
|
187
|
-
}
|
188
|
-
|
189
|
-
site {
|
190
|
-
app { anapp:
|
191
|
-
nodes => {
|
192
|
-
Node[first] => Prod[one],
|
193
|
-
Node[second] => Cons[two]
|
194
|
-
}
|
195
|
-
}
|
196
|
-
}
|
197
|
-
EOS
|
198
|
-
|
199
|
-
FAULTY_MANIFEST = <<-EOS
|
200
|
-
define prod($host) {
|
201
|
-
notify { "host ${host}":}
|
202
|
-
}
|
203
|
-
|
204
|
-
Prod produces Cap { }
|
205
|
-
|
206
|
-
define cons($host) {
|
207
|
-
notify { "host ${host}": }
|
208
|
-
}
|
209
|
-
|
210
|
-
Cons consumes Cap { }
|
211
|
-
|
212
|
-
application app {
|
213
|
-
prod { one: host => ahost, export => Cap[cap] }
|
214
|
-
cons { two: host => ahost, consume => Cap[cap] }
|
215
|
-
}
|
216
|
-
|
217
|
-
# app is not in site => error
|
218
|
-
app { anapp:
|
219
|
-
nodes => {
|
220
|
-
Node[first] => Prod[one],
|
221
|
-
Node[second] => Cons[two]
|
222
|
-
}
|
223
|
-
}
|
224
|
-
EOS
|
225
|
-
|
226
|
-
MANIFEST_WITH_SITE = <<-EOS
|
227
|
-
define prod($host) {
|
228
|
-
notify { "host ${host}":}
|
229
|
-
}
|
230
|
-
|
231
|
-
Prod produces Cap { }
|
232
|
-
|
233
|
-
define cons($host) {
|
234
|
-
notify { "host ${host}": }
|
235
|
-
}
|
236
|
-
|
237
|
-
Cons consumes Cap { }
|
238
|
-
|
239
|
-
application app {
|
240
|
-
prod { one: host => ahost, export => Cap[cap] }
|
241
|
-
cons { two: host => ahost, consume => Cap[cap] }
|
242
|
-
}
|
243
|
-
|
244
|
-
$one = not_the_value_one
|
245
|
-
$two = two
|
246
|
-
|
247
|
-
node default {
|
248
|
-
notify { "on a node": }
|
249
|
-
}
|
250
|
-
|
251
|
-
notify { 'ignore me': }
|
252
|
-
|
253
|
-
site {
|
254
|
-
$one = one
|
255
|
-
app { anapp:
|
256
|
-
nodes => {
|
257
|
-
Node[first] => Prod[$one],
|
258
|
-
Node[second] => Cons[$two]
|
259
|
-
}
|
260
|
-
}
|
261
|
-
}
|
262
|
-
EOS
|
263
|
-
|
264
|
-
MANIFEST_WITH_ILLEGAL_RESOURCE = <<-EOS
|
265
|
-
define prod($host) {
|
266
|
-
notify { "host ${host}":}
|
267
|
-
}
|
268
|
-
|
269
|
-
Prod produces Cap { }
|
270
|
-
|
271
|
-
define cons($host) {
|
272
|
-
notify { "host ${host}": }
|
273
|
-
}
|
274
|
-
|
275
|
-
Cons consumes Cap { }
|
276
|
-
|
277
|
-
application app {
|
278
|
-
prod { one: host => ahost, export => Cap[cap] }
|
279
|
-
cons { two: consume => Cap[cap] }
|
280
|
-
}
|
281
|
-
|
282
|
-
site {
|
283
|
-
# The rouge expression is here
|
284
|
-
notify { 'fail me': }
|
285
|
-
$one = one
|
286
|
-
app { anapp:
|
287
|
-
nodes => {
|
288
|
-
Node[first] => Prod[one],
|
289
|
-
Node[second] => Cons[two]
|
290
|
-
}
|
291
|
-
}
|
292
|
-
}
|
293
|
-
EOS
|
294
|
-
|
295
|
-
MANIFEST_WITH_CLASS = <<-EOS
|
296
|
-
define test($host) {
|
297
|
-
notify { "c $host": }
|
298
|
-
}
|
299
|
-
|
300
|
-
class prod($host) {
|
301
|
-
notify { "p $host": }
|
302
|
-
}
|
303
|
-
|
304
|
-
class cons($host) {
|
305
|
-
test { c: host => $host }
|
306
|
-
}
|
307
|
-
|
308
|
-
Class[prod] produces Cap {}
|
309
|
-
|
310
|
-
Class[cons] consumes Cap {}
|
311
|
-
|
312
|
-
application app {
|
313
|
-
class { prod: host => 'ahost', export => Cap[cap]}
|
314
|
-
class { cons: consume => Cap[cap]}
|
315
|
-
}
|
316
|
-
|
317
|
-
site {
|
318
|
-
app { anapp:
|
319
|
-
nodes => {
|
320
|
-
Node[first] => Class[prod],
|
321
|
-
Node[second] => Class[cons]
|
322
|
-
}
|
323
|
-
}
|
324
|
-
}
|
325
|
-
EOS
|
326
|
-
|
327
|
-
|
328
|
-
context 'a node catalog' do
|
329
|
-
it "is unaffected for a non-participating node" do
|
330
|
-
catalog = compile_to_catalog(MANIFEST, Puppet::Node.new('other', :environment => env))
|
331
|
-
types = catalog.resource_keys.map { |type, _| type }.uniq.sort
|
332
|
-
expect(types).to eq(["Class", "Stage"])
|
333
|
-
end
|
334
|
-
|
335
|
-
it "an application instance must be contained in a site" do
|
336
|
-
expect { compile_to_catalog(FAULTY_MANIFEST, Puppet::Node.new('first', :environment => env))
|
337
|
-
}.to raise_error(/Application instances .* can only be contained within a Site/)
|
338
|
-
end
|
339
|
-
|
340
|
-
it "does not raise an error when node mappings are not provided" do
|
341
|
-
expect { compile_to_catalog(MANIFEST_WO_NODE, node) }.to_not raise_error
|
342
|
-
end
|
343
|
-
|
344
|
-
it "raises an error if node mapping is a string" do
|
345
|
-
expect { compile_to_catalog(MANIFEST_WITH_STRING_NODES, node)
|
346
|
-
}.to raise_error(/Invalid node mapping in .*: Mapping must be a hash/)
|
347
|
-
end
|
348
|
-
|
349
|
-
it "raises an error if node mapping is false" do
|
350
|
-
expect { compile_to_catalog(MANIFEST_WITH_FALSE_NODES, node)
|
351
|
-
}.to raise_error(/Invalid node mapping in .*: Mapping must be a hash/)
|
352
|
-
end
|
353
|
-
|
354
|
-
it "detects that consumed capability is never exported" do
|
355
|
-
expect { compile_to_env_catalog(MANIFEST_WO_EXPORT)
|
356
|
-
}.to raise_error(/Capability 'Cap\[cap\]' referenced by 'consume' is never exported/)
|
357
|
-
end
|
358
|
-
|
359
|
-
it "detects that required capability is never exported" do
|
360
|
-
expect { compile_to_env_catalog(MANIFEST_REQ_WO_EXPORT)
|
361
|
-
}.to raise_error(/Capability 'Cap\[cap\]' referenced by 'require' is never exported/)
|
362
|
-
end
|
363
|
-
|
364
|
-
it "detects that a capability is exported more than once" do
|
365
|
-
expect { compile_to_env_catalog(MANIFEST_WITH_DOUBLE_EXPORT)
|
366
|
-
}.to raise_error(/'Cap\[cap\]' is exported by both 'Prod\[one\]' and 'Prod\[two\]'/)
|
367
|
-
end
|
368
|
-
|
369
|
-
it "issues deprecation warnings" do
|
370
|
-
expect {compile_collect_log(MANIFEST_WO_NODE)}.not_to raise_error
|
371
|
-
expect(warnings).to include(/Capability Mapping is deprecated/) # there are two of these
|
372
|
-
expect(warnings).to include(/Application is deprecated/)
|
373
|
-
expect(warnings).to include(/Site Definition is deprecated/)
|
374
|
-
end
|
375
|
-
|
376
|
-
context "for producing node" do
|
377
|
-
let(:compiled_node) { Puppet::Node.new('first', :environment => env) }
|
378
|
-
let(:compiled_catalog) { compile_to_catalog(MANIFEST, compiled_node)}
|
379
|
-
|
380
|
-
{ "App[anapp]" => 'application instance',
|
381
|
-
"Cap[cap]" => 'capability resource',
|
382
|
-
"Prod[one]" => 'component',
|
383
|
-
"Notify[host ahost]" => 'node resource'
|
384
|
-
}.each do |k,v|
|
385
|
-
it "contains the #{v} (#{k})" do
|
386
|
-
expect(compiled_catalog.resource(k)).not_to be_nil
|
387
|
-
end
|
388
|
-
end
|
389
|
-
|
390
|
-
it "does not contain the consumed resource (Cons[two])" do
|
391
|
-
expect(compiled_catalog.resource("Cons[two]")).to be_nil
|
392
|
-
end
|
393
|
-
end
|
394
|
-
|
395
|
-
context "for consuming node" do
|
396
|
-
let(:compiled_node) { Puppet::Node.new('second', :environment => env) }
|
397
|
-
let(:compiled_catalog) { compile_to_catalog(MANIFEST, compiled_node)}
|
398
|
-
let(:cap) {
|
399
|
-
the_cap = Puppet::Resource.new("Cap", "cap")
|
400
|
-
the_cap["host"] = "ahost"
|
401
|
-
the_cap
|
402
|
-
}
|
403
|
-
|
404
|
-
{ "App[anapp]" => 'application instance',
|
405
|
-
"Cap[cap]" => 'capability resource',
|
406
|
-
"Cons[two]" => 'component',
|
407
|
-
"Notify[host ahost]" => 'node resource'
|
408
|
-
}.each do |k,v|
|
409
|
-
it "contains the #{v} (#{k})" do
|
410
|
-
# Mock the connection to Puppet DB
|
411
|
-
expect(Puppet::Resource::CapabilityFinder).to receive(:find).and_return(cap)
|
412
|
-
expect(compiled_catalog.resource(k)).not_to be_nil
|
413
|
-
end
|
414
|
-
end
|
415
|
-
|
416
|
-
it "does not contain the produced resource (Prod[one])" do
|
417
|
-
# Mock the connection to Puppet DB
|
418
|
-
expect(Puppet::Resource::CapabilityFinder).to receive(:find).and_return(cap)
|
419
|
-
expect(compiled_catalog.resource("Prod[one]")).to be_nil
|
420
|
-
end
|
421
|
-
end
|
422
|
-
|
423
|
-
context "for node with class producer" do
|
424
|
-
let(:compiled_node) { Puppet::Node.new('first', :environment => env) }
|
425
|
-
let(:compiled_catalog) { compile_to_catalog(MANIFEST_WITH_CLASS, compiled_node)}
|
426
|
-
|
427
|
-
{ "App[anapp]" => 'application instance',
|
428
|
-
"Cap[cap]" => 'capability resource',
|
429
|
-
"Class[prod]" => 'class',
|
430
|
-
"Notify[p ahost]" => 'node resource'
|
431
|
-
}.each do |k,v|
|
432
|
-
it "contains the #{v} (#{k})" do
|
433
|
-
cat = compiled_catalog
|
434
|
-
expect(cat.resource(k)).not_to be_nil
|
435
|
-
end
|
436
|
-
end
|
437
|
-
|
438
|
-
it "does not contain the consumed resource (Class[cons])" do
|
439
|
-
expect(compiled_catalog.resource("Class[cons]")).to be_nil
|
440
|
-
end
|
441
|
-
end
|
442
|
-
|
443
|
-
context "for node with class consumer" do
|
444
|
-
let(:compiled_node) { Puppet::Node.new('second', :environment => env) }
|
445
|
-
let(:compiled_catalog) { compile_to_catalog(MANIFEST_WITH_CLASS, compiled_node)}
|
446
|
-
let(:cap) {
|
447
|
-
the_cap = Puppet::Resource.new("Cap", "cap")
|
448
|
-
the_cap["host"] = "ahost"
|
449
|
-
the_cap
|
450
|
-
}
|
451
|
-
|
452
|
-
{ "App[anapp]" => 'application instance',
|
453
|
-
"Cap[cap]" => 'capability resource',
|
454
|
-
"Class[cons]" => 'class',
|
455
|
-
"Notify[c ahost]" => 'node resource'
|
456
|
-
}.each do |k,v|
|
457
|
-
it "contains the #{v} (#{k})" do
|
458
|
-
# Mock the connection to Puppet DB
|
459
|
-
expect(Puppet::Resource::CapabilityFinder).to receive(:find).and_return(cap)
|
460
|
-
expect(compiled_catalog.resource(k)).not_to be_nil
|
461
|
-
end
|
462
|
-
end
|
463
|
-
|
464
|
-
it "does not contain the produced resource (Class[prod])" do
|
465
|
-
# Mock the connection to Puppet DB
|
466
|
-
expect(Puppet::Resource::CapabilityFinder).to receive(:find).and_return(cap)
|
467
|
-
expect(compiled_catalog.resource("Class[prod]")).to be_nil
|
468
|
-
end
|
469
|
-
end
|
470
|
-
|
471
|
-
context "when using a site expression" do
|
472
|
-
# The site expression must be evaluated in a node catalog compilation because
|
473
|
-
# the application instantiations inside it may contain other logic (local variables)
|
474
|
-
# that are used to instantiate an application. The application instances are needed.
|
475
|
-
#
|
476
|
-
it "the node expressions is evaluated" do
|
477
|
-
catalog = compile_to_catalog(MANIFEST_WITH_SITE, Puppet::Node.new('other', :environment => env))
|
478
|
-
types = catalog.resource_keys.map { |type, _| type }.uniq.sort
|
479
|
-
expect(types).to eq(["Class", "Node", "Notify", "Stage"])
|
480
|
-
expect(catalog.resource("Notify[on a node]")).to_not be_nil
|
481
|
-
expect(catalog.resource("Notify[on the site]")).to be_nil
|
482
|
-
end
|
483
|
-
|
484
|
-
end
|
485
|
-
|
486
|
-
context "when using a site expression" do
|
487
|
-
it "the site expression is not evaluated in a node compilation" do
|
488
|
-
catalog = compile_to_catalog(MANIFEST_WITH_SITE, Puppet::Node.new('other', :environment => env))
|
489
|
-
types = catalog.resource_keys.map { |type, _| type }.uniq.sort
|
490
|
-
expect(types).to eq(["Class", "Node", "Notify", "Stage"])
|
491
|
-
expect(catalog.resource("Notify[on a node]")).to_not be_nil
|
492
|
-
expect(catalog.resource("Notify[on the site]")).to be_nil
|
493
|
-
end
|
494
|
-
|
495
|
-
end
|
496
|
-
end
|
497
|
-
|
498
|
-
describe "in the environment catalog" do
|
499
|
-
it "does not fail if there is no site expression" do
|
500
|
-
expect {
|
501
|
-
compile_to_env_catalog(<<-EOC).to_resource
|
502
|
-
notify { 'ignore me':}
|
503
|
-
EOC
|
504
|
-
}.to_not raise_error()
|
505
|
-
end
|
506
|
-
|
507
|
-
it "ignores usage of hiera_include() at topscope for classification" do
|
508
|
-
expect(Puppet).to receive(:debug).with(/Ignoring hiera_include/)
|
509
|
-
|
510
|
-
expect {
|
511
|
-
compile_to_env_catalog(<<-EOC).to_resource
|
512
|
-
hiera_include('classes')
|
513
|
-
site { }
|
514
|
-
EOC
|
515
|
-
}.to_not raise_error()
|
516
|
-
|
517
|
-
end
|
518
|
-
|
519
|
-
it 'removes overriden functions after compile' do
|
520
|
-
expect {
|
521
|
-
compile_to_env_catalog(<<-EOC)
|
522
|
-
hiera_include('classes')
|
523
|
-
site { }
|
524
|
-
EOC
|
525
|
-
}.to_not raise_error()
|
526
|
-
func = Puppet::Pops::Loaders.loaders.puppet_system_loader.load(:function, 'hiera_include')
|
527
|
-
expect(func).to be_a(Puppet::Functions::Function)
|
528
|
-
end
|
529
|
-
|
530
|
-
it "includes components and capability resources" do
|
531
|
-
catalog = compile_to_env_catalog(MANIFEST).to_resource
|
532
|
-
apps = catalog.resources.select do |res|
|
533
|
-
res.resource_type && res.resource_type.application?
|
534
|
-
end
|
535
|
-
expect(apps.size).to eq(1)
|
536
|
-
app = apps.first
|
537
|
-
expect(app["nodes"]).not_to be_nil
|
538
|
-
comps = catalog.direct_dependents_of(app).map(&:ref).sort
|
539
|
-
expect(comps).to eq(["Cons[three]", "Cons[two]", "Prod[one]"])
|
540
|
-
|
541
|
-
prod = catalog.resource("Prod[one]")
|
542
|
-
expect(prod).not_to be_nil
|
543
|
-
expect(prod.export.map(&:ref)).to eq(["Cap[cap]"])
|
544
|
-
|
545
|
-
cons = catalog.resource("Cons[two]")
|
546
|
-
expect(cons).not_to be_nil
|
547
|
-
expect(cons[:consume].ref).to eq("Cap[cap]")
|
548
|
-
end
|
549
|
-
|
550
|
-
it "includes class components" do
|
551
|
-
catalog = compile_to_env_catalog(MANIFEST_WITH_CLASS).to_resource
|
552
|
-
classes = catalog.resources.select do |res|
|
553
|
-
res.type == 'Class' && (res.title == 'Prod' || res.title == 'Cons')
|
554
|
-
end
|
555
|
-
expect(classes.size).to eq(2)
|
556
|
-
expect(classes.map(&:ref).sort).to eq(["Class[Cons]", "Class[Prod]"])
|
557
|
-
|
558
|
-
prod = catalog.resource("Class[prod]")
|
559
|
-
expect(prod).not_to be_nil
|
560
|
-
expect(prod.export.map(&:ref)).to eq(["Cap[cap]"])
|
561
|
-
|
562
|
-
cons = catalog.resource("Class[cons]")
|
563
|
-
expect(cons).not_to be_nil
|
564
|
-
expect(cons[:consume].ref).to eq("Cap[cap]")
|
565
|
-
end
|
566
|
-
|
567
|
-
it "an application instance must be contained in a site" do
|
568
|
-
expect { compile_to_env_catalog(FAULTY_MANIFEST)
|
569
|
-
}.to raise_error(/Application instances .* can only be contained within a Site/)
|
570
|
-
end
|
571
|
-
|
572
|
-
context "when using a site expression" do
|
573
|
-
it "includes components and capability resources" do
|
574
|
-
catalog = compile_to_env_catalog(MANIFEST_WITH_SITE).to_resource
|
575
|
-
apps = catalog.resources.select do |res|
|
576
|
-
res.resource_type && res.resource_type.application?
|
577
|
-
end
|
578
|
-
expect(apps.size).to eq(1)
|
579
|
-
app = apps.first
|
580
|
-
expect(app["nodes"]).not_to be_nil
|
581
|
-
comps = catalog.direct_dependents_of(app).map(&:ref).sort
|
582
|
-
expect(comps).to eq(["Cons[two]", "Prod[one]"])
|
583
|
-
|
584
|
-
prod = catalog.resource("Prod[one]")
|
585
|
-
expect(prod).not_to be_nil
|
586
|
-
expect(prod.export.map(&:ref)).to eq(["Cap[cap]"])
|
587
|
-
|
588
|
-
cons = catalog.resource("Cons[two]")
|
589
|
-
expect(cons).not_to be_nil
|
590
|
-
expect(cons[:consume].ref).to eq("Cap[cap]")
|
591
|
-
end
|
592
|
-
|
593
|
-
it "the site expression is evaluated in an environment compilation" do
|
594
|
-
catalog = compile_to_env_catalog(MANIFEST_WITH_SITE).to_resource
|
595
|
-
types = catalog.resource_keys.map { |type, _| type }.uniq.sort
|
596
|
-
expect(types).to eq(["App", "Class", "Cons", "Prod", "Site", "Stage"])
|
597
|
-
expect(catalog.resource("Notify[on a node]")).to be_nil
|
598
|
-
apps = catalog.resources.select do |res|
|
599
|
-
res.resource_type && res.resource_type.application?
|
600
|
-
end
|
601
|
-
expect(apps.size).to eq(1)
|
602
|
-
app = apps.first
|
603
|
-
comps = catalog.direct_dependents_of(app).map(&:ref).sort
|
604
|
-
expect(comps).to eq(["Cons[two]", "Prod[one]"])
|
605
|
-
end
|
606
|
-
|
607
|
-
it "fails if there are non component resources in the site" do
|
608
|
-
expect {
|
609
|
-
compile_to_env_catalog(MANIFEST_WITH_ILLEGAL_RESOURCE).to_resource
|
610
|
-
}.to raise_error(/Only application components can appear inside a site - Notify\[fail me\] is not allowed \(line: 20\)/)
|
611
|
-
end
|
612
|
-
end
|
613
|
-
|
614
|
-
it "includes code_id if specified" do
|
615
|
-
catalog = compile_to_env_catalog(MANIFEST_WITH_SITE, "12345")
|
616
|
-
expect(catalog.code_id).to eq("12345")
|
617
|
-
end
|
618
|
-
|
619
|
-
it "omits code_id if unspecified" do
|
620
|
-
catalog = compile_to_env_catalog(MANIFEST_WITH_SITE)
|
621
|
-
expect(catalog.code_id).to be_nil
|
622
|
-
end
|
623
|
-
end
|
624
|
-
|
625
|
-
|
626
|
-
describe "when validation of nodes" do
|
627
|
-
it 'validates that the key of a node mapping is a Node' do
|
628
|
-
expect { compile_to_catalog(<<-EOS, Puppet::Node.new('other', :environment => env))
|
629
|
-
application app {
|
630
|
-
}
|
631
|
-
|
632
|
-
site {
|
633
|
-
app { anapp:
|
634
|
-
nodes => {
|
635
|
-
'hello' => Node[other],
|
636
|
-
}
|
637
|
-
}
|
638
|
-
}
|
639
|
-
EOS
|
640
|
-
}.to raise_error(Puppet::Error, /hello is not a Node/)
|
641
|
-
end
|
642
|
-
|
643
|
-
it 'validates that the value of a node mapping is a resource' do
|
644
|
-
expect { compile_to_catalog(<<-EOS, Puppet::Node.new('other', :environment => env))
|
645
|
-
application app {
|
646
|
-
}
|
647
|
-
|
648
|
-
site {
|
649
|
-
app { anapp:
|
650
|
-
nodes => {
|
651
|
-
Node[other] => 'hello'
|
652
|
-
}
|
653
|
-
}
|
654
|
-
}
|
655
|
-
EOS
|
656
|
-
}.to raise_error(Puppet::Error, /hello is not a resource/)
|
657
|
-
end
|
658
|
-
|
659
|
-
it 'validates that the value can be an array or resources' do
|
660
|
-
expect { compile_to_catalog(<<-EOS, Puppet::Node.new('other', :environment => env))
|
661
|
-
define p {
|
662
|
-
notify {$title:}
|
663
|
-
}
|
664
|
-
|
665
|
-
application app {
|
666
|
-
p{one:}
|
667
|
-
p{two:}
|
668
|
-
}
|
669
|
-
|
670
|
-
site {
|
671
|
-
app { anapp:
|
672
|
-
nodes => {
|
673
|
-
Node[other] => [P[one],P[two]]
|
674
|
-
}
|
675
|
-
}
|
676
|
-
}
|
677
|
-
EOS
|
678
|
-
}.not_to raise_error
|
679
|
-
end
|
680
|
-
|
681
|
-
it 'validates that the is bound to exactly one node' do
|
682
|
-
expect { compile_to_catalog(<<-EOS, Puppet::Node.new('first', :environment => env))
|
683
|
-
define p {
|
684
|
-
notify {$title:}
|
685
|
-
}
|
686
|
-
|
687
|
-
application app {
|
688
|
-
p{one:}
|
689
|
-
}
|
690
|
-
|
691
|
-
site {
|
692
|
-
app { anapp:
|
693
|
-
nodes => {
|
694
|
-
Node[first] => P[one],
|
695
|
-
Node[second] => P[one],
|
696
|
-
}
|
697
|
-
}
|
698
|
-
}
|
699
|
-
EOS
|
700
|
-
}.to raise_error(Puppet::Error, /maps component P\[one\] to multiple nodes/)
|
701
|
-
end
|
702
|
-
end
|
703
|
-
|
704
|
-
describe "site containing a resource named 'plan'" do
|
705
|
-
it 'finds an application named plan' do
|
706
|
-
expect {compile_collect_log(<<-PUPPET)}.not_to raise_error
|
707
|
-
define plan::node_file() {
|
708
|
-
file { "/tmp/plans/${name}.txt":
|
709
|
-
content => "this is ${name}.txt",
|
710
|
-
}
|
711
|
-
}
|
712
|
-
Plan::Node_file produces Node_file {}
|
713
|
-
application plan() {
|
714
|
-
plan::node_file { "node_file_${name}":
|
715
|
-
export => Node_file["node_file_${name}"]
|
716
|
-
}
|
717
|
-
}
|
718
|
-
site {
|
719
|
-
plan { "test":
|
720
|
-
nodes => {
|
721
|
-
Node["test.example.com"] => Plan::Node_file["node_file_plan_test"],
|
722
|
-
}
|
723
|
-
}
|
724
|
-
}
|
725
|
-
PUPPET
|
726
|
-
|
727
|
-
expect(warnings).to include(/Use of future reserved word: 'plan'/)
|
728
|
-
end
|
729
|
-
end
|
730
|
-
end
|