puppet 6.19.1-x64-mingw32 → 6.23.0-x64-mingw32

data/spec/fixtures/ssl/unknown-ca.pem

@@ -6,21 +6,30 @@ Certificate:
         Issuer: CN=Unknown CA
         Validity
             Not Before: Jan  1 00:00:00 1970 GMT
-            Not After : Mar 10 06:54:16 2030 GMT
+            Not After : Apr 18 18:46:23 2031 GMT
         Subject: CN=Unknown CA
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                RSA Public-Key: (2048 bit)
                 Modulus:
-                    00:c1:5e:5d:26:ae:73:17:5a:70:37:ac:42:25:ca:
-                    05:10:86:17:23:6c:28:84:48:2a:4a:d4:b0:3a:2a:
-                    d8:33:ae:58:67:6f:9b:4f:a6:b4:87:b1:ec:37:00:
-                    69:8d:d5:cf:71:8a:96:e1:4a:f8:c8:81:36:f9:43:
-                    ad:d8:d6:76:83:27:99:a4:48:17:c2:ef:9c:22:40:
-                    4b:c6:58:21:88:e5:1d:37:79:4e:ba:31:e6:52:ec:
-                    8c:23:ed:d6:ce:3b:58:ad:82:c7:ae:28:47:d4:e7:
-                    cc:31:ac:78:c9:02:87:d0:b1:91:09:f6:1e:9a:c3:
-                    4f:f6:5a:fe:a2:21:0e:c0:95
+                    00:ea:16:4c:26:71:56:ac:35:bb:2b:f6:1b:18:58:
+                    16:0f:1c:39:3f:4d:02:e4:b2:a7:8b:bd:fe:99:57:
+                    f2:a5:a8:15:01:79:0d:1d:f6:d9:12:db:d5:26:a2:
+                    f6:58:af:4b:2c:aa:46:7a:53:63:9f:1f:1a:9e:1c:
+                    fc:9a:8e:20:c8:c8:c8:db:4d:50:8d:4e:19:83:a1:
+                    9d:54:49:26:7b:3a:e0:77:1d:7d:88:01:80:46:32:
+                    70:47:16:08:71:de:12:94:67:fd:71:1f:41:56:93:
+                    15:91:68:bd:05:3b:67:96:1f:7a:4d:d5:1e:b6:ac:
+                    41:1f:f0:ce:d3:2d:96:d9:7c:ad:cd:be:b3:32:66:
+                    18:03:2c:83:98:f1:e8:96:6f:85:0f:e1:1f:93:d0:
+                    f9:09:43:8c:b1:ea:43:26:32:a5:c6:d2:32:75:2d:
+                    ed:72:9d:bf:3a:bb:f3:4e:d0:0c:ac:ba:6b:fd:7f:
+                    66:d8:12:40:4e:49:e7:d4:ec:70:03:71:37:cb:5e:
+                    cc:d3:4f:f3:d2:cc:e2:39:eb:79:6c:71:e5:d1:0e:
+                    45:4c:7a:3d:6f:39:e8:16:e7:de:60:eb:01:e7:80:
+                    4e:42:1d:1c:33:0a:eb:f9:10:2c:5c:ed:0c:58:0b:
+                    8c:fd:6d:f4:19:49:8a:a2:81:ab:04:b0:cb:7a:61:
+                    1f:d3
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: critical
@@ -28,32 +37,45 @@ Certificate:
             X509v3 Key Usage: critical
                 Certificate Sign, CRL Sign
             X509v3 Subject Key Identifier: 
-                E9:58:70:FE:F1:C1:AA:5A:70:7A:C1:02:11:1D:9A:F4:60:4F:70:76
+                16:C5:98:B8:84:0B:0A:43:CB:5A:D2:E0:55:C0:64:AB:89:F8:50:FD
             Netscape Comment: 
                 Puppet Server Internal Certificate
             X509v3 Authority Key Identifier: 
-                keyid:E9:58:70:FE:F1:C1:AA:5A:70:7A:C1:02:11:1D:9A:F4:60:4F:70:76
+                keyid:16:C5:98:B8:84:0B:0A:43:CB:5A:D2:E0:55:C0:64:AB:89:F8:50:FD
 
     Signature Algorithm: sha256WithRSAEncryption
-         00:45:89:e8:68:a7:50:8c:92:84:3c:c4:e6:10:00:29:27:99:
-         c6:82:aa:aa:b5:0b:ef:97:58:bc:bb:e6:e7:93:7c:a7:ea:e5:
-         9a:61:1d:e3:4f:3f:f9:ac:c4:96:14:a5:1f:77:a6:01:dc:08:
-         15:9c:3f:66:29:92:80:49:e9:db:d9:22:fb:c3:86:bf:40:ab:
-         46:bf:c5:47:bb:c8:89:df:d4:ca:36:f5:08:c4:08:c6:0b:d6:
-         9e:8a:86:41:1e:7e:6f:a9:75:ef:8a:94:a9:fd:1a:9b:0f:55:
-         3a:55:e5:04:82:71:c3:47:78:62:8e:07:ed:dc:4e:ac:f9:33:
-         7b:27
+         7d:0b:a0:2e:d4:fb:6b:29:04:d6:86:4e:89:94:4c:b5:d4:f7:
+         79:5a:38:95:51:9a:80:03:82:93:c8:a7:4e:93:4a:4b:41:1a:
+         85:f3:46:57:e1:70:50:ad:bb:4e:b9:d6:0c:00:e5:9e:4c:f7:
+         26:3b:88:61:27:ad:fa:39:a7:36:e1:62:87:7a:dc:7d:f9:f6:
+         c1:ee:bc:db:f7:65:a1:b0:2a:06:ae:4b:cb:99:82:f5:8e:38:
+         51:ac:c9:92:33:b9:7b:50:8b:c6:72:36:d3:f2:73:7d:58:13:
+         00:21:4d:c6:70:9d:eb:70:58:bf:dc:34:94:7e:bc:ef:17:2d:
+         9d:00:bd:55:f9:48:11:c0:8f:88:ea:a8:7c:5d:fb:88:fd:8c:
+         b4:00:1d:61:a7:4b:2a:90:ef:96:c1:28:2a:a0:95:ad:bb:b3:
+         af:3a:d5:93:1c:54:d7:c5:5b:26:a3:24:87:df:bd:68:74:fa:
+         e6:07:4e:13:b9:5f:54:19:ae:da:00:8c:ca:d6:ff:b7:94:6b:
+         4f:ff:71:ca:2b:7d:ee:7e:32:ff:03:3e:60:a4:30:d4:7d:9c:
+         ab:97:0e:f7:80:ee:69:c0:28:a8:ec:6b:89:05:38:64:34:e8:
+         b2:e9:f3:a1:85:e7:3d:e1:64:3c:86:e4:fd:44:4f:3b:2a:f8:
+         d2:b4:93:22
 -----BEGIN CERTIFICATE-----
-MIICODCCAaGgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApVbmtu
-b3duIENBMB4XDTcwMDEwMTAwMDAwMFoXDTMwMDMxMDA2NTQxNlowFTETMBEGA1UE
-AwwKVW5rbm93biBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV5dJq5z
-F1pwN6xCJcoFEIYXI2wohEgqStSwOirYM65YZ2+bT6a0h7HsNwBpjdXPcYqW4Ur4
-yIE2+UOt2NZ2gyeZpEgXwu+cIkBLxlghiOUdN3lOujHmUuyMI+3WzjtYrYLHrihH
-1OfMMax4yQKH0LGRCfYemsNP9lr+oiEOwJUCAwEAAaOBlzCBlDAPBgNVHRMBAf8E
-BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU6Vhw/vHBqlpwesECER2a
-9GBPcHYwMQYJYIZIAYb4QgENBCQWIlB1cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2Vy
-dGlmaWNhdGUwHwYDVR0jBBgwFoAU6Vhw/vHBqlpwesECER2a9GBPcHYwDQYJKoZI
-hvcNAQELBQADgYEAAEWJ6GinUIyShDzE5hAAKSeZxoKqqrUL75dYvLvm55N8p+rl
-mmEd408/+azElhSlH3emAdwIFZw/ZimSgEnp29ki+8OGv0CrRr/FR7vIid/Uyjb1
-CMQIxgvWnoqGQR5+b6l174qUqf0amw9VOlXlBIJxw0d4Yo4H7dxOrPkzeyc=
+MIIDPTCCAiWgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApVbmtu
+b3duIENBMB4XDTcwMDEwMTAwMDAwMFoXDTMxMDQxODE4NDYyM1owFTETMBEGA1UE
+AwwKVW5rbm93biBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOoW
+TCZxVqw1uyv2GxhYFg8cOT9NAuSyp4u9/plX8qWoFQF5DR322RLb1Sai9livSyyq
+RnpTY58fGp4c/JqOIMjIyNtNUI1OGYOhnVRJJns64HcdfYgBgEYycEcWCHHeEpRn
+/XEfQVaTFZFovQU7Z5Yfek3VHrasQR/wztMtltl8rc2+szJmGAMsg5jx6JZvhQ/h
+H5PQ+QlDjLHqQyYypcbSMnUt7XKdvzq7807QDKy6a/1/ZtgSQE5J59TscANxN8te
+zNNP89LM4jnreWxx5dEORUx6PW856Bbn3mDrAeeATkIdHDMK6/kQLFztDFgLjP1t
+9BlJiqKBqwSwy3phH9MCAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBBjAdBgNVHQ4EFgQUFsWYuIQLCkPLWtLgVcBkq4n4UP0wMQYJYIZI
+AYb4QgENBCQWIlB1cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNhdGUwHwYD
+VR0jBBgwFoAUFsWYuIQLCkPLWtLgVcBkq4n4UP0wDQYJKoZIhvcNAQELBQADggEB
+AH0LoC7U+2spBNaGTomUTLXU93laOJVRmoADgpPIp06TSktBGoXzRlfhcFCtu065
+1gwA5Z5M9yY7iGEnrfo5pzbhYod63H359sHuvNv3ZaGwKgauS8uZgvWOOFGsyZIz
+uXtQi8ZyNtPyc31YEwAhTcZwnetwWL/cNJR+vO8XLZ0AvVX5SBHAj4jqqHxd+4j9
+jLQAHWGnSyqQ75bBKCqgla27s6861ZMcVNfFWyajJIffvWh0+uYHThO5X1QZrtoA
+jMrW/7eUa0//ccorfe5+Mv8DPmCkMNR9nKuXDveA7mnAKKjsa4kFOGQ06LLp86GF
+5z3hZDyG5P1ETzsq+NK0kyI=
 -----END CERTIFICATE-----

data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset

@@ -0,0 +1,9 @@
+UNIT FILE                                  STATE           VENDOR PRESET
+arp-ethers.service                         disabled        disabled     
+auditd.service                             enabled         enabled      
+dbus.service                               enabled         disabled     
+udev.service                               enabled-runtime disabled
+umountfs.service                           linked-runtime  disabled
+umountnfs.service                          masked          disabled
+umountroot.service                         masked-runtime  disabled
+urandom.service                            indirect        enabled

data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out

@@ -6,6 +6,10 @@ test_aix_user:
 no_password_user:
         lastupdate = another_last_update
 
+tab_password_user:
+        password  =  some_password
+        lastupdate = another_last_update
+
 daemon:
         password = *
 

data/spec/integration/application/agent_spec.rb

@@ -100,10 +100,10 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
   end
 
   context 'rich data' do
-    it "applies deferred values" do
+    it "calls a deferred 4x function" do
       catalog_handler = -> (req, res) {
         catalog = compile_to_catalog(<<-MANIFEST, node)
-          notify { 'deferred':
+          notify { 'deferred4x':
             message => Deferred('join', [[1,2,3], ':'])
           }
         MANIFEST
@@ -118,7 +118,66 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
           agent.command_line.args << '--test'
           agent.run
         }.to exit_with(2)
-         .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred\]/message: defined 'message' as '1:2:3'}).to_stdout
+         .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred4x\]/message: defined 'message' as '1:2:3'}).to_stdout
+      end
+    end
+
+    it "calls a deferred 3x function" do
+      catalog_handler = -> (req, res) {
+        catalog = compile_to_catalog(<<-MANIFEST, node)
+          notify { 'deferred3x':
+            message => Deferred('sprintf', ['%s', 'I am deferred'])
+          }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: {catalog: catalog_handler}) do |port|
+        Puppet[:serverport] = port
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(2)
+         .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred3x\]/message: defined 'message' as 'I am deferred'}).to_stdout
+      end
+    end
+
+    it "re-evaluates a deferred function in a cached catalog" do
+      Puppet[:report] = false
+      Puppet[:use_cached_catalog] = true
+      Puppet[:usecacheonfailure] = false
+
+      catalog_dir = File.join(Puppet[:client_datadir], 'catalog')
+      Puppet::FileSystem.mkpath(catalog_dir)
+      cached_catalog_path = "#{File.join(catalog_dir, Puppet[:certname])}.json"
+
+      # our catalog contains a deferred function that calls `binary_file`
+      # to read `source`. The function returns a Binary object, whose
+      # base64 value is printed to stdout
+      source = tmpfile('deferred_source')
+      catalog = File.read(my_fixture('cached_deferred_catalog.json'))
+      catalog.gsub!('__SOURCE_PATH__', source)
+      File.write(cached_catalog_path, catalog)
+
+      # verify we get a different result each time the deferred function
+      # is evaluated, and reads `source`.
+      {
+        '1234' => 'MTIzNA==',
+        '5678' => 'NTY3OA=='
+      }.each_pair do |content, base64|
+        File.write(source, content)
+
+        expect {
+          agent.command_line.args << '-t'
+          agent.run
+
+        }.to exit_with(2)
+         .and output(/Notice: #{base64}/).to_stdout
+
+        # reset state so we can run again
+        Puppet::Application.clear!
       end
     end
 
@@ -476,4 +535,102 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
       th.kill # kill thread so we don't wait too much
     end
   end
+
+  context 'cached catalogs' do
+    it 'falls back to a cached catalog' do
+      catalog_handler = -> (req, res) {
+        catalog = compile_to_catalog(<<-MANIFEST, node)
+          notify { 'a message': }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: {catalog: catalog_handler}) do |port|
+        Puppet[:serverport] = port
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(2)
+         .and output(%r{Caching catalog for #{Puppet[:certname]}}).to_stdout
+      end
+
+      # reset state so we can run again
+      Puppet::Application.clear!
+
+      # --test above turns off `usecacheonfailure` so re-enable here
+      Puppet[:usecacheonfailure] = true
+
+      # run agent without server
+      expect {
+        agent.command_line.args << '--no-daemonize' << '--onetime' << '--server' << '127.0.0.1'
+        agent.run
+      }.to exit_with(2)
+       .and output(a_string_matching(
+         /Using cached catalog from environment 'production'/
+       ).and matching(
+         /Notify\[a message\]\/message:/
+       )).to_stdout
+       .and output(/the agent run will continue/).to_stderr
+    end
+
+    it 'preserves the old cached catalog if validation fails with the old one' do
+      catalog_handler = -> (req, res) {
+        catalog = compile_to_catalog(<<-MANIFEST, node)
+          exec { 'unqualified_command': }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: {catalog: catalog_handler}) do |port|
+        Puppet[:serverport] = port
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(1)
+         .and output(/Using configured environment/).to_stdout
+         .and output(%r{Validation of Exec\[unqualified_command\] failed: 'unqualified_command' is not qualified and no path was specified}).to_stderr
+      end
+
+      # cached catalog should not be updated
+      cached_catalog = "#{File.join(Puppet[:client_datadir], 'catalog', Puppet[:certname])}.json"
+      expect(File).to_not be_exist(cached_catalog)
+    end
+  end
+
+  context "reporting" do
+    it "stores a finalized report" do
+      catalog_handler = -> (req, res) {
+        catalog = compile_to_catalog(<<-MANIFEST, node)
+        notify { 'foo':
+          require => Notify['bar']
+        }
+
+        notify { 'bar':
+          require => Notify['foo']
+        }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: {catalog: catalog_handler}) do |port|
+        Puppet[:serverport] = port
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(1)
+         .and output(%r{Applying configuration}).to_stdout
+         .and output(%r{Found 1 dependency cycle}).to_stderr
+
+        report = Puppet::Transaction::Report.convert_from(:yaml, File.read(Puppet[:lastrunreport]))
+        expect(report.status).to eq("failed")
+        expect(report.metrics).to_not be_empty
+      end
+    end
+  end
 end

data/spec/integration/application/apply_spec.rb

@@ -663,4 +663,23 @@ class amod::bad_type {
       end
     end
   end
+
+  context 'rich data' do
+    it "calls a deferred 4x function" do
+      apply.command_line.args = ['-e', 'notify { "deferred3x": message => Deferred("join", [[1,2,3], ":"]) }']
+
+      expect {
+        apply.run
+      }.to exit_with(0) # for some reason apply returns 0 instead of 2
+       .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred3x\]/message: defined 'message' as '1:2:3'}).to_stdout
+    end
+
+    it "calls a deferred 3x function" do
+      apply.command_line.args = ['-e', 'notify { "deferred4x": message => Deferred("sprintf", ["%s", "I am deferred"]) }']
+      expect {
+        apply.run
+      }.to exit_with(0) # for some reason apply returns 0 instead of 2
+       .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred4x\]/message: defined 'message' as 'I am deferred'}).to_stdout
+    end
+  end
 end

data/spec/integration/application/plugin_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 require 'puppet/face'
 require 'puppet_spec/puppetserver'
 
-describe "puppet plugin" do
+describe "puppet plugin", unless: Puppet::Util::Platform.jruby? do
   include_context "https client"
 
   let(:server) { PuppetSpec::Puppetserver.new }

data/spec/integration/application/resource_spec.rb

@@ -0,0 +1,30 @@
+require 'spec_helper'
+require 'puppet_spec/files'
+
+describe "puppet resource", unless: Puppet::Util::Platform.jruby? do
+  include PuppetSpec::Files
+
+  let(:resource) { Puppet::Application[:resource] }
+
+  describe "when handling file and tidy types" do
+    let!(:dir) { dir_containing('testdir', 'testfile' => 'contents') }
+
+    it 'does not raise when generating file resources' do
+      resource.command_line.args = ['file', dir, 'ensure=directory', 'recurse=true']
+
+      expect {
+        resource.run
+      }.to output(/ensure.+=> 'directory'/).to_stdout
+    end
+
+    it 'correctly cleans up a given path' do
+      resource.command_line.args = ['tidy', dir, 'rmdirs=true', 'recurse=true']
+
+      expect {
+        resource.run
+      }.to output(/Notice: \/File\[#{dir}\]\/ensure: removed/).to_stdout
+
+      expect(Puppet::FileSystem.exist?(dir)).to be false
+    end
+  end
+end

data/spec/integration/defaults_spec.rb

@@ -36,13 +36,6 @@ describe "Puppet defaults" do
     end
   end
 
-  describe "when setting the :serverport" do
-    it "should also set the :masterport to the same value" do
-      Puppet.settings[:serverport] = 9000
-      expect(Puppet.settings[:masterport]).to eq(9000)
-    end
-  end
-
   describe "when setting the :factpath" do
     it "should add the :factpath to Facter's search paths" do
       expect(Facter).to receive(:search).with("/my/fact/path")

data/spec/integration/environments/setting_hooks_spec.rb

@@ -12,7 +12,7 @@ describe "setting hooks" do
     end
 
     it "accesses correct directory environment settings after initializing a setting with an on_write hook" do
-      expect(Puppet.settings.setting(:certname).call_hook).to eq(:on_write_only) 
+      expect(Puppet.settings.setting(:strict).call_hook).to eq(:on_write_only)
 
       File.open(File.join(confdir, "puppet.conf"), "w:UTF-8") do |f|
         f.puts("environmentpath=#{environmentpath}")

data/spec/integration/http/client_spec.rb

@@ -151,4 +151,16 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
       end
     end
   end
+
+  context 'ciphersuites' do
+    it "does not connect when using an SSLv3 ciphersuite", :if => Puppet::Util::Package.versioncmp(OpenSSL::OPENSSL_LIBRARY_VERSION.split[1], '1.1.1e') > 0 do
+      Puppet[:ciphers] = "DES-CBC3-SHA"
+
+      https_server.start_server do |port|
+        expect {
+          client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: root_context})
+        }.to raise_error(Puppet::HTTP::ConnectionError, /no cipher match|sslv3 alert handshake failure/)
+      end
+    end
+  end
 end

data/spec/integration/indirector/direct_file_server_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'matchers/include'
 
 require 'puppet/indirector/file_content/file'
 require 'puppet/indirector/file_metadata/file'
@@ -30,7 +29,6 @@ end
 
 describe Puppet::Indirector::DirectFileServer, " when interacting with FileServing::Fileset and the model" do
   include PuppetSpec::Files
-  include Matchers::Include
 
   matcher :file_with_content do |name, content|
     match do |actual|
@@ -52,7 +50,7 @@ describe Puppet::Indirector::DirectFileServer, " when interacting with FileServi
     terminus = Puppet::Indirector::FileContent::File.new
     request = terminus.indirection.request(:search, Puppet::Util.path_to_uri(path).to_s, nil, :recurse => true)
 
-    expect(terminus.search(request)).to include_in_any_order(
+    expect(terminus.search(request)).to contain_exactly(
       file_with_content(File.join(path, "one"), "one content"),
       file_with_content(File.join(path, "two"), "two content"),
       directory_named(path))