RubyGems - puppet - Versions diffs - 6.19.1-x64-mingw32 → 6.23.0-x64-mingw32 - Mend

puppet 6.19.1-x64-mingw32 → 6.23.0-x64-mingw32

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (293) hide show

checksums.yaml +4 -4
data/CODEOWNERS +2 -16
data/Gemfile +3 -1
data/Gemfile.lock +51 -40
data/ext/osx/puppet.plist +2 -0
data/ext/project_data.yaml +2 -2
data/lib/puppet/application.rb +10 -6
data/lib/puppet/application/agent.rb +12 -4
data/lib/puppet/application/apply.rb +4 -2
data/lib/puppet/application/device.rb +2 -0
data/lib/puppet/application/filebucket.rb +2 -2
data/lib/puppet/application/resource.rb +2 -1
data/lib/puppet/application/script.rb +2 -0
data/lib/puppet/application/ssl.rb +11 -0
data/lib/puppet/application_support.rb +7 -0
data/lib/puppet/configurer.rb +28 -18
data/lib/puppet/configurer/downloader.rb +2 -1
data/lib/puppet/defaults.rb +51 -23
data/lib/puppet/environments.rb +54 -55
data/lib/puppet/face/config.rb +10 -0
data/lib/puppet/face/epp.rb +12 -2
data/lib/puppet/face/facts.rb +158 -0
data/lib/puppet/ffi/posix.rb +10 -0
data/lib/puppet/ffi/posix/constants.rb +14 -0
data/lib/puppet/ffi/posix/functions.rb +24 -0
data/lib/puppet/file_serving/fileset.rb +14 -2
data/lib/puppet/file_system/memory_file.rb +8 -1
data/lib/puppet/file_system/windows.rb +2 -0
data/lib/puppet/functions/all.rb +1 -1
data/lib/puppet/functions/camelcase.rb +1 -1
data/lib/puppet/functions/capitalize.rb +2 -2
data/lib/puppet/functions/downcase.rb +2 -2
data/lib/puppet/functions/epp.rb +1 -0
data/lib/puppet/functions/get.rb +5 -5
data/lib/puppet/functions/group_by.rb +13 -5
data/lib/puppet/functions/inline_epp.rb +1 -0
data/lib/puppet/functions/lest.rb +1 -1
data/lib/puppet/functions/new.rb +100 -100
data/lib/puppet/functions/partition.rb +12 -4
data/lib/puppet/functions/require.rb +5 -5
data/lib/puppet/functions/sort.rb +3 -3
data/lib/puppet/functions/tree_each.rb +7 -9
data/lib/puppet/functions/type.rb +4 -4
data/lib/puppet/functions/upcase.rb +2 -2
data/lib/puppet/http/resolver/server_list.rb +15 -4
data/lib/puppet/http/service/compiler.rb +69 -0
data/lib/puppet/http/service/file_server.rb +2 -1
data/lib/puppet/indirector/catalog/compiler.rb +1 -0
data/lib/puppet/indirector/fact_search.rb +60 -0
data/lib/puppet/indirector/facts/facter.rb +24 -3
data/lib/puppet/indirector/facts/json.rb +27 -0
data/lib/puppet/indirector/facts/yaml.rb +3 -58
data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
data/lib/puppet/indirector/json.rb +5 -1
data/lib/puppet/indirector/node/json.rb +8 -0
data/lib/puppet/indirector/report/json.rb +34 -0
data/lib/puppet/module_tool/applications/installer.rb +48 -2
data/lib/puppet/module_tool/errors/shared.rb +17 -2
data/lib/puppet/network/formats.rb +69 -1
data/lib/puppet/network/http/factory.rb +4 -0
data/lib/puppet/pal/pal_impl.rb +70 -17
data/lib/puppet/parser/ast/leaf.rb +3 -2
data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
data/lib/puppet/parser/templatewrapper.rb +1 -1
data/lib/puppet/pops/evaluator/deferred_resolver.rb +5 -3
data/lib/puppet/pops/evaluator/evaluator_impl.rb +22 -3
data/lib/puppet/pops/model/ast_transformer.rb +1 -1
data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
data/lib/puppet/property/list.rb +1 -1
data/lib/puppet/provider/group/groupadd.rb +13 -8
data/lib/puppet/provider/package/apt.rb +34 -2
data/lib/puppet/provider/package/aptitude.rb +6 -0
data/lib/puppet/provider/package/dnfmodule.rb +1 -1
data/lib/puppet/provider/package/nim.rb +11 -6
data/lib/puppet/provider/service/debian.rb +2 -0
data/lib/puppet/provider/service/systemd.rb +14 -4
data/lib/puppet/provider/service/windows.rb +38 -0
data/lib/puppet/provider/user/aix.rb +2 -2
data/lib/puppet/provider/user/directoryservice.rb +25 -12
data/lib/puppet/provider/user/useradd.rb +62 -8
data/lib/puppet/reference/configuration.rb +7 -6
data/lib/puppet/settings.rb +33 -28
data/lib/puppet/settings/alias_setting.rb +37 -0
data/lib/puppet/settings/base_setting.rb +26 -2
data/lib/puppet/settings/environment_conf.rb +1 -0
data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
data/lib/puppet/type/file.rb +19 -1
data/lib/puppet/type/file/selcontext.rb +1 -1
data/lib/puppet/type/package.rb +3 -3
data/lib/puppet/type/service.rb +18 -38
data/lib/puppet/type/tidy.rb +21 -2
data/lib/puppet/type/user.rb +38 -20
data/lib/puppet/util/autoload.rb +1 -8
data/lib/puppet/util/fact_dif.rb +81 -0
data/lib/puppet/util/monkey_patches.rb +7 -0
data/lib/puppet/util/posix.rb +54 -5
data/lib/puppet/util/rubygems.rb +5 -1
data/lib/puppet/util/selinux.rb +30 -4
data/lib/puppet/util/windows/adsi.rb +46 -0
data/lib/puppet/util/windows/api_types.rb +1 -1
data/lib/puppet/util/windows/principal.rb +9 -2
data/lib/puppet/util/windows/service.rb +1 -1
data/lib/puppet/util/windows/sid.rb +4 -2
data/lib/puppet/version.rb +1 -1
data/locales/puppet.pot +372 -288
data/man/man5/puppet.conf.5 +282 -254
data/man/man8/puppet-agent.8 +2 -2
data/man/man8/puppet-apply.8 +2 -2
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +2 -2
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +90 -1
data/man/man8/puppet-filebucket.8 +3 -3
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +1 -1
data/man/man8/puppet-node.8 +4 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +4 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +2 -2
data/man/man8/puppet-ssl.8 +5 -1
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +91 -0
data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
data/spec/fixtures/ssl/ca.pem +57 -35
data/spec/fixtures/ssl/crl.pem +28 -18
data/spec/fixtures/ssl/ec-key.pem +11 -11
data/spec/fixtures/ssl/ec.pem +33 -24
data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
data/spec/fixtures/ssl/encrypted-key.pem +108 -58
data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
data/spec/fixtures/ssl/intermediate.pem +57 -36
data/spec/fixtures/ssl/pluto-key.pem +107 -57
data/spec/fixtures/ssl/pluto.pem +52 -30
data/spec/fixtures/ssl/request-key.pem +107 -57
data/spec/fixtures/ssl/request.pem +47 -26
data/spec/fixtures/ssl/revoked-key.pem +107 -57
data/spec/fixtures/ssl/revoked.pem +52 -30
data/spec/fixtures/ssl/signed-key.pem +107 -57
data/spec/fixtures/ssl/signed.pem +52 -30
data/spec/fixtures/ssl/tampered-cert.pem +52 -30
data/spec/fixtures/ssl/tampered-csr.pem +47 -26
data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
data/spec/fixtures/ssl/unknown-ca.pem +55 -33
data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +4 -0
data/spec/integration/application/agent_spec.rb +160 -3
data/spec/integration/application/apply_spec.rb +19 -0
data/spec/integration/application/plugin_spec.rb +1 -1
data/spec/integration/application/resource_spec.rb +30 -0
data/spec/integration/defaults_spec.rb +0 -7
data/spec/integration/environments/setting_hooks_spec.rb +1 -1
data/spec/integration/http/client_spec.rb +12 -0
data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
data/spec/integration/resource/type_collection_spec.rb +2 -6
data/spec/integration/transaction_spec.rb +4 -9
data/spec/integration/util/windows/adsi_spec.rb +21 -1
data/spec/integration/util/windows/principal_spec.rb +21 -0
data/spec/integration/util/windows/registry_spec.rb +6 -10
data/spec/lib/puppet/test_ca.rb +2 -2
data/spec/lib/puppet_spec/settings.rb +6 -1
data/spec/spec_helper.rb +12 -5
data/spec/unit/agent_spec.rb +8 -6
data/spec/unit/application/agent_spec.rb +7 -3
data/spec/unit/application/config_spec.rb +224 -4
data/spec/unit/application/facts_spec.rb +482 -3
data/spec/unit/application/filebucket_spec.rb +0 -2
data/spec/unit/application/ssl_spec.rb +23 -0
data/spec/unit/application_spec.rb +51 -9
data/spec/unit/configurer/downloader_spec.rb +6 -0
data/spec/unit/configurer_spec.rb +23 -0
data/spec/unit/confine/feature_spec.rb +1 -1
data/spec/unit/confine_spec.rb +8 -2
data/spec/unit/defaults_spec.rb +36 -1
data/spec/unit/environments_spec.rb +221 -68
data/spec/unit/face/config_spec.rb +27 -32
data/spec/unit/face/facts_spec.rb +4 -0
data/spec/unit/face/node_spec.rb +0 -11
data/spec/unit/file_serving/configuration/parser_spec.rb +0 -1
data/spec/unit/file_serving/fileset_spec.rb +60 -0
data/spec/unit/file_serving/metadata_spec.rb +3 -3
data/spec/unit/file_serving/terminus_helper_spec.rb +11 -4
data/spec/unit/file_system_spec.rb +9 -0
data/spec/unit/forge/module_release_spec.rb +2 -7
data/spec/unit/functions/inline_epp_spec.rb +26 -1
data/spec/unit/gettext/config_spec.rb +12 -0
data/spec/unit/http/service/compiler_spec.rb +172 -0
data/spec/unit/http/service_spec.rb +1 -1
data/spec/unit/indirector/catalog/compiler_spec.rb +14 -10
data/spec/unit/indirector/face_spec.rb +0 -1
data/spec/unit/indirector/facts/facter_spec.rb +95 -1
data/spec/unit/indirector/facts/json_spec.rb +255 -0
data/spec/unit/indirector/file_bucket_file/selector_spec.rb +26 -8
data/spec/unit/indirector/indirection_spec.rb +8 -12
data/spec/unit/indirector/key/file_spec.rb +0 -1
data/spec/unit/indirector/node/json_spec.rb +33 -0
data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
data/spec/unit/indirector/report/yaml_spec.rb +72 -8
data/spec/unit/indirector_spec.rb +2 -2
data/spec/unit/module_tool/applications/installer_spec.rb +66 -0
data/spec/unit/network/authconfig_spec.rb +0 -3
data/spec/unit/network/formats_spec.rb +41 -0
data/spec/unit/network/http/api/indirected_routes_spec.rb +0 -9
data/spec/unit/network/http/factory_spec.rb +19 -0
data/spec/unit/network/http/handler_spec.rb +0 -5
data/spec/unit/parser/compiler_spec.rb +3 -19
data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
data/spec/unit/parser/resource_spec.rb +14 -8
data/spec/unit/parser/templatewrapper_spec.rb +4 -3
data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +20 -0
data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
data/spec/unit/property_spec.rb +1 -0
data/spec/unit/provider/group/groupadd_spec.rb +5 -2
data/spec/unit/provider/nameservice_spec.rb +66 -65
data/spec/unit/provider/package/apt_spec.rb +28 -23
data/spec/unit/provider/package/aptitude_spec.rb +1 -1
data/spec/unit/provider/package/base_spec.rb +6 -5
data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
data/spec/unit/provider/package/nim_spec.rb +42 -0
data/spec/unit/provider/package/pacman_spec.rb +18 -12
data/spec/unit/provider/package/pip_spec.rb +6 -11
data/spec/unit/provider/package/pkgdmg_spec.rb +0 -4
data/spec/unit/provider/service/init_spec.rb +1 -0
data/spec/unit/provider/service/openwrt_spec.rb +3 -1
data/spec/unit/provider/service/systemd_spec.rb +53 -8
data/spec/unit/provider/service/windows_spec.rb +202 -0
data/spec/unit/provider/user/aix_spec.rb +5 -0
data/spec/unit/provider/user/directoryservice_spec.rb +67 -35
data/spec/unit/provider/user/hpux_spec.rb +1 -1
data/spec/unit/provider/user/pw_spec.rb +2 -0
data/spec/unit/provider/user/useradd_spec.rb +71 -3
data/spec/unit/provider_spec.rb +8 -10
data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
data/spec/unit/resource/capability_finder_spec.rb +6 -1
data/spec/unit/resource/catalog_spec.rb +1 -1
data/spec/unit/resource/type_spec.rb +1 -1
data/spec/unit/resource_spec.rb +11 -10
data/spec/unit/settings_spec.rb +419 -242
data/spec/unit/ssl/base_spec.rb +0 -1
data/spec/unit/ssl/host_spec.rb +0 -5
data/spec/unit/ssl/ssl_provider_spec.rb +14 -8
data/spec/unit/ssl/state_machine_spec.rb +19 -5
data/spec/unit/transaction/additional_resource_generator_spec.rb +3 -9
data/spec/unit/transaction/event_manager_spec.rb +14 -11
data/spec/unit/transaction_spec.rb +18 -11
data/spec/unit/type/file/content_spec.rb +0 -1
data/spec/unit/type/file/selinux_spec.rb +3 -5
data/spec/unit/type/file_spec.rb +0 -6
data/spec/unit/type/group_spec.rb +13 -6
data/spec/unit/type/resources_spec.rb +7 -7
data/spec/unit/type/service_spec.rb +60 -189
data/spec/unit/type/tidy_spec.rb +17 -8
data/spec/unit/type/user_spec.rb +45 -0
data/spec/unit/type_spec.rb +2 -2
data/spec/unit/util/at_fork_spec.rb +2 -2
data/spec/unit/util/autoload_spec.rb +5 -1
data/spec/unit/util/backups_spec.rb +1 -2
data/spec/unit/util/execution_spec.rb +15 -11
data/spec/unit/util/inifile_spec.rb +6 -14
data/spec/unit/util/log_spec.rb +8 -7
data/spec/unit/util/logging_spec.rb +3 -3
data/spec/unit/util/posix_spec.rb +363 -15
data/spec/unit/util/rubygems_spec.rb +2 -2
data/spec/unit/util/selinux_spec.rb +163 -68
data/spec/unit/util/storage_spec.rb +3 -1
data/spec/unit/util/suidmanager_spec.rb +44 -41
data/spec/unit/util/windows/sid_spec.rb +6 -0
data/spec/unit/util_spec.rb +13 -6
data/tasks/generate_cert_fixtures.rake +2 -2
metadata +33 -16
data/spec/integration/application/config_spec.rb +0 -74
data/spec/lib/matchers/include.rb +0 -27
data/spec/lib/matchers/include_spec.rb +0 -32
data/spec/unit/face/catalog_spec.rb +0 -6
data/spec/unit/face/module_spec.rb +0 -3

data/spec/unit/ssl/base_spec.rb CHANGED Viewed

@@ -47,7 +47,6 @@ describe Puppet::SSL::Certificate do
   describe "when initializing wrapped class from a file with #read" do
     it "should open the file with ASCII encoding" do
       path = '/foo/bar/cert'
-      allow(Puppet::SSL::Base).to receive(:valid_certname).and_return(true)
       expect(Puppet::FileSystem).to receive(:read).with(path, :encoding => Encoding::ASCII).and_return("bar")
       @base.read(path)
     end

data/spec/unit/ssl/host_spec.rb CHANGED Viewed

@@ -263,8 +263,6 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
     end
     it "should send a new request to the CA for signing" do
-      @http = double("http")
-      allow(@host).to receive(:http_client).and_return(@http)
       allow(@host).to receive(:ssl_store).and_return(double("ssl store"))
       allow(@host).to receive(:key).and_return(key)
       request = double("request")
@@ -307,7 +305,6 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
       Puppet[:certdir] = tmpdir('certs')
       allow(@host).to receive(:key).and_return(double("key"))
       allow(@host).to receive(:validate_certificate_with_key)
-      allow(@host).to receive(:http_client).and_return(@http)
       allow(@host).to receive(:ssl_store).and_return(double("ssl store"))
     end
@@ -464,8 +461,6 @@ describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
         @revoked_cert = @pki[:revoked_root_node_cert]
         localcacert = Puppet.settings[:localcacert]
         Puppet::Util.replace_file(localcacert, 0644) {|f| f.write @pki[:ca_bundle] }
-        @http = double('http')
-        allow(@host).to receive(:http_client).and_return(@http)
       end
       after do

data/spec/unit/ssl/ssl_provider_spec.rb CHANGED Viewed

@@ -271,14 +271,20 @@ describe Puppet::SSL::SSLProvider do
     end
     # This option is only available in openssl 1.1
-    it 'raises if root cert signature is invalid', if: defined?(OpenSSL::X509::V_FLAG_CHECK_SS_SIGNATURE) do
-      ca = global_cacerts.first
-      ca.sign(wrong_key, OpenSSL::Digest::SHA256.new)
-      expect {
-        subject.create_context(**config.merge(cacerts: global_cacerts))
-      }.to raise_error(Puppet::SSL::CertVerifyError,
-                       "Invalid signature for certificate 'CN=Test CA'")
+    # OpenSSL 1.1.1h no longer reports expired root CAs when using "verify".
+    # This regression was fixed in 1.1.1i, so only skip this test if we're on
+    # the affected version.
+    # See: https://github.com/openssl/openssl/pull/13585
+    if Puppet::Util::Package.versioncmp(OpenSSL::OPENSSL_LIBRARY_VERSION.split[1], '1.1.1h') != 0
+      it 'raises if root cert signature is invalid', if: defined?(OpenSSL::X509::V_FLAG_CHECK_SS_SIGNATURE) do
+        ca = global_cacerts.first
+        ca.sign(wrong_key, OpenSSL::Digest::SHA256.new)
+        expect {
+          subject.create_context(**config.merge(cacerts: global_cacerts))
+        }.to raise_error(Puppet::SSL::CertVerifyError,
+                         "Invalid signature for certificate 'CN=Test CA'")
+      end
     end
     it 'raises if intermediate CA signature is invalid' do

data/spec/unit/ssl/state_machine_spec.rb CHANGED Viewed

@@ -31,6 +31,14 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
     allow(Kernel).to receive(:sleep)
   end
+  def expected_digest(name, content)
+    OpenSSL::Digest.new(name).hexdigest(content)
+  end
+  def to_fingerprint(digest)
+    digest.scan(/../).join(':').upcase
+  end
   context 'when passing keyword arguments' do
     it "accepts digest" do
       expect(described_class.new(digest: 'SHA512').digest).to eq('SHA512')
@@ -395,29 +403,35 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
       it 'verifies CA cert bundle if a ca_fingerprint is given case-insensitively' do
         Puppet[:log_level] = :info
-        machine = described_class.new(digest: 'SHA256', ca_fingerprint: 'caacf69bbbcdad9dbcda92dd2da3608b639d1aea4c314d6cc6823cdb32d8e0f8')
+        digest = expected_digest('SHA256', cacert_pem)
+        fingerprint = to_fingerprint(digest)
+        machine = described_class.new(digest: 'SHA256', ca_fingerprint: digest.downcase)
         state = Puppet::SSL::StateMachine::NeedCACerts.new(machine)
         state.next_state
-        expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA256) CA:AC:F6:9B:BB:CD:AD:9D:BC:DA:92:DD:2D:A3:60:8B:63:9D:1A:EA:4C:31:4D:6C:C6:82:3C:DB:32:D8:E0:F8"))
+        expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA256) #{fingerprint}"))
       end
       it 'verifies CA cert bundle using non-default fingerprint' do
         Puppet[:log_level] = :info
-        machine = described_class.new(digest: 'SHA512', ca_fingerprint: '3c9d1482b878913ad95c9631feac5090cb05c6eab9496178d6fd5c14a023da3b1a8650a3cbaac516d9a48caf0b0742e1ed7eebf55105c024c74834a45056a9d9')
+        digest = expected_digest('SHA512', cacert_pem)
+        machine = described_class.new(digest: 'SHA512', ca_fingerprint: digest)
         state = Puppet::SSL::StateMachine::NeedCACerts.new(machine)
         state.next_state
-        expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA512) 3C:9D:14:82:B8:78:91:3A:D9:5C:96:31:FE:AC:50:90:CB:05:C6:EA:B9:49:61:78:D6:FD:5C:14:A0:23:DA:3B:1A:86:50:A3:CB:AA:C5:16:D9:A4:8C:AF:0B:07:42:E1:ED:7E:EB:F5:51:05:C0:24:C7:48:34:A4:50:56:A9:D9"))
+        expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA512) #{to_fingerprint(digest)}"))
       end
       it 'returns an error if verification fails' do
         machine = described_class.new(digest: 'SHA256', ca_fingerprint: 'wrong!')
         state = Puppet::SSL::StateMachine::NeedCACerts.new(machine)
+        fingerprint = to_fingerprint(expected_digest('SHA256', cacert_pem))
         st = state.next_state
         expect(st).to be_an_instance_of(Puppet::SSL::StateMachine::Error)
-        expect(st.message).to eq("CA bundle with digest (SHA256) CA:AC:F6:9B:BB:CD:AD:9D:BC:DA:92:DD:2D:A3:60:8B:63:9D:1A:EA:4C:31:4D:6C:C6:82:3C:DB:32:D8:E0:F8 did not match expected digest WR:ON:G!")
+        expect(st.message).to eq("CA bundle with digest (SHA256) #{fingerprint} did not match expected digest WR:ON:G!")
       end
     end
   end

data/spec/unit/transaction/additional_resource_generator_spec.rb CHANGED Viewed

@@ -33,10 +33,6 @@ describe Puppet::Transaction::AdditionalResourceGenerator do
       newparam(:code)
-      def respond_to?(method_name)
-        method_name == self[:kind] || super
-      end
       def eval_generate
         eval_code
       end
@@ -97,8 +93,6 @@ describe Puppet::Transaction::AdditionalResourceGenerator do
     end
   end
   after(:each) do
     Puppet::Type.rmtype(:gen_empty)
     Puppet::Type.rmtype(:eval_after)
@@ -314,13 +308,13 @@ describe Puppet::Transaction::AdditionalResourceGenerator do
     it "sets resources_failed_to_generate to true if resource#eval_generate raises an exception" do
       catalog = compile_to_ral(<<-MANIFEST)
-        notify { 'hello': }
+        generator { thing: }
       MANIFEST
-      allow(catalog.resource("Notify[hello]")).to receive(:eval_generate).and_raise(RuntimeError)
+      allow(catalog.resource("Generator[thing]")).to receive(:eval_generate).and_raise(RuntimeError)
       relationship_graph = relationship_graph_for(catalog)
       generator = Puppet::Transaction::AdditionalResourceGenerator.new(catalog, relationship_graph, prioritizer)
-      generator.eval_generate(catalog.resource("Notify[hello]"))
+      generator.eval_generate(catalog.resource("Generator[thing]"))
       expect(generator.resources_failed_to_generate).to be_truthy
     end

data/spec/unit/transaction/event_manager_spec.rb CHANGED Viewed

@@ -152,6 +152,9 @@ describe Puppet::Transaction::EventManager do
       @resource = Puppet::Type.type(:file).new :path => make_absolute("/my/file")
       @event = Puppet::Transaction::Event.new(:name => :event, :resource => @resource)
+      @resource.class.send(:define_method, :callback1) {}
+      @resource.class.send(:define_method, :callback2) {}
     end
     it "should call the required callback once for each set of associated events" do
@@ -178,7 +181,7 @@ describe Puppet::Transaction::EventManager do
       allow(@resource).to receive(:callback1)
-      @manager.process_events(@resource) #x
+      @manager.process_events(@resource)
       expect(@transaction.resource_status(@resource).events.length).to eq(1)
     end
@@ -211,9 +214,11 @@ describe Puppet::Transaction::EventManager do
         @event2 = Puppet::Transaction::Event.new(:name => :event, :resource => @resource)
         @event2.status = "success"
         expect(@manager).to receive(:queued_events).with(@resource).and_yield(:callback1, [@event, @event2])
+        @resource.class.send(:define_method, :callback1) {}
       end
       it "should call the callback" do
         expect(@resource).to receive(:callback1)
         @manager.process_events(@resource)
@@ -225,6 +230,7 @@ describe Puppet::Transaction::EventManager do
         allow(@event).to receive(:status).and_return("noop")
         allow(@resource).to receive(:event).and_return(Puppet::Transaction::Event.new)
         expect(@manager).to receive(:queued_events).with(@resource).and_yield(:callback1, [@event])
+        @resource.class.send(:define_method, :callback1) {}
       end
       it "should log" do
@@ -254,6 +260,7 @@ describe Puppet::Transaction::EventManager do
         allow(@resource).to receive(:event).and_return(Puppet::Transaction::Event.new)
         allow(@resource).to receive(:noop?).and_return(true)
         expect(@manager).to receive(:queued_events).with(@resource).and_yield(:callback1, [@event])
+        @resource.class.send(:define_method, :callback1) {}
       end
       it "should log" do
@@ -279,7 +286,7 @@ describe Puppet::Transaction::EventManager do
     describe "and the callback fails" do
       before do
-        expect(@resource).to receive(:callback1).and_raise("a failure")
+        @resource.class.send(:define_method, :callback1) { raise "a failure" }
         expect(@manager).to receive(:queued_events).and_yield(:callback1, [@event])
       end
@@ -323,16 +330,12 @@ describe Puppet::Transaction::EventManager do
   describe "when queueing then processing events for a given resource" do
     before do
-      @transaction = Puppet::Transaction.new(Puppet::Resource::Catalog.new, nil, nil)
-      @manager = Puppet::Transaction::EventManager.new(@transaction)
+      @catalog = Puppet::Resource::Catalog.new
+      @target = Puppet::Type.type(:exec).new(name: 'target', path: ENV['PATH'])
+      @resource = Puppet::Type.type(:exec).new(name: 'resource', path: ENV['PATH'], notify: @target)
+      @catalog.add_resource(@resource, @target)
-      @resource = Puppet::Type.type(:file).new :path => make_absolute("/my/file")
-      @target = Puppet::Type.type(:file).new :path => make_absolute("/your/file")
-      @graph = allow('graph')
-      allow(@graph).to receive(:matching_edges).and_return([])
-      allow(@graph).to receive(:matching_edges).with(anything, @resource).and_return([double('edge', :target => @target, :callback => :refresh)])
-      allow(@manager).to receive(:relationship_graph).and_return(@graph)
+      @manager = Puppet::Transaction::EventManager.new(Puppet::Transaction.new(@catalog, nil, nil))
       @event  = Puppet::Transaction::Event.new(:name => :notify, :resource => @target)
       @event2 = Puppet::Transaction::Event.new(:name => :service_start, :resource => @target, :invalidate_refreshes => true)

data/spec/unit/transaction_spec.rb CHANGED Viewed

@@ -20,6 +20,19 @@ describe Puppet::Transaction do
     transaction
   end
+  before(:all) do
+    Puppet::Type.newtype(:transaction_generator) do
+      newparam(:name) { isnamevar }
+      def generate
+      end
+    end
+  end
+  after(:all) do
+    Puppet::Type.rmtype(:transaction_generator)
+  end
   before do
     @basepath = make_absolute("/what/ever")
     @transaction = Puppet::Transaction.new(Puppet::Resource::Catalog.new, nil, Puppet::Graph::SequentialPrioritizer.new)
@@ -323,9 +336,9 @@ describe Puppet::Transaction do
   describe "when generating resources before traversal" do
     let(:catalog) { Puppet::Resource::Catalog.new }
     let(:transaction) { Puppet::Transaction.new(catalog, nil, Puppet::Graph::SequentialPrioritizer.new) }
-    let(:generator) { Puppet::Type.type(:notify).new :title => "generator" }
+    let(:generator) { Puppet::Type.type(:transaction_generator).new :title => "generator" }
     let(:generated) do
-      %w[a b c].map { |name| Puppet::Type.type(:notify).new(:name => name) }
+      %w[a b c].map { |name| Puppet::Type.type(:transaction_generator).new(:name => name) }
     end
     before :each do
@@ -666,7 +679,7 @@ describe Puppet::Transaction do
         end
         describe "and new resources are generated" do
-          let(:generator) { Puppet::Type.type(:notify).new :title => "generator" }
+          let(:generator) { Puppet::Type.type(:transaction_generator).new :title => "generator" }
           let(:generated) do
             %w[a b c].map { |name| Puppet::Type.type(:package).new :title => "foo", :name => name, :provider => :apt }
           end
@@ -780,13 +793,8 @@ describe Puppet::Transaction do
     end
     it "should call Selinux.matchpathcon_fini in case Selinux is enabled ", :if => Puppet.features.posix? do
-      unless defined?(Selinux)
-        module Selinux
-          def self.is_selinux_enabled
-            true
-          end
-        end
-      end
+      selinux = double('selinux', is_selinux_enabled: true, matchpathcon_fini: nil)
+      stub_const('Selinux', selinux)
       resource = Puppet::Type.type(:file).new(:path => make_absolute("/tmp/foo"))
       transaction = transaction_with_resource(resource)
@@ -828,7 +836,6 @@ describe Puppet::Transaction do
       before do
         @resource = Puppet::Type.type(:notify).new :title => "foobar"
         @catalog.add_resource @resource
-        allow(@transaction).to receive(:add_dynamically_generated_resources)
       end
       it 'should stop processing if :stop_processing? is true' do

data/spec/unit/type/file/content_spec.rb CHANGED Viewed

@@ -11,7 +11,6 @@ describe Puppet::Type.type(:file).attrclass(:content), :uses_checksums => true d
   before do
     File.open(filename, 'w') {|f| f.write "initial file content"}
-    allow(described_class).to receive(:standalone?).and_return(false)
   end
   around do |example|

data/spec/unit/type/file/selinux_spec.rb CHANGED Viewed

@@ -7,10 +7,8 @@ require 'spec_helper'
     before do
       @path = make_absolute("/my/file")
-      @resource = Puppet::Type.type(:file).new :path => @path
+      @resource = Puppet::Type.type(:file).new(:path => @path, :ensure => :file)
       @sel = property.new :resource => @resource
-      allow(@sel).to receive(:normalize_selinux_category).with("s0").and_return("s0")
-      allow(@sel).to receive(:normalize_selinux_category).with(nil).and_return(nil)
     end
     it "retrieve on #{param} should return :absent if the file isn't statable" do
@@ -52,13 +50,13 @@ require 'spec_helper'
     end
     it "should handle no default gracefully" do
-      expect(@sel).to receive(:get_selinux_default_context).with(@path).and_return(nil)
+      expect(@sel).to receive(:get_selinux_default_context).with(@path, :file).and_return(nil)
       expect(@sel.default).to be_nil
     end
     it "should be able to detect matchpathcon defaults" do
       allow(@sel).to receive(:debug)
-      expect(@sel).to receive(:get_selinux_default_context).with(@path).and_return("user_u:role_r:type_t:s0")
+      expect(@sel).to receive(:get_selinux_default_context).with(@path, :file).and_return("user_u:role_r:type_t:s0")
       expectedresult = case param
         when :seluser; "user_u"
         when :selrole; "role_r"

data/spec/unit/type/file_spec.rb CHANGED Viewed

@@ -344,12 +344,6 @@ describe Puppet::Type.type(:file) do
   end
   describe "#flush" do
-    it "should flush all properties that respond to :flush" do
-      file[:source] = File.expand_path(__FILE__)
-      expect(file.parameter(:source)).to receive(:flush)
-      file.flush
-    end
     it "should reset its stat reference" do
       FileUtils.touch(path)
       stat1 = file.stat

data/spec/unit/type/group_spec.rb CHANGED Viewed

@@ -60,9 +60,12 @@ describe Puppet::Type.type(:group) do
   end
   it "delegates the existence check to its provider" do
-    provider = @class.provide(:testing) {}
+    provider = @class.provide(:testing) do
+      def exists?
+        true
+      end
+    end
     provider_instance = provider.new
-    expect(provider_instance).to receive(:exists?).and_return(true)
     type = @class.new(:name => "group", :provider => provider_instance)
@@ -77,20 +80,24 @@ describe Puppet::Type.type(:group) do
         def members
           []
         end
+        def members_insync?(current, should)
+          current == should
+        end
+        def members_to_s(values)
+          values.map { |v| "#{v} ()" }.join(', ')
+        end
       end
     end
     let (:provider_instance) { provider.new }
     let (:type) { @class.new(:name => "group", :provider => provider_instance, :members => ['user1']) }
     it "insync? calls members_insync?" do
-      expect(provider_instance).to receive(:members_insync?).with(['user1'], ['user1']).and_return(true)
       expect(type.property(:members).insync?(['user1'])).to be_truthy
     end
     it "is_to_s and should_to_s call members_to_s" do
-      expect(provider_instance).to receive(:members_to_s).with(['user1', 'user2']).and_return("user1 (), user2 ()")
-      expect(provider_instance).to receive(:members_to_s).with(['user1']).and_return("user1 ()")
       expect(type.property(:members).is_to_s('user1')).to eq('user1 ()')
       expect(type.property(:members).should_to_s('user1,user2')).to eq('user1 (), user2 ()')
     end

data/spec/unit/type/resources_spec.rb CHANGED Viewed

@@ -6,6 +6,9 @@ Puppet::Type.newtype(:purgeable_test) do
   newparam(:name) {}
 end
 Puppet::Type.type(:purgeable_test).provide(:purgeable_test) do
+  def self.instances
+    []
+  end
 end
 resources = Puppet::Type.type(:resources)
@@ -46,19 +49,16 @@ describe resources do
     end
     it "cannot be set to true for a resource type that does not accept ensure" do
-      allow(instance.resource_type).to receive(:respond_to?).and_return(true)
-      allow(instance.resource_type).to receive(:validproperty?).and_return(false)
-      expect { instance[:purge] = 'yes' }.to raise_error Puppet::Error
+      allow(instance.resource_type).to receive(:validproperty?).with(:ensure).and_return(false)
+      expect { instance[:purge] = 'yes' }.to raise_error Puppet::Error, /Purging is only supported on types that accept 'ensure'/
     end
     it "cannot be set to true for a resource type that does not have instances" do
-      allow(instance.resource_type).to receive(:respond_to?).and_return(false)
-      allow(instance.resource_type).to receive(:validproperty?).and_return(true)
-      expect { instance[:purge] = 'yes' }.to raise_error Puppet::Error
+      allow(instance.resource_type).to receive(:respond_to?).with(:instances).and_return(false)
+      expect { instance[:purge] = 'yes' }.to raise_error Puppet::Error, /Purging resources of type file is not supported/
     end
     it "can be set to true for a resource type that has instances and can accept ensure" do
-      allow(instance.resource_type).to receive(:respond_to?).and_return(true)
       allow(instance.resource_type).to receive(:validproperty?).and_return(true)
       expect { instance[:purge] = 'yes' }.to_not raise_error
     end

data/spec/unit/type/service_spec.rb CHANGED Viewed

@@ -72,50 +72,65 @@ describe test_title, "when validating attribute values" do
       allow(@provider.class).to receive(:supports_parameter?).and_return(true)
     end
-    it "should support :true as a value" do
-      srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :true)
-      expect(srv.should(:enable)).to eq(:true)
-    end
+    describe "for value without required features" do
+      before :each do
+        allow(@provider).to receive(:satisfies?)
+      end
-    it "should support :false as a value" do
-      srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :false)
-      expect(srv.should(:enable)).to eq(:false)
-    end
+      it "should not support :mask as a value" do
+        expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :mask) }.to raise_error(
+          Puppet::ResourceError,
+          /Provider .+ must have features 'maskable' to set 'enable' to 'mask'/
+        )
+      end
-    it "should support :mask as a value" do
-      srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :mask)
-      expect(srv.should(:enable)).to eq(:mask)
-    end
+      it "should not support :manual as a value" do
+        expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :manual) }.to raise_error(
+          Puppet::ResourceError,
+          /Provider .+ must have features 'manual_startable' to set 'enable' to 'manual'/
+        )
+      end
-    it "should support :manual as a value on Windows" do
-      allow(Puppet::Util::Platform).to receive(:windows?).and_return(true)
-      srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :manual)
-      expect(srv.should(:enable)).to eq(:manual)
+      it "should not support :mask as a value" do
+        expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed) }.to raise_error(
+          Puppet::ResourceError,
+          /Provider .+ must have features 'delayed_startable' to set 'enable' to 'delayed'/
+        )
+      end
     end
-    it "should support :delayed as a value on Windows" do
-      allow(Puppet::Util::Platform).to receive(:windows?).and_return(true)
+    describe "for value with required features" do
+      before :each do
+        allow(@provider).to receive(:satisfies?).and_return(:true)
+      end
-      srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed)
-      expect(srv.should(:enable)).to eq(:delayed)
-    end
+      it "should support :true as a value" do
+        srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :true)
+        expect(srv.should(:enable)).to eq(:true)
+      end
-    it "should not support :manual as a value when not on Windows" do
-      allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
+      it "should support :false as a value" do
+        srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :false)
+        expect(srv.should(:enable)).to eq(:false)
+      end
-      expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :manual) }.to raise_error(
-        Puppet::Error,
-        /Setting enable to manual is only supported on Microsoft Windows\./
-      )
-    end
+      it "should support :mask as a value" do
+        srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :mask)
+        expect(srv.should(:enable)).to eq(:mask)
+      end
-    it "should not support :delayed as a value when not on Windows" do
-      allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
+      it "should support :manual as a value on Windows" do
+        allow(Puppet::Util::Platform).to receive(:windows?).and_return(true)
+        srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :manual)
+        expect(srv.should(:enable)).to eq(:manual)
+      end
-      expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed) }.to raise_error(
-        Puppet::Error,
-        /Setting enable to delayed is only supported on Microsoft Windows\./
-      )
+      it "should support :delayed as a value on Windows" do
+        allow(Puppet::Util::Platform).to receive(:windows?).and_return(true)
+        srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed)
+        expect(srv.should(:enable)).to eq(:delayed)
+      end
     end
   end
@@ -150,105 +165,24 @@ describe test_title, "when validating attribute values" do
       provider_class_with_logon_credentials = Puppet::Type.type(:service).provide(:simple) do
         has_features :manages_logon_credentials
         def logonpassword=(value) end
+        def logonaccount_insync?(current) end
       end
       allow(Puppet::Type.type(:service)).to receive(:defaultprovider).and_return(provider_class_with_logon_credentials)
     end
     describe "the 'logonaccount' property" do
-      it "should not be munged nor checked when not on Windows" do
-        allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
-        service = Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'NonWindowsUser')
+      let(:service) {Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser')}
-        expect { service }.not_to raise_error
-        expect(service[:logonaccount]).to eq('NonWindowsUser')
+      it "should let superclass implementation resolve insyncness when provider does not respond to the 'logonaccount_insync?' method" do
+        allow(service.provider).to receive(:respond_to?).with(:logonaccount_insync?).and_return(false)
+        expect(service.property(:logonaccount).insync?('myUser')).to eq(true)
       end
-      context "when on Windows", :if => Puppet::Util::Platform.windows? do
-        before do
-          allow(Puppet::Util::Windows::User).to receive(:password_is?).and_return(true)
-          allow(Puppet::Util::Windows::ADSI).to receive(:computer_name).and_return("myPC")
-          allow(Puppet::Util::Windows::User).to receive(:get_rights).and_return('SeServiceLogonRight')
-        end
-        it "should fail when the `Log On As A Service` right is missing from given user" do
-          allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("myUser", nil, nil, "myPC", :SidTypeUser))
-          allow(Puppet::Util::Windows::User).to receive(:get_rights).with('myPC\\myUser').and_return("")
-          expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser') }.to raise_error(Puppet::Error, /"myPC\\myUser" is missing the 'Log On As A Service' right./)
-        end
-        it "should fail when the `Log On As A Service` right is set to denied for given user" do
-          allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("myUser", nil, nil, "myPC", :SidTypeUser))
-          allow(Puppet::Util::Windows::User).to receive(:get_rights).with('myPC\\myUser').and_return("SeDenyServiceLogonRight")
-          expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser') }.to raise_error(Puppet::Error, /"myPC\\myUser" has the 'Log On As A Service' right set to denied./)
-        end
-        it "should not fail when given user has the `Log On As A Service` right" do
-          allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("myUser", nil, nil, "myPC", :SidTypeUser))
-          allow(Puppet::Util::Windows::User).to receive(:get_rights).with('myPC\\myUser').and_return("SeServiceLogonRight")
-          expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser') }.not_to raise_error
-        end
-        it "should not fail when given user is a default system account even if the `Log On As A Service` right is missing" do
-          allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("LOCAL SERVICE", nil, nil, "NT AUTHORITY", :SidTypeUser))
-          allow(Puppet::Util::Windows::User).to receive(:default_system_account?).and_return(true)
-          expect(Puppet::Util::Windows::User).not_to receive(:get_rights)
-          expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser') }.not_to raise_error
-        end
-        ['LocalSystem', '.\LocalSystem', 'myPC\LocalSystem', 'lOcALsysTem'].each do |user_input|
-          it "should succesfully munge #{user_input} to 'LocalSystem'" do
-            service = Puppet::Type.type(:service).new(:name => "yay", :logonaccount => user_input)
-            expect { service }.not_to raise_error
-            expect(service[:logonaccount]).to eq('LocalSystem')
-          end
-        end
-        it "should succesfully munge local account" do
-          allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("myUser", nil, nil, "myPC", :SidTypeUser))
-          service = Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser')
-          expect { service }.not_to raise_error
-          expect(service[:logonaccount]).to eq('.\myUser')
-        end
-        it "should succesfully munge domain account" do
-          allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("DomainUser", nil, nil, "myDomain", :SidTypeUser))
-          service = Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'DomainUser')
-          expect { service }.not_to raise_error
-          expect(service[:logonaccount]).to eq('myDomain\DomainUser')
-        end
-        it "should succesfully munge well known user" do
-          allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("LOCAL SERVICE", nil, nil, "NT AUTHORITY", :SidTypeWellKnownGroup))
-          service = Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'LocalService')
-          expect { service }.not_to raise_error
-          expect(service[:logonaccount]).to eq('NT AUTHORITY\LOCAL SERVICE')
-        end
-        it "should succesfully munge a SID" do
-          allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("NETWORK SERVICE", nil, nil, "NT AUTHORITY", :SidTypeUser))
-          service = Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'S-1-5-20')
-          expect { service }.not_to raise_error
-          expect(service[:logonaccount]).to eq('NT AUTHORITY\NETWORK SERVICE')
-        end
-        it "should fail when account is invalid" do
-          allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(nil)
-          expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'InvalidUser') }.to raise_error(Puppet::Error, /"InvalidUser" is not a valid account/)
-        end
-        it "should fail when sid type is not user or well known user" do
-          allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("Administrators", nil, nil, "BUILTIN", :SidTypeAlias))
-          expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'Administrators') }.to raise_error(Puppet::Error, /"Administrators" is not a valid account/)
-        end
+      it "should let provider resolve insyncness when provider responds to the 'logonaccount_insync?' method" do
+        allow(service.provider).to receive(:respond_to?).with(:logonaccount_insync?, any_args).and_return(true)
+        allow(service.provider).to receive(:logonaccount_insync?).and_return(false)
+        expect(service.property(:logonaccount).insync?('myUser')).to eq(false)
       end
     end
@@ -258,7 +192,6 @@ describe test_title, "when validating attribute values" do
       end
       it "should default to empty string when only logonaccount is being managed" do
-        allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
         service = Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser')
         expect { service }.not_to raise_error
@@ -271,70 +204,8 @@ describe test_title, "when validating attribute values" do
       end
       it "should fail when logonpassword includes the ':' character" do
-        allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
         expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser', :logonpassword => 'my:Pass') }.to raise_error(Puppet::Error, /Passwords cannot include ':'/)
       end
-      it "should not further check the password against given account when not on Windows" do
-        allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
-        expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser', :logonpassword => 'myPass') }.not_to raise_error
-      end
-      context "when on Windows", :if => Puppet::Util::Platform.windows? do
-        before do
-          allow(Puppet::Util::Windows::ADSI).to receive(:computer_name).and_return("myPC")
-          allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(name_to_principal_result)
-          allow(Puppet::Util::Windows::User).to receive(:get_rights).and_return('SeServiceLogonRight')
-        end
-        it "should pass validation when given account is 'LocalSystem'" do
-          allow(Puppet::Util::Windows::User).to receive(:localsystem?).with('LocalSystem').and_return(true)
-          allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with('LocalSystem').and_return(false)
-          expect(Puppet::Util::Windows::SID).not_to receive(:name_to_principal)
-          expect(Puppet::Util::Windows::User).not_to receive(:password_is?)
-          expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'LocalSystem') }.not_to raise_error
-        end
-        ['LOCAL SERVICE', 'NETWORK SERVICE', 'SYSTEM'].each do |predefined_local_account|
-          describe "when given account is #{predefined_local_account}" do
-            let(:name_to_principal_result) do
-              Puppet::Util::Windows::SID::Principal.new(predefined_local_account, nil, nil, "NT AUTHORITY", :SidTypeUser)
-            end
-            it "should pass validation" do
-              allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(predefined_local_account).and_return(false)
-              expect(Puppet::Util::Windows::User).to receive(:default_system_account?).with(predefined_local_account).and_return(true)
-              expect(Puppet::Util::Windows::User).to receive(:default_system_account?).with("NT AUTHORITY\\#{predefined_local_account}").and_return(true)
-              expect(Puppet::Util::Windows::User).not_to receive(:password_is?)
-              expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => predefined_local_account) }.not_to raise_error
-            end
-          end
-        end
-        let(:name_to_principal_result) do
-          Puppet::Util::Windows::SID::Principal.new("myUser", nil, nil, "myPC", :SidTypeUser)
-        end
-        describe "when given logonaccount is not a predefined local account" do
-          before do
-            allow(Puppet::Util::Windows::User).to receive(:localsystem?).with('myUser').and_return(false)
-            allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with('myUser').and_return(false)
-            allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with('.\\myUser').and_return(false)
-          end
-          it "should pass validation if password is proven correct" do
-            allow(Puppet::Util::Windows::User).to receive(:password_is?).with('myUser', 'myPass', '.').and_return(true)
-            expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser', :logonpassword => 'myPass') }.not_to raise_error
-          end
-          it "should not pass validation if password check fails" do
-            allow(Puppet::Util::Windows::User).to receive(:password_is?).with('myUser', 'myWrongPass', '.').and_return(false)
-            expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser', :logonpassword => 'myWrongPass') }.to raise_error(Puppet::Error, /The given password is invalid for user '.\\myUser'/)
-          end
-        end
-      end
     end
   end
@@ -488,7 +359,7 @@ describe test_title, "when changing the host" do
   it "insyncness should be resolved by provider instead of superclass implementation when provider responds to the 'enabled_insync?' method" do
     allow(@service.provider.class).to receive(:supports_parameter?).and_return(true)
     @service[:enable] = true
-    allow(@service.provider).to receive(:respond_to?).with(:enabled_insync?).and_return(true)
+    allow(@service.provider).to receive(:respond_to?).with(:enabled_insync?, any_args).and_return(true)
     allow(@service.provider).to receive(:enabled_insync?).and_return(false)
     expect(@service.property(:enable).insync?(:true)).to eq(false)