RubyGems - puppet - Versions diffs - 6.19.1 → 6.23.0 - Mend

puppet 6.19.1 → 6.23.0

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (293) hide show

checksums.yaml +4 -4
data/CODEOWNERS +2 -16
data/Gemfile +3 -1
data/Gemfile.lock +51 -40
data/ext/osx/puppet.plist +2 -0
data/ext/project_data.yaml +2 -2
data/lib/puppet/application.rb +10 -6
data/lib/puppet/application/agent.rb +12 -4
data/lib/puppet/application/apply.rb +4 -2
data/lib/puppet/application/device.rb +2 -0
data/lib/puppet/application/filebucket.rb +2 -2
data/lib/puppet/application/resource.rb +2 -1
data/lib/puppet/application/script.rb +2 -0
data/lib/puppet/application/ssl.rb +11 -0
data/lib/puppet/application_support.rb +7 -0
data/lib/puppet/configurer.rb +28 -18
data/lib/puppet/configurer/downloader.rb +2 -1
data/lib/puppet/defaults.rb +51 -23
data/lib/puppet/environments.rb +54 -55
data/lib/puppet/face/config.rb +10 -0
data/lib/puppet/face/epp.rb +12 -2
data/lib/puppet/face/facts.rb +158 -0
data/lib/puppet/ffi/posix.rb +10 -0
data/lib/puppet/ffi/posix/constants.rb +14 -0
data/lib/puppet/ffi/posix/functions.rb +24 -0
data/lib/puppet/file_serving/fileset.rb +14 -2
data/lib/puppet/file_system/memory_file.rb +8 -1
data/lib/puppet/file_system/windows.rb +2 -0
data/lib/puppet/functions/all.rb +1 -1
data/lib/puppet/functions/camelcase.rb +1 -1
data/lib/puppet/functions/capitalize.rb +2 -2
data/lib/puppet/functions/downcase.rb +2 -2
data/lib/puppet/functions/epp.rb +1 -0
data/lib/puppet/functions/get.rb +5 -5
data/lib/puppet/functions/group_by.rb +13 -5
data/lib/puppet/functions/inline_epp.rb +1 -0
data/lib/puppet/functions/lest.rb +1 -1
data/lib/puppet/functions/new.rb +100 -100
data/lib/puppet/functions/partition.rb +12 -4
data/lib/puppet/functions/require.rb +5 -5
data/lib/puppet/functions/sort.rb +3 -3
data/lib/puppet/functions/tree_each.rb +7 -9
data/lib/puppet/functions/type.rb +4 -4
data/lib/puppet/functions/upcase.rb +2 -2
data/lib/puppet/http/resolver/server_list.rb +15 -4
data/lib/puppet/http/service/compiler.rb +69 -0
data/lib/puppet/http/service/file_server.rb +2 -1
data/lib/puppet/indirector/catalog/compiler.rb +1 -0
data/lib/puppet/indirector/fact_search.rb +60 -0
data/lib/puppet/indirector/facts/facter.rb +24 -3
data/lib/puppet/indirector/facts/json.rb +27 -0
data/lib/puppet/indirector/facts/yaml.rb +3 -58
data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
data/lib/puppet/indirector/json.rb +5 -1
data/lib/puppet/indirector/node/json.rb +8 -0
data/lib/puppet/indirector/report/json.rb +34 -0
data/lib/puppet/module_tool/applications/installer.rb +48 -2
data/lib/puppet/module_tool/errors/shared.rb +17 -2
data/lib/puppet/network/formats.rb +69 -1
data/lib/puppet/network/http/factory.rb +4 -0
data/lib/puppet/pal/pal_impl.rb +70 -17
data/lib/puppet/parser/ast/leaf.rb +3 -2
data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
data/lib/puppet/parser/templatewrapper.rb +1 -1
data/lib/puppet/pops/evaluator/deferred_resolver.rb +5 -3
data/lib/puppet/pops/evaluator/evaluator_impl.rb +22 -3
data/lib/puppet/pops/model/ast_transformer.rb +1 -1
data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
data/lib/puppet/property/list.rb +1 -1
data/lib/puppet/provider/group/groupadd.rb +13 -8
data/lib/puppet/provider/package/apt.rb +34 -2
data/lib/puppet/provider/package/aptitude.rb +6 -0
data/lib/puppet/provider/package/dnfmodule.rb +1 -1
data/lib/puppet/provider/package/nim.rb +11 -6
data/lib/puppet/provider/service/debian.rb +2 -0
data/lib/puppet/provider/service/systemd.rb +14 -4
data/lib/puppet/provider/service/windows.rb +38 -0
data/lib/puppet/provider/user/aix.rb +2 -2
data/lib/puppet/provider/user/directoryservice.rb +25 -12
data/lib/puppet/provider/user/useradd.rb +62 -8
data/lib/puppet/reference/configuration.rb +7 -6
data/lib/puppet/settings.rb +33 -28
data/lib/puppet/settings/alias_setting.rb +37 -0
data/lib/puppet/settings/base_setting.rb +26 -2
data/lib/puppet/settings/environment_conf.rb +1 -0
data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
data/lib/puppet/type/file.rb +19 -1
data/lib/puppet/type/file/selcontext.rb +1 -1
data/lib/puppet/type/package.rb +3 -3
data/lib/puppet/type/service.rb +18 -38
data/lib/puppet/type/tidy.rb +21 -2
data/lib/puppet/type/user.rb +38 -20
data/lib/puppet/util/autoload.rb +1 -8
data/lib/puppet/util/fact_dif.rb +81 -0
data/lib/puppet/util/monkey_patches.rb +7 -0
data/lib/puppet/util/posix.rb +54 -5
data/lib/puppet/util/rubygems.rb +5 -1
data/lib/puppet/util/selinux.rb +30 -4
data/lib/puppet/util/windows/adsi.rb +46 -0
data/lib/puppet/util/windows/api_types.rb +1 -1
data/lib/puppet/util/windows/principal.rb +9 -2
data/lib/puppet/util/windows/service.rb +1 -1
data/lib/puppet/util/windows/sid.rb +4 -2
data/lib/puppet/version.rb +1 -1
data/locales/puppet.pot +372 -288
data/man/man5/puppet.conf.5 +282 -254
data/man/man8/puppet-agent.8 +2 -2
data/man/man8/puppet-apply.8 +2 -2
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +2 -2
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +90 -1
data/man/man8/puppet-filebucket.8 +3 -3
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +1 -1
data/man/man8/puppet-node.8 +4 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +4 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +2 -2
data/man/man8/puppet-ssl.8 +5 -1
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +91 -0
data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
data/spec/fixtures/ssl/ca.pem +57 -35
data/spec/fixtures/ssl/crl.pem +28 -18
data/spec/fixtures/ssl/ec-key.pem +11 -11
data/spec/fixtures/ssl/ec.pem +33 -24
data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
data/spec/fixtures/ssl/encrypted-key.pem +108 -58
data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
data/spec/fixtures/ssl/intermediate.pem +57 -36
data/spec/fixtures/ssl/pluto-key.pem +107 -57
data/spec/fixtures/ssl/pluto.pem +52 -30
data/spec/fixtures/ssl/request-key.pem +107 -57
data/spec/fixtures/ssl/request.pem +47 -26
data/spec/fixtures/ssl/revoked-key.pem +107 -57
data/spec/fixtures/ssl/revoked.pem +52 -30
data/spec/fixtures/ssl/signed-key.pem +107 -57
data/spec/fixtures/ssl/signed.pem +52 -30
data/spec/fixtures/ssl/tampered-cert.pem +52 -30
data/spec/fixtures/ssl/tampered-csr.pem +47 -26
data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
data/spec/fixtures/ssl/unknown-ca.pem +55 -33
data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +4 -0
data/spec/integration/application/agent_spec.rb +160 -3
data/spec/integration/application/apply_spec.rb +19 -0
data/spec/integration/application/plugin_spec.rb +1 -1
data/spec/integration/application/resource_spec.rb +30 -0
data/spec/integration/defaults_spec.rb +0 -7
data/spec/integration/environments/setting_hooks_spec.rb +1 -1
data/spec/integration/http/client_spec.rb +12 -0
data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
data/spec/integration/resource/type_collection_spec.rb +2 -6
data/spec/integration/transaction_spec.rb +4 -9
data/spec/integration/util/windows/adsi_spec.rb +21 -1
data/spec/integration/util/windows/principal_spec.rb +21 -0
data/spec/integration/util/windows/registry_spec.rb +6 -10
data/spec/lib/puppet/test_ca.rb +2 -2
data/spec/lib/puppet_spec/settings.rb +6 -1
data/spec/spec_helper.rb +12 -5
data/spec/unit/agent_spec.rb +8 -6
data/spec/unit/application/agent_spec.rb +7 -3
data/spec/unit/application/config_spec.rb +224 -4
data/spec/unit/application/facts_spec.rb +482 -3
data/spec/unit/application/filebucket_spec.rb +0 -2
data/spec/unit/application/ssl_spec.rb +23 -0
data/spec/unit/application_spec.rb +51 -9
data/spec/unit/configurer/downloader_spec.rb +6 -0
data/spec/unit/configurer_spec.rb +23 -0
data/spec/unit/confine/feature_spec.rb +1 -1
data/spec/unit/confine_spec.rb +8 -2
data/spec/unit/defaults_spec.rb +36 -1
data/spec/unit/environments_spec.rb +221 -68
data/spec/unit/face/config_spec.rb +27 -32
data/spec/unit/face/facts_spec.rb +4 -0
data/spec/unit/face/node_spec.rb +0 -11
data/spec/unit/file_serving/configuration/parser_spec.rb +0 -1
data/spec/unit/file_serving/fileset_spec.rb +60 -0
data/spec/unit/file_serving/metadata_spec.rb +3 -3
data/spec/unit/file_serving/terminus_helper_spec.rb +11 -4
data/spec/unit/file_system_spec.rb +9 -0
data/spec/unit/forge/module_release_spec.rb +2 -7
data/spec/unit/functions/inline_epp_spec.rb +26 -1
data/spec/unit/gettext/config_spec.rb +12 -0
data/spec/unit/http/service/compiler_spec.rb +172 -0
data/spec/unit/http/service_spec.rb +1 -1
data/spec/unit/indirector/catalog/compiler_spec.rb +14 -10
data/spec/unit/indirector/face_spec.rb +0 -1
data/spec/unit/indirector/facts/facter_spec.rb +95 -1
data/spec/unit/indirector/facts/json_spec.rb +255 -0
data/spec/unit/indirector/file_bucket_file/selector_spec.rb +26 -8
data/spec/unit/indirector/indirection_spec.rb +8 -12
data/spec/unit/indirector/key/file_spec.rb +0 -1
data/spec/unit/indirector/node/json_spec.rb +33 -0
data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
data/spec/unit/indirector/report/yaml_spec.rb +72 -8
data/spec/unit/indirector_spec.rb +2 -2
data/spec/unit/module_tool/applications/installer_spec.rb +66 -0
data/spec/unit/network/authconfig_spec.rb +0 -3
data/spec/unit/network/formats_spec.rb +41 -0
data/spec/unit/network/http/api/indirected_routes_spec.rb +0 -9
data/spec/unit/network/http/factory_spec.rb +19 -0
data/spec/unit/network/http/handler_spec.rb +0 -5
data/spec/unit/parser/compiler_spec.rb +3 -19
data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
data/spec/unit/parser/resource_spec.rb +14 -8
data/spec/unit/parser/templatewrapper_spec.rb +4 -3
data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +20 -0
data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
data/spec/unit/property_spec.rb +1 -0
data/spec/unit/provider/group/groupadd_spec.rb +5 -2
data/spec/unit/provider/nameservice_spec.rb +66 -65
data/spec/unit/provider/package/apt_spec.rb +28 -23
data/spec/unit/provider/package/aptitude_spec.rb +1 -1
data/spec/unit/provider/package/base_spec.rb +6 -5
data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
data/spec/unit/provider/package/nim_spec.rb +42 -0
data/spec/unit/provider/package/pacman_spec.rb +18 -12
data/spec/unit/provider/package/pip_spec.rb +6 -11
data/spec/unit/provider/package/pkgdmg_spec.rb +0 -4
data/spec/unit/provider/service/init_spec.rb +1 -0
data/spec/unit/provider/service/openwrt_spec.rb +3 -1
data/spec/unit/provider/service/systemd_spec.rb +53 -8
data/spec/unit/provider/service/windows_spec.rb +202 -0
data/spec/unit/provider/user/aix_spec.rb +5 -0
data/spec/unit/provider/user/directoryservice_spec.rb +67 -35
data/spec/unit/provider/user/hpux_spec.rb +1 -1
data/spec/unit/provider/user/pw_spec.rb +2 -0
data/spec/unit/provider/user/useradd_spec.rb +71 -3
data/spec/unit/provider_spec.rb +8 -10
data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
data/spec/unit/resource/capability_finder_spec.rb +6 -1
data/spec/unit/resource/catalog_spec.rb +1 -1
data/spec/unit/resource/type_spec.rb +1 -1
data/spec/unit/resource_spec.rb +11 -10
data/spec/unit/settings_spec.rb +419 -242
data/spec/unit/ssl/base_spec.rb +0 -1
data/spec/unit/ssl/host_spec.rb +0 -5
data/spec/unit/ssl/ssl_provider_spec.rb +14 -8
data/spec/unit/ssl/state_machine_spec.rb +19 -5
data/spec/unit/transaction/additional_resource_generator_spec.rb +3 -9
data/spec/unit/transaction/event_manager_spec.rb +14 -11
data/spec/unit/transaction_spec.rb +18 -11
data/spec/unit/type/file/content_spec.rb +0 -1
data/spec/unit/type/file/selinux_spec.rb +3 -5
data/spec/unit/type/file_spec.rb +0 -6
data/spec/unit/type/group_spec.rb +13 -6
data/spec/unit/type/resources_spec.rb +7 -7
data/spec/unit/type/service_spec.rb +60 -189
data/spec/unit/type/tidy_spec.rb +17 -8
data/spec/unit/type/user_spec.rb +45 -0
data/spec/unit/type_spec.rb +2 -2
data/spec/unit/util/at_fork_spec.rb +2 -2
data/spec/unit/util/autoload_spec.rb +5 -1
data/spec/unit/util/backups_spec.rb +1 -2
data/spec/unit/util/execution_spec.rb +15 -11
data/spec/unit/util/inifile_spec.rb +6 -14
data/spec/unit/util/log_spec.rb +8 -7
data/spec/unit/util/logging_spec.rb +3 -3
data/spec/unit/util/posix_spec.rb +363 -15
data/spec/unit/util/rubygems_spec.rb +2 -2
data/spec/unit/util/selinux_spec.rb +163 -68
data/spec/unit/util/storage_spec.rb +3 -1
data/spec/unit/util/suidmanager_spec.rb +44 -41
data/spec/unit/util/windows/sid_spec.rb +6 -0
data/spec/unit/util_spec.rb +13 -6
data/tasks/generate_cert_fixtures.rake +2 -2
metadata +25 -14
data/spec/integration/application/config_spec.rb +0 -74
data/spec/lib/matchers/include.rb +0 -27
data/spec/lib/matchers/include_spec.rb +0 -32
data/spec/unit/face/catalog_spec.rb +0 -6
data/spec/unit/face/module_spec.rb +0 -3

data/spec/unit/type/tidy_spec.rb CHANGED Viewed

@@ -191,22 +191,31 @@ describe tidy do
     describe "and recursion is used" do
       before do
         @tidy[:recurse] = true
-        allow_any_instance_of(Puppet::FileServing::Fileset).to receive(:stat).and_return(double("stat"))
         @fileset = Puppet::FileServing::Fileset.new(@basepath)
         allow(Puppet::FileServing::Fileset).to receive(:new).and_return(@fileset)
       end
-      it "should use a Fileset for infinite recursion" do
-        expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true).and_return(@fileset)
+      it "should use a Fileset with default max_files for infinite recursion" do
+        expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true, :max_files=>0).and_return(@fileset)
         expect(@fileset).to receive(:files).and_return(%w{. one two})
         allow(@tidy).to receive(:tidy?).and_return(false)
         @tidy.generate
       end
-      it "should use a Fileset for limited recursion" do
+      it "should use a Fileset with default max_files for limited recursion" do
         @tidy[:recurse] = 42
-        expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true, :recurselimit => 42).and_return(@fileset)
+        expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true, :recurselimit => 42, :max_files=>0).and_return(@fileset)
+        expect(@fileset).to receive(:files).and_return(%w{. one two})
+        allow(@tidy).to receive(:tidy?).and_return(false)
+        @tidy.generate
+      end
+      it "should use a Fileset with max_files for limited recursion" do
+        @tidy[:recurse] = 42
+        @tidy[:max_files] = 9876
+        expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true, :recurselimit => 42, :max_files=>9876).and_return(@fileset)
         expect(@fileset).to receive(:files).and_return(%w{. one two})
         allow(@tidy).to receive(:tidy?).and_return(false)
@@ -412,7 +421,7 @@ describe tidy do
       @tidy[:recurse] = true
       @tidy[:rmdirs] = true
       fileset = double('fileset')
-      expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true).and_return(fileset)
+      expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true, :max_files=>0).and_return(fileset)
       expect(fileset).to receive(:files).and_return(%w{. one two one/subone two/subtwo one/subone/ssone})
       allow(@tidy).to receive(:tidy?).and_return(true)
@@ -434,7 +443,7 @@ describe tidy do
       @tidy[:recurse] = true
       @tidy[:rmdirs] = true
       fileset = double('fileset')
-      expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true).and_return(fileset)
+      expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true, :max_files=>0).and_return(fileset)
       expect(fileset).to receive(:files).and_return(%w{. a a/2 a/1 a/3})
       allow(@tidy).to receive(:tidy?).and_return(true)
@@ -447,7 +456,7 @@ describe tidy do
       @tidy[:noop] = true
       fileset = double('fileset')
-      expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true).and_return(fileset)
+      expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true, :max_files=>0).and_return(fileset)
       expect(fileset).to receive(:files).and_return(%w{. a a/2 a/1 a/3})
       allow(@tidy).to receive(:tidy?).and_return(true)

data/spec/unit/type/user_spec.rb CHANGED Viewed

@@ -174,6 +174,51 @@ describe Puppet::Type.type(:user) do
     end
   end
+  describe "when managing the purge_ssh_keys property" do
+    context "with valid input" do
+      it "should support a :true value" do
+        expect { described_class.new(:name => 'foo', :purge_ssh_keys => :true) }.to_not raise_error
+      end
+      it "should support a :false value" do
+        expect { described_class.new(:name => 'foo', :purge_ssh_keys => :false) }.to_not raise_error
+      end
+      it "should support a String value" do
+        expect { described_class.new(:name => 'foo', :purge_ssh_keys => File.expand_path('home/foo/.ssh/authorized_keys')) }.to_not raise_error
+      end
+      it "should support an Array value" do
+        expect { described_class.new(:name => 'foo', :purge_ssh_keys => [File.expand_path('home/foo/.ssh/authorized_keys'),
+          File.expand_path('custom/authorized_keys')]) }.to_not raise_error
+      end
+    end
+    context "with faulty input" do
+      it "should raise error for relative path" do
+        expect { described_class.new(:name => 'foo', :purge_ssh_keys => 'home/foo/.ssh/authorized_keys') }.to raise_error(Puppet::ResourceError,
+          /Paths to keyfiles must be absolute/ )
+      end
+      it "should raise error for invalid type" do
+        expect { described_class.new(:name => 'foo', :purge_ssh_keys => :invalid) }.to raise_error(Puppet::ResourceError,
+          /purge_ssh_keys must be true, false, or an array of file names/ )
+      end
+      it "should raise error for array with relative path" do
+        expect { described_class.new(:name => 'foo', :purge_ssh_keys => ['home/foo/.ssh/authorized_keys',
+          File.expand_path('custom/authorized_keys')]) }.to raise_error(Puppet::ResourceError,
+          /Paths to keyfiles must be absolute/ )
+      end
+      it "should raise error for array with invalid type" do
+        expect { described_class.new(:name => 'foo', :purge_ssh_keys => [:invalid,
+          File.expand_path('custom/authorized_keys')]) }.to raise_error(Puppet::ResourceError,
+          /Each entry for purge_ssh_keys must be a string/ )
+      end
+    end
+  end
   describe "when managing the uid property" do
     it "should convert number-looking strings into actual numbers" do
       expect(described_class.new(:name => 'foo', :uid => '50')[:uid]).to eq(50)

data/spec/unit/type_spec.rb CHANGED Viewed

@@ -912,8 +912,8 @@ describe Puppet::Type, :unless => Puppet::Util::Platform.windows? do
     it "should always retrieve the ensure value by default" do
       @ensurable_resource = Puppet::Type.type(:file).new(:name => "/not/existent", :mode => "0644")
-      allow(Puppet::Type::File::Ensure).to receive(:ensure).and_return(:absent)
-      expect_any_instance_of(Puppet::Type::File::Ensure).to receive(:retrieve).once
+      # the ensure property is lazily metaprogrammed...
+      allow_any_instance_of(Puppet::Type::File::Ensure).to receive(:retrieve).and_return(:absent)
       @ensurable_resource.retrieve_resource
     end

data/spec/unit/util/at_fork_spec.rb CHANGED Viewed

@@ -50,8 +50,8 @@ describe 'Puppet::Util::AtFork' do
               const_set(:TYPE_VOID,  nil)
               const_set(:TYPE_INT,   nil)
               const_set(:DLError,    Class.new(StandardError))
-              const_set(:Handle,     Class.new)
-              const_set(:Function,   Class.new)
+              const_set(:Handle,     Class.new { def initialize(library = nil, flags = 0); end })
+              const_set(:Function,   Class.new { def initialize(ptr, args, ret_type, abi = 0); end })
             end)
           end
         end

data/spec/unit/util/autoload_spec.rb CHANGED Viewed

@@ -157,7 +157,7 @@ describe Puppet::Util::Autoload do
     end
     it "should load the first file in the searchpath" do
-      allow(@autoload).to receive(:search_directories).and_return([make_absolute("/a"), make_absolute("/b")])
+      allow(@autoload.class).to receive(:search_directories).and_return([make_absolute("/a"), make_absolute("/b")])
       allow(FileTest).to receive(:directory?).and_return(true)
       allow(Puppet::FileSystem).to receive(:exist?).and_return(true)
       expect(Kernel).to receive(:load).with(make_absolute("/a/tmp/myfile.rb"), any_args)
@@ -298,6 +298,10 @@ describe Puppet::Util::Autoload do
       it "should convert c:\ to c:/" do
         expect(Puppet::Util::Autoload.cleanpath('c:\\')).to eq('c:/')
       end
+      it "should convert all backslashes to forward slashes" do
+        expect(Puppet::Util::Autoload.cleanpath('c:\projects\ruby\bug\test.rb')).to eq('c:/projects/ruby/bug/test.rb')
+      end
     end
   end

data/spec/unit/util/backups_spec.rb CHANGED Viewed

@@ -119,8 +119,7 @@ describe Puppet::Util::Backups do
       file = Puppet::Type.type(:file).new(:name => path, :backup => 'foo', :recurse => true)
       expect(bucket).not_to receive(:backup)
-      stub_file = double('file', :stat => double('stat', :ftype => 'directory'))
-      allow(Puppet::FileSystem).to receive(:new).with(path).and_return(stub_file)
+      allow(Puppet::FileSystem).to receive(:stat).with(path).and_return(double('stat', :ftype => 'directory'))
       expect(Find).not_to receive(:find)
       file.perform_backup

data/spec/unit/util/execution_spec.rb CHANGED Viewed

@@ -639,6 +639,8 @@ describe Puppet::Util::Execution, if: !Puppet::Util::Platform.jruby? do
     describe "#execute (debug logging)" do
       before :each do
+        Puppet[:log_level] = 'debug'
         stub_process_wait(0)
         if Puppet::Util::Platform.windows?
@@ -649,47 +651,47 @@ describe Puppet::Util::Execution, if: !Puppet::Util::Platform.jruby? do
       end
       it "should log if no uid or gid specified" do
-        expect(Puppet::Util::Execution).to receive(:debug).with("Executing: 'echo hello'")
+        expect(Puppet).to receive(:send_log).with(:debug, "Executing: 'echo hello'")
         Puppet::Util::Execution.execute('echo hello')
       end
       it "should log numeric uid if specified" do
-        expect(Puppet::Util::Execution).to receive(:debug).with("Executing with uid=100: 'echo hello'")
+        expect(Puppet).to receive(:send_log).with(:debug, "Executing with uid=100: 'echo hello'")
         Puppet::Util::Execution.execute('echo hello', {:uid => 100})
       end
       it "should log numeric gid if specified" do
-        expect(Puppet::Util::Execution).to receive(:debug).with("Executing with gid=500: 'echo hello'")
+        expect(Puppet).to receive(:send_log).with(:debug, "Executing with gid=500: 'echo hello'")
         Puppet::Util::Execution.execute('echo hello', {:gid => 500})
       end
       it "should log numeric uid and gid if specified" do
-        expect(Puppet::Util::Execution).to receive(:debug).with("Executing with uid=100 gid=500: 'echo hello'")
+        expect(Puppet).to receive(:send_log).with(:debug, "Executing with uid=100 gid=500: 'echo hello'")
         Puppet::Util::Execution.execute('echo hello', {:uid => 100, :gid => 500})
       end
       it "should log string uid if specified" do
-        expect(Puppet::Util::Execution).to receive(:debug).with("Executing with uid=myuser: 'echo hello'")
+        expect(Puppet).to receive(:send_log).with(:debug, "Executing with uid=myuser: 'echo hello'")
         Puppet::Util::Execution.execute('echo hello', {:uid => 'myuser'})
       end
       it "should log string gid if specified" do
-        expect(Puppet::Util::Execution).to receive(:debug).with("Executing with gid=mygroup: 'echo hello'")
+        expect(Puppet).to receive(:send_log).with(:debug, "Executing with gid=mygroup: 'echo hello'")
         Puppet::Util::Execution.execute('echo hello', {:gid => 'mygroup'})
       end
       it "should log string uid and gid if specified" do
-        expect(Puppet::Util::Execution).to receive(:debug).with("Executing with uid=myuser gid=mygroup: 'echo hello'")
+        expect(Puppet).to receive(:send_log).with(:debug, "Executing with uid=myuser gid=mygroup: 'echo hello'")
         Puppet::Util::Execution.execute('echo hello', {:uid => 'myuser', :gid => 'mygroup'})
       end
       it "should log numeric uid and string gid if specified" do
-        expect(Puppet::Util::Execution).to receive(:debug).with("Executing with uid=100 gid=mygroup: 'echo hello'")
+        expect(Puppet).to receive(:send_log).with(:debug, "Executing with uid=100 gid=mygroup: 'echo hello'")
         Puppet::Util::Execution.execute('echo hello', {:uid => 100, :gid => 'mygroup'})
       end
       it 'should redact commands in debug output when passed sensitive option' do
-        expect(Puppet::Util::Execution).to receive(:debug).with("Executing: '[redacted]'")
+        expect(Puppet).to receive(:send_log).with(:debug, "Executing: '[redacted]'")
         Puppet::Util::Execution.execute('echo hello', {:sensitive => true})
       end
     end
@@ -903,14 +905,16 @@ describe Puppet::Util::Execution, if: !Puppet::Util::Platform.jruby? do
     end
     it "should print meaningful debug message for string argument" do
-      expect(Puppet::Util::Execution).to receive(:debug).with("Executing 'echo hello'")
+      Puppet[:log_level] = 'debug'
+      expect(Puppet).to receive(:send_log).with(:debug, "Executing 'echo hello'")
       expect(Puppet::Util::Execution).to receive(:open).with('| echo hello 2>&1').and_return('hello')
       expect(Puppet::Util::Execution).to receive(:exitstatus).and_return(0)
       Puppet::Util::Execution.execpipe('echo hello')
     end
     it "should print meaningful debug message for array argument" do
-      expect(Puppet::Util::Execution).to receive(:debug).with("Executing 'echo hello'")
+      Puppet[:log_level] = 'debug'
+      expect(Puppet).to receive(:send_log).with(:debug, "Executing 'echo hello'")
       expect(Puppet::Util::Execution).to receive(:open).with('| echo hello 2>&1').and_return('hello')
       expect(Puppet::Util::Execution).to receive(:exitstatus).and_return(0)
       Puppet::Util::Execution.execpipe(['echo','hello'])

data/spec/unit/util/inifile_spec.rb CHANGED Viewed

@@ -443,13 +443,9 @@ describe Puppet::Util::IniConfig::FileCollection do
     end
     it "yields every section from every file" do
-      [sect_a1, sect_a2, sect_b1, sect_b2].each do |sect|
-        expect(sect).to receive(:touch).once
-      end
-      subject.each_section do |sect|
-        sect.touch
-      end
+      expect { |b|
+        subject.each_section(&b)
+      }.to yield_successive_args(sect_a1, sect_a2, sect_b1, sect_b2)
     end
   end
@@ -460,13 +456,9 @@ describe Puppet::Util::IniConfig::FileCollection do
     end
     it "yields the path to every file in the collection" do
-      seen = []
-      subject.each_file do |file|
-        seen << file
-      end
-      expect(seen).to include(path_a)
-      expect(seen).to include(path_b)
+      expect { |b|
+        subject.each_file(&b)
+      }.to yield_successive_args(path_a, path_b)
     end
   end

data/spec/unit/util/log_spec.rb CHANGED Viewed

@@ -111,16 +111,20 @@ describe Puppet::Util::Log do
     end
     it "should fall back to :eventlog" do
-      allow(Puppet.features).to receive(:syslog?).and_return(false)
-      allow(Puppet.features).to receive(:eventlog?).and_return(true)
+      without_partial_double_verification do
+        allow(Puppet.features).to receive(:syslog?).and_return(false)
+        allow(Puppet.features).to receive(:eventlog?).and_return(true)
+      end
       expect(Puppet::Util::Log).to receive(:newdestination).with(:eventlog)
       Puppet::Util::Log.setup_default
     end
     it "should fall back to :file" do
-      allow(Puppet.features).to receive(:syslog?).and_return(false)
-      allow(Puppet.features).to receive(:eventlog?).and_return(false)
+      without_partial_double_verification do
+        allow(Puppet.features).to receive(:syslog?).and_return(false)
+        allow(Puppet.features).to receive(:eventlog?).and_return(false)
+      end
       expect(Puppet::Util::Log).to receive(:newdestination).with(Puppet[:puppetdlog])
       Puppet::Util::Log.setup_default
@@ -224,9 +228,6 @@ describe Puppet::Util::Log do
   describe Puppet::Util::Log::DestEventlog, :if => Puppet.features.eventlog? do
     before :each do
       allow(Puppet::Util::Windows::EventLog).to receive(:open).and_return(double('mylog', :close => nil))
-      allow(Puppet::Util::Windows::EventLog).to receive(:report_event)
-      allow(Puppet::Util::Windows::EventLog).to receive(:close)
-      allow(Puppet.features).to receive(:eventlog?).and_return(true)
     end
     it "should restrict its suitability to Windows" do

data/spec/unit/util/logging_spec.rb CHANGED Viewed

@@ -552,7 +552,7 @@ original
     describe 'does support debugging' do
       before :each do
-        allow(Facter).to receive(:respond_to?).with(:debugging).and_return(true)
+        allow(Facter).to receive(:respond_to?).with(:debugging, any_args).and_return(true)
       end
       it 'enables Facter debugging when debug level' do
@@ -568,7 +568,7 @@ original
     describe 'does support trace' do
       before :each do
-        allow(Facter).to receive(:respond_to?).with(:trace).and_return(true)
+        allow(Facter).to receive(:respond_to?).with(:trace, any_args).and_return(true)
       end
       it 'enables Facter trace when enabled' do
@@ -584,7 +584,7 @@ original
     describe 'does support on_message' do
       before :each do
-        allow(Facter).to receive(:respond_to?).with(:on_message).and_return(true)
+        allow(Facter).to receive(:respond_to?).with(:on_message, any_args).and_return(true)
       end
       def setup(level, message)

data/spec/unit/util/posix_spec.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 require 'spec_helper'
+require 'puppet/ffi/posix'
 require 'puppet/util/posix'
 class PosixTest
@@ -11,35 +12,344 @@ describe Puppet::Util::POSIX do
     @posix = PosixTest.new
   end
-  describe '.groups_of' do
+  describe '.groups_of' do
+    let(:mock_user_data) { double(user, :gid => 1000) }
+    let(:ngroups_ptr) { double('FFI::MemoryPointer', :address => 0x0001, :size => 4) }
+    let(:groups_ptr) { double('FFI::MemoryPointer', :address => 0x0002, :size => Puppet::FFI::POSIX::Constants::MAXIMUM_NUMBER_OF_GROUPS) }
     let(:mock_groups) do
       [
-        ['group1', ['user1', 'user2']],
-        ['group2', ['user2']],
-        ['group1', ['user1', 'user2']],
-        ['group3', ['user1']],
-        ['group4', ['user2']]
-      ].map do |(name, members)|
+        ['root', ['root'], 0],
+        ['nomembers', [], 5 ],
+        ['group1', ['user1', 'user2'], 1001],
+        ['group2', ['user2'], 2002],
+        ['group1', ['user1', 'user2'], 1001],
+        ['group3', ['user1'], 3003],
+        ['group4', ['user2'], 4004],
+        ['user1', [], 1111],
+        ['user2', [], 2222]
+      ].map do |(name, members, gid)|
         group_struct = double("Group #{name}")
         allow(group_struct).to receive(:name).and_return(name)
         allow(group_struct).to receive(:mem).and_return(members)
+        allow(group_struct).to receive(:gid).and_return(gid)
         group_struct
       end
     end
+    def prepare_user_and_groups_env(user, groups)
+      groups_gids = []
+      groups_and_user = []
+      groups_and_user.replace(groups)
+      groups_and_user.push(user)
+      groups_and_user.each do |group|
+        mock_group = mock_groups.find { |m| m.name == group }
+        groups_gids.push(mock_group.gid)
+        allow(Puppet::Etc).to receive(:getgrgid).with(mock_group.gid).and_return(mock_group)
+      end
+      if groups_and_user.size > Puppet::FFI::POSIX::Constants::MAXIMUM_NUMBER_OF_GROUPS
+        allow(ngroups_ptr).to receive(:read_int).and_return(Puppet::FFI::POSIX::Constants::MAXIMUM_NUMBER_OF_GROUPS, groups_and_user.size)
+      else
+        allow(ngroups_ptr).to receive(:read_int).and_return(groups_and_user.size)
+      end
+      allow(groups_ptr).to receive(:get_array_of_uint).with(0, groups_and_user.size).and_return(groups_gids)
+      allow(Puppet::Etc).to receive(:getpwnam).with(user).and_return(mock_user_data)
+    end
     before(:each) do
-      etc_stub = receive(:group)
-      mock_groups.each do |mock_group|
-        etc_stub = etc_stub.and_yield(mock_group)
+      allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
+    end
+    describe 'when it uses FFI function getgrouplist' do
+      before(:each) do
+        allow(FFI::MemoryPointer).to receive(:new).with(:int).and_yield(ngroups_ptr)
+        allow(FFI::MemoryPointer).to receive(:new).with(:uint, Puppet::FFI::POSIX::Constants::MAXIMUM_NUMBER_OF_GROUPS).and_yield(groups_ptr)
+        allow(ngroups_ptr).to receive(:write_int).with(Puppet::FFI::POSIX::Constants::MAXIMUM_NUMBER_OF_GROUPS).and_return(ngroups_ptr)
+      end
+      describe 'when there are groups' do
+        context 'for user1' do
+          let(:user) { 'user1' }
+          let(:expected_groups) { ['group1', 'group3'] }
+          before(:each) do
+            prepare_user_and_groups_env(user, expected_groups)
+            allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
+          end
+          it "should return the groups for given user" do
+            expect(Puppet::Util::POSIX.groups_of(user)).to eql(expected_groups)
+          end
+          it 'should not print any debug message about falling back to Puppet::Etc.group' do
+            expect(Puppet).not_to receive(:debug).with(/Falling back to Puppet::Etc.group:/)
+            Puppet::Util::POSIX.groups_of(user)
+          end
+        end
+        context 'for user2' do
+          let(:user) { 'user2' }
+          let(:expected_groups) { ['group1', 'group2', 'group4'] }
+          before(:each) do
+            prepare_user_and_groups_env(user, expected_groups)
+            allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
+            allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
+          end
+          it "should return the groups for given user" do
+            expect(Puppet::Util::POSIX.groups_of(user)).to eql(expected_groups)
+          end
+          it 'should not print any debug message about falling back to Puppet::Etc.group' do
+            expect(Puppet).not_to receive(:debug).with(/Falling back to Puppet::Etc.group:/)
+            Puppet::Util::POSIX.groups_of(user)
+          end
+        end
+      end
+      describe 'when there are no groups' do
+        let(:user) { 'nomembers' }
+        let(:expected_groups) { [] }
+        before(:each) do
+          prepare_user_and_groups_env(user, expected_groups)
+          allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
+          allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
+        end
+        it "should return no groups for given user" do
+          expect(Puppet::Util::POSIX.groups_of(user)).to eql(expected_groups)
+        end
+        it 'should not print any debug message about falling back to Puppet::Etc.group' do
+          expect(Puppet).not_to receive(:debug).with(/Falling back to Puppet::Etc.group:/)
+          Puppet::Util::POSIX.groups_of(user)
+        end
+      end
+      describe 'when primary group explicitly contains user' do
+        let(:user) { 'root' }
+        let(:expected_groups) { ['root'] }
+        before(:each) do
+          prepare_user_and_groups_env(user, expected_groups)
+          allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
+          allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
+        end
+        it "should return the groups, including primary group, for given user" do
+          expect(Puppet::Util::POSIX.groups_of(user)).to eql(expected_groups)
+        end
+        it 'should not print any debug message about falling back to Puppet::Etc.group' do
+          expect(Puppet).not_to receive(:debug).with(/Falling back to Puppet::Etc.group:/)
+          Puppet::Util::POSIX.groups_of(user)
+        end
+      end
+      describe 'when primary group does not explicitly contain user' do
+        let(:user) { 'user1' }
+        let(:expected_groups) { ['group1', 'group3'] }
+        before(:each) do
+          prepare_user_and_groups_env(user, expected_groups)
+          allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
+          allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
+        end
+        it "should not return primary group for given user" do
+          expect(Puppet::Util::POSIX.groups_of(user)).not_to include(user)
+        end
+        it 'should not print any debug message about falling back to Puppet::Etc.group' do
+          expect(Puppet).not_to receive(:debug).with(/Falling back to Puppet::Etc.group:/)
+          Puppet::Util::POSIX.groups_of(user)
+        end
+      end
+      context 'number of groups' do
+        before(:each) do
+          stub_const("Puppet::FFI::POSIX::Constants::MAXIMUM_NUMBER_OF_GROUPS", 2)
+          prepare_user_and_groups_env(user, expected_groups)
+          allow(FFI::MemoryPointer).to receive(:new).with(:uint, Puppet::FFI::POSIX::Constants::MAXIMUM_NUMBER_OF_GROUPS).and_yield(groups_ptr)
+          allow(ngroups_ptr).to receive(:write_int).with(Puppet::FFI::POSIX::Constants::MAXIMUM_NUMBER_OF_GROUPS).and_return(ngroups_ptr)
+        end
+        describe 'when there are less than maximum expected number of groups' do
+          let(:user) { 'root' }
+          let(:expected_groups) { ['root'] }
+          before(:each) do
+            allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
+            allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
+          end
+          it "should return the groups for given user, after one 'getgrouplist' call" do
+            expect(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).once
+            expect(Puppet::Util::POSIX.groups_of(user)).to eql(expected_groups)
+          end
+          it 'should not print any debug message about falling back to Puppet::Etc.group' do
+            expect(Puppet).not_to receive(:debug).with(/Falling back to Puppet::Etc.group:/)
+            Puppet::Util::POSIX.groups_of(user)
+          end
+        end
+        describe 'when there are more than maximum expected number of groups' do
+          let(:user) { 'user1' }
+          let(:expected_groups) { ['group1', 'group3'] }
+          before(:each) do
+            allow(FFI::MemoryPointer).to receive(:new).with(:uint, Puppet::FFI::POSIX::Constants::MAXIMUM_NUMBER_OF_GROUPS * 2).and_yield(groups_ptr)
+            allow(ngroups_ptr).to receive(:write_int).with(Puppet::FFI::POSIX::Constants::MAXIMUM_NUMBER_OF_GROUPS * 2).and_return(ngroups_ptr)
+            allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
+            allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(-1, 1)
+          end
+          it "should return the groups for given user, after two 'getgrouplist' calls" do
+            expect(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).twice
+            expect(Puppet::Util::POSIX.groups_of(user)).to eql(expected_groups)
+          end
+          it 'should not print any debug message about falling back to Puppet::Etc.group' do
+            expect(Puppet).not_to receive(:debug).with(/Falling back to Puppet::Etc.group:/)
+            Puppet::Util::POSIX.groups_of(user)
+          end
+        end
       end
-      allow(Puppet::Etc).to etc_stub
     end
-    it 'returns the groups of the given user' do
-      expect(Puppet::Util::POSIX.groups_of('user1')).to eql(
-        ['group1', 'group3']
-      )
+    describe 'when it falls back to Puppet::Etc.group method' do
+      before(:each) do
+        etc_stub = receive(:group)
+        mock_groups.each do |mock_group|
+          etc_stub = etc_stub.and_yield(mock_group)
+        end
+        allow(Puppet::Etc).to etc_stub
+        allow(Puppet::Etc).to receive(:getpwnam).with(user).and_raise(ArgumentError, "can't find user for #{user}")
+        allow(Puppet).to receive(:debug)
+        allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(false)
+      end
+      describe 'when there are groups' do
+        context 'for user1' do
+          let(:user) { 'user1' }
+          let(:expected_groups) { ['group1', 'group3'] }
+          it "should return the groups for given user" do
+            expect(Puppet::Util::POSIX.groups_of(user)).to eql(expected_groups)
+          end
+          it 'logs a debug message' do
+            expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
+            Puppet::Util::POSIX.groups_of(user)
+          end
+        end
+        context 'for user2' do
+          let(:user) { 'user2' }
+          let(:expected_groups) { ['group1', 'group2', 'group4'] }
+          it "should return the groups for given user" do
+            expect(Puppet::Util::POSIX.groups_of(user)).to eql(expected_groups)
+          end
+          it 'logs a debug message' do
+            expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
+            Puppet::Util::POSIX.groups_of(user)
+          end
+        end
+      end
+      describe 'when there are no groups' do
+        let(:user) { 'nomembers' }
+        let(:expected_groups) { [] }
+        it "should return no groups for given user" do
+          expect(Puppet::Util::POSIX.groups_of(user)).to eql(expected_groups)
+        end
+        it 'logs a debug message' do
+          expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
+          Puppet::Util::POSIX.groups_of(user)
+        end
+      end
+      describe 'when primary group explicitly contains user' do
+        let(:user) { 'root' }
+        let(:expected_groups) { ['root'] }
+        it "should return the groups, including primary group, for given user" do
+          expect(Puppet::Util::POSIX.groups_of(user)).to eql(expected_groups)
+        end
+        it 'logs a debug message' do
+          expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
+          Puppet::Util::POSIX.groups_of(user)
+        end
+      end
+      describe 'when primary group does not explicitly contain user' do
+        let(:user) { 'user1' }
+        let(:expected_groups) { ['group1', 'group3'] }
+        it "should not return primary group for given user" do
+          expect(Puppet::Util::POSIX.groups_of(user)).not_to include(user)
+        end
+        it 'logs a debug message' do
+          expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
+          Puppet::Util::POSIX.groups_of(user)
+        end
+      end
+      describe "when the 'getgrouplist' method is not available" do
+        let(:user) { 'user1' }
+        let(:expected_groups) { ['group1', 'group3'] }
+        before(:each) do
+          allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist).and_return(false)
+        end
+        it "should return the groups" do
+          expect(Puppet::Util::POSIX.groups_of(user)).to eql(expected_groups)
+        end
+        it 'logs a debug message' do
+          expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
+          Puppet::Util::POSIX.groups_of(user)
+        end
+      end
+      describe "when ffi is not available on the machine" do
+        let(:user) { 'user1' }
+        let(:expected_groups) { ['group1', 'group3'] }
+        before(:each) do
+          allow(Puppet::Util::POSIX).to receive(:require).with('puppet/ffi/posix').and_raise(LoadError, 'cannot load such file -- ffi')
+        end
+        it "should return the groups" do
+          expect(Puppet::Util::POSIX.groups_of(user)).to eql(expected_groups)
+        end
+        it 'logs a debug message' do
+          expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: cannot load such file -- ffi")
+          Puppet::Util::POSIX.groups_of(user)
+        end
+      end
     end
   end
@@ -189,6 +499,25 @@ describe Puppet::Util::POSIX do
         expect(@posix.gid("asdf")).to eq(100)
       end
+      it "returns the id without full groups query if multiple groups have the same id" do
+        expect(@posix).to receive(:get_posix_field).with(:group, :gid, "asdf").and_return(100)
+        expect(@posix).to receive(:get_posix_field).with(:group, :name, 100).and_return("boo")
+        expect(@posix).to receive(:get_posix_field).with(:group, :gid, "boo").and_return(100)
+        expect(@posix).not_to receive(:search_posix_field)
+        expect(@posix.gid("asdf")).to eq(100)
+      end
+      it "returns the id with full groups query if name is nil" do
+        expect(@posix).to receive(:get_posix_field).with(:group, :gid, "asdf").and_return(100)
+        expect(@posix).to receive(:get_posix_field).with(:group, :name, 100).and_return(nil)
+        expect(@posix).not_to receive(:get_posix_field).with(:group, :gid, nil)
+        expect(@posix).to receive(:search_posix_field).with(:group, :gid, "asdf").and_return(100)
+        expect(@posix.gid("asdf")).to eq(100)
+      end
       it "should use :search_posix_field if the discovered name does not match the passed-in name" do
         expect(@posix).to receive(:get_posix_field).with(:group, :gid, "asdf").and_return(100)
         expect(@posix).to receive(:get_posix_field).with(:group, :name, 100).and_return("boo")
@@ -265,6 +594,25 @@ describe Puppet::Util::POSIX do
         expect(@posix.uid("asdf")).to eq(100)
       end
+      it "returns the id without full users query if multiple users have the same id" do
+        expect(@posix).to receive(:get_posix_field).with(:passwd, :uid, "asdf").and_return(100)
+        expect(@posix).to receive(:get_posix_field).with(:passwd, :name, 100).and_return("boo")
+        expect(@posix).to receive(:get_posix_field).with(:passwd, :uid, "boo").and_return(100)
+        expect(@posix).not_to receive(:search_posix_field)
+        expect(@posix.uid("asdf")).to eq(100)
+      end
+      it "returns the id with full users query if name is nil" do
+        expect(@posix).to receive(:get_posix_field).with(:passwd, :uid, "asdf").and_return(100)
+        expect(@posix).to receive(:get_posix_field).with(:passwd, :name, 100).and_return(nil)
+        expect(@posix).not_to receive(:get_posix_field).with(:passwd, :uid, nil)
+        expect(@posix).to receive(:search_posix_field).with(:passwd, :uid, "asdf").and_return(100)
+        expect(@posix.uid("asdf")).to eq(100)
+      end
       it "should use :search_posix_field if the discovered name does not match the passed-in name" do
         expect(@posix).to receive(:get_posix_field).with(:passwd, :uid, "asdf").and_return(100)
         expect(@posix).to receive(:get_posix_field).with(:passwd, :name, 100).and_return("boo")