puppet 6.21.0-x64-mingw32 → 6.24.0-x64-mingw32

data/spec/unit/provider/user/useradd_spec.rb

@@ -360,14 +360,14 @@ describe Puppet::Type.type(:user).provider(:useradd) do
       resource[:forcelocal] = true
       allow(Puppet::FileSystem).to receive(:exist?).with('/etc/passwd').and_return(true)
       allow(Puppet::FileSystem).to receive(:each_line).with('/etc/passwd').and_yield(content)
-      expect(provider.gid).to eq('999')
+      expect(provider.gid).to eq(999)
     end
 
     it "should fall back to nameservice GID when forcelocal is false" do
       resource[:forcelocal] = false
-      allow(provider).to receive(:get).with(:gid).and_return('1234')
+      allow(provider).to receive(:get).with(:gid).and_return(1234)
       expect(provider).not_to receive(:localgid)
-      expect(provider.gid).to eq('1234')
+      expect(provider.gid).to eq(1234)
     end
   end
 
@@ -375,21 +375,36 @@ describe Puppet::Type.type(:user).provider(:useradd) do
     before { described_class.has_feature :manages_local_users_and_groups }
 
     let(:content) do
-      <<~EOF
+      StringIO.new(<<~EOF)
       group1:x:0:myuser
       group2:x:999:
       group3:x:998:myuser
       EOF
     end
 
+    let(:content_with_empty_line) do
+      StringIO.new(<<~EOF)
+      group1:x:0:myuser
+      group2:x:999:
+      group3:x:998:myuser
+
+      EOF
+    end
+
     it "should return the local groups string when forcelocal is true" do
       resource[:forcelocal] = true
-      group1, group2, group3 = content.split
       allow(Puppet::FileSystem).to receive(:exist?).with('/etc/group').and_return(true)
-      allow(Puppet::FileSystem).to receive(:each_line).with('/etc/group').and_yield(group1).and_yield(group2).and_yield(group3)
+      allow(File).to receive(:open).with(Pathname.new('/etc/group')).and_yield(content)
       expect(provider.groups).to eq(['group1', 'group3'])
     end
 
+    it "does not raise when parsing empty lines in /etc/group" do
+      resource[:forcelocal] = true
+      allow(Puppet::FileSystem).to receive(:exist?).with('/etc/group').and_return(true)
+      allow(File).to receive(:open).with(Pathname.new('/etc/group')).and_yield(content_with_empty_line)
+      expect { provider.groups }.not_to raise_error
+    end
+
     it "should fall back to nameservice groups when forcelocal is false" do
       resource[:forcelocal] = false
       allow(Puppet::Util::POSIX).to receive(:groups_of).with('myuser').and_return(['remote groups'])

data/spec/unit/resource/catalog_spec.rb

@@ -205,7 +205,7 @@ describe Puppet::Resource::Catalog, "when compiling" do
     end
 
     it "should set itself as the catalog for each converted resource" do
-      @catalog.vertices.each { |v| expect(v.catalog.object_id).to equal(@catalog.object_id) }
+      @catalog.vertices.each { |v| expect(v.catalog.object_id).to eql(@catalog.object_id) }
     end
 
     # This tests #931.

data/spec/unit/settings_spec.rb

@@ -29,6 +29,17 @@ describe Puppet::Settings do
     end
   end
 
+  def stub_config_with(content)
+    allow(Puppet.features).to receive(:root?).and_return(false)
+    expect(Puppet::FileSystem).to receive(:exist?).
+      with(user_config_file_default_location).
+      and_return(true).ordered
+    expect(@settings).to receive(:read_file).
+      with(user_config_file_default_location).
+      and_return(content).ordered
+    @settings.send(:parse_config_files)
+  end
+
   describe "when specifying defaults" do
     before do
       @settings = Puppet::Settings.new
@@ -264,23 +275,31 @@ describe Puppet::Settings do
       expect(@settings[:myval]).to eq("")
     end
 
-    it "should flag string settings from the CLI" do
+    it "should retrieve numeric settings from the CLI" do
       @settings.handlearg("--myval", "12")
-      expect(@settings.set_by_cli?(:myval)).to be_truthy
+      expect(@settings.set_by_cli(:myval)).to eq(12)
+      expect(@settings.set_by_cli?(:myval)).to be true
     end
 
-    it "should flag bool settings from the CLI" do
+    it "should retrieve string settings from the CLI" do
+      @settings.handlearg("--myval", "something")
+      expect(@settings.set_by_cli(:myval)).to eq("something")
+      expect(@settings.set_by_cli?(:myval)).to be true
+    end
+
+    it "should retrieve bool settings from the CLI" do
       @settings.handlearg("--bool")
-      expect(@settings.set_by_cli?(:bool)).to be_truthy
+      expect(@settings.set_by_cli(:bool)).to be true
+      expect(@settings.set_by_cli?(:bool)).to be true
     end
 
-    it "should not flag settings memory as from CLI" do
+    it "should not retrieve settings set in memory as from CLI" do
       @settings[:myval] = "12"
-      expect(@settings.set_by_cli?(:myval)).to be_falsey
+      expect(@settings.set_by_cli?(:myval)).to be false
     end
 
     it "should find no configured settings by default" do
-      expect(@settings.set_by_config?(:myval)).to be_falsey
+      expect(@settings.set_by_config?(:myval)).to be false
     end
 
     it "should identify configured settings in memory" do
@@ -304,64 +323,66 @@ describe Puppet::Settings do
       expect(@settings.set_by_config?(:manifest, Puppet[:environment])).to be_truthy
     end
 
-    it "should identify configured settings from the preferred run mode" do
-      user_config_text = "[#{@settings.preferred_run_mode}]\nmyval = foo"
+    context "when handling puppet.conf" do
+      describe "#set_by_config?" do
+        it "should identify configured settings from the preferred run mode" do
+          stub_config_with(<<~CONFIG)
+          [#{@settings.preferred_run_mode}]
+          myval = foo
+          CONFIG
 
-      allow(Puppet.features).to receive(:root?).and_return(false)
-      expect(Puppet::FileSystem).to receive(:exist?).
-        with(user_config_file_default_location).
-        and_return(true).ordered
-      expect(@settings).to receive(:read_file).
-        with(user_config_file_default_location).
-        and_return(user_config_text).ordered
+          expect(@settings.set_by_config?(:myval)).to be_truthy
+        end
 
-      @settings.send(:parse_config_files)
-      expect(@settings.set_by_config?(:myval)).to be_truthy
-    end
+        it "should identify configured settings from the specified run mode" do
+          stub_config_with(<<~CONFIG)
+          [server]
+          myval = foo
+          CONFIG
 
-    it "should identify configured settings from the specified run mode" do
-      user_config_text = "[server]\nmyval = foo"
+          expect(@settings.set_by_config?(:myval, nil, :server)).to be_truthy
+        end
 
-      allow(Puppet.features).to receive(:root?).and_return(false)
-      expect(Puppet::FileSystem).to receive(:exist?).
-        with(user_config_file_default_location).
-        and_return(true).ordered
-      expect(@settings).to receive(:read_file).
-        with(user_config_file_default_location).
-        and_return(user_config_text).ordered
+        it "should not identify configured settings from an unspecified run mode" do
+          stub_config_with(<<~CONFIG)
+          [zaz]
+          myval = foo
+          CONFIG
 
-      @settings.send(:parse_config_files)
-      expect(@settings.set_by_config?(:myval, nil, :server)).to be_truthy
-    end
+          expect(@settings.set_by_config?(:myval)).to be_falsey
+        end
 
-    it "should not identify configured settings from an unspecified run mode" do
-      user_config_text = "[zaz]\nmyval = foo"
+        it "should identify configured settings from the main section" do
+          stub_config_with(<<~CONFIG)
+          [main]
+          myval = foo
+          CONFIG
 
-      allow(Puppet.features).to receive(:root?).and_return(false)
-      expect(Puppet::FileSystem).to receive(:exist?).
-        with(user_config_file_default_location).
-        and_return(true).ordered
-      expect(@settings).to receive(:read_file).
-        with(user_config_file_default_location).
-        and_return(user_config_text).ordered
+          expect(@settings.set_by_config?(:myval)).to be_truthy
+        end
+      end
 
-      @settings.send(:parse_config_files)
-      expect(@settings.set_by_config?(:myval)).to be_falsey
-    end
+      describe "#set_in_section" do
+        it "should retrieve configured settings from the specified section" do
+          stub_config_with(<<~CONFIG)
+          [agent]
+          myval = foo
+          CONFIG
 
-    it "should identify configured settings from the main section" do
-      user_config_text = "[main]\nmyval = foo"
+          expect(@settings.set_in_section(:myval, :agent)).to eq("foo")
+          expect(@settings.set_in_section?(:myval, :agent)).to be true
+        end
 
-      allow(Puppet.features).to receive(:root?).and_return(false)
-      expect(Puppet::FileSystem).to receive(:exist?).
-        with(user_config_file_default_location).
-        and_return(true).ordered
-      expect(@settings).to receive(:read_file).
-        with(user_config_file_default_location).
-        and_return(user_config_text).ordered
+        it "should not retrieve configured settings from a different section" do
+          stub_config_with(<<~CONFIG)
+          [main]
+          myval = foo
+          CONFIG
 
-      @settings.send(:parse_config_files)
-      expect(@settings.set_by_config?(:myval)).to be_truthy
+          expect(@settings.set_in_section(:myval, :agent)).to be nil
+          expect(@settings.set_in_section?(:myval, :agent)).to be false
+        end
+      end
     end
 
     it "should clear the cache when setting getopt-specific values" do
@@ -2120,7 +2141,7 @@ describe Puppet::Settings do
     end
 
     def a_user_type_for(username)
-      user = double('user')
+      user = double('user', 'suitable?': true, to_s: "User[#{username}]")
       expect(Puppet::Type.type(:user)).to receive(:new).with(hash_including(name: username)).and_return(user)
       user
     end
@@ -2153,6 +2174,16 @@ describe Puppet::Settings do
 
       expect(settings).to be_service_user_available
     end
+
+    it "raises if the user is not suitable" do
+      settings[:user] = "foo"
+
+      expect(a_user_type_for("foo")).to receive(:suitable?).and_return(false)
+
+      expect {
+        settings.service_user_available?
+      }.to raise_error(Puppet::Error, /Cannot manage owner permissions, because the provider for 'User\[foo\]' is not functional/)
+    end
   end
 
   describe "when determining if the service group is available" do
@@ -2163,7 +2194,7 @@ describe Puppet::Settings do
     end
 
     def a_group_type_for(groupname)
-      group = double('group')
+      group = double('group', 'suitable?': true, to_s: "Group[#{groupname}]")
       expect(Puppet::Type.type(:group)).to receive(:new).with(hash_including(name: groupname)).and_return(group)
       group
     end
@@ -2196,6 +2227,16 @@ describe Puppet::Settings do
 
       expect(settings).to be_service_group_available
     end
+
+    it "raises if the group is not suitable" do
+      settings[:group] = "foo"
+
+      expect(a_group_type_for("foo")).to receive(:suitable?).and_return(false)
+
+      expect {
+        settings.service_group_available?
+      }.to raise_error(Puppet::Error, /Cannot manage group permissions, because the provider for 'Group\[foo\]' is not functional/)
+    end
   end
 
   describe "when dealing with command-line options" do

data/spec/unit/ssl/state_machine_spec.rb

@@ -31,6 +31,14 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
     allow(Kernel).to receive(:sleep)
   end
 
+  def expected_digest(name, content)
+    OpenSSL::Digest.new(name).hexdigest(content)
+  end
+
+  def to_fingerprint(digest)
+    digest.scan(/../).join(':').upcase
+  end
+
   context 'when passing keyword arguments' do
     it "accepts digest" do
       expect(described_class.new(digest: 'SHA512').digest).to eq('SHA512')
@@ -395,29 +403,35 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
 
       it 'verifies CA cert bundle if a ca_fingerprint is given case-insensitively' do
         Puppet[:log_level] = :info
-        machine = described_class.new(digest: 'SHA256', ca_fingerprint: 'caacf69bbbcdad9dbcda92dd2da3608b639d1aea4c314d6cc6823cdb32d8e0f8')
+
+        digest = expected_digest('SHA256', cacert_pem)
+        fingerprint = to_fingerprint(digest)
+        machine = described_class.new(digest: 'SHA256', ca_fingerprint: digest.downcase)
         state = Puppet::SSL::StateMachine::NeedCACerts.new(machine)
         state.next_state
 
-        expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA256) CA:AC:F6:9B:BB:CD:AD:9D:BC:DA:92:DD:2D:A3:60:8B:63:9D:1A:EA:4C:31:4D:6C:C6:82:3C:DB:32:D8:E0:F8"))
+        expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA256) #{fingerprint}"))
       end
 
       it 'verifies CA cert bundle using non-default fingerprint' do
         Puppet[:log_level] = :info
-        machine = described_class.new(digest: 'SHA512', ca_fingerprint: '3c9d1482b878913ad95c9631feac5090cb05c6eab9496178d6fd5c14a023da3b1a8650a3cbaac516d9a48caf0b0742e1ed7eebf55105c024c74834a45056a9d9')
+
+        digest = expected_digest('SHA512', cacert_pem)
+        machine = described_class.new(digest: 'SHA512', ca_fingerprint: digest)
         state = Puppet::SSL::StateMachine::NeedCACerts.new(machine)
         state.next_state
 
-        expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA512) 3C:9D:14:82:B8:78:91:3A:D9:5C:96:31:FE:AC:50:90:CB:05:C6:EA:B9:49:61:78:D6:FD:5C:14:A0:23:DA:3B:1A:86:50:A3:CB:AA:C5:16:D9:A4:8C:AF:0B:07:42:E1:ED:7E:EB:F5:51:05:C0:24:C7:48:34:A4:50:56:A9:D9"))
+        expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA512) #{to_fingerprint(digest)}"))
       end
 
       it 'returns an error if verification fails' do
         machine = described_class.new(digest: 'SHA256', ca_fingerprint: 'wrong!')
         state = Puppet::SSL::StateMachine::NeedCACerts.new(machine)
 
+        fingerprint = to_fingerprint(expected_digest('SHA256', cacert_pem))
         st = state.next_state
         expect(st).to be_an_instance_of(Puppet::SSL::StateMachine::Error)
-        expect(st.message).to eq("CA bundle with digest (SHA256) CA:AC:F6:9B:BB:CD:AD:9D:BC:DA:92:DD:2D:A3:60:8B:63:9D:1A:EA:4C:31:4D:6C:C6:82:3C:DB:32:D8:E0:F8 did not match expected digest WR:ON:G!")
+        expect(st.message).to eq("CA bundle with digest (SHA256) #{fingerprint} did not match expected digest WR:ON:G!")
       end
     end
   end

data/spec/unit/transaction/additional_resource_generator_spec.rb

@@ -93,8 +93,6 @@ describe Puppet::Transaction::AdditionalResourceGenerator do
     end
   end
 
-
-
   after(:each) do
     Puppet::Type.rmtype(:gen_empty)
     Puppet::Type.rmtype(:eval_after)

data/spec/unit/transaction_spec.rb

@@ -5,13 +5,6 @@ require 'puppet_spec/compiler'
 require 'puppet/transaction'
 require 'fileutils'
 
-Puppet::Type.newtype(:generator) do
-  newparam(:name) { isnamevar }
-
-  def generate
-  end
-end
-
 describe Puppet::Transaction do
   include PuppetSpec::Files
   include PuppetSpec::Compiler
@@ -27,6 +20,19 @@ describe Puppet::Transaction do
     transaction
   end
 
+  before(:all) do
+    Puppet::Type.newtype(:transaction_generator) do
+      newparam(:name) { isnamevar }
+
+      def generate
+      end
+    end
+  end
+
+  after(:all) do
+    Puppet::Type.rmtype(:transaction_generator)
+  end
+
   before do
     @basepath = make_absolute("/what/ever")
     @transaction = Puppet::Transaction.new(Puppet::Resource::Catalog.new, nil, Puppet::Graph::SequentialPrioritizer.new)
@@ -330,9 +336,9 @@ describe Puppet::Transaction do
   describe "when generating resources before traversal" do
     let(:catalog) { Puppet::Resource::Catalog.new }
     let(:transaction) { Puppet::Transaction.new(catalog, nil, Puppet::Graph::SequentialPrioritizer.new) }
-    let(:generator) { Puppet::Type.type(:generator).new :title => "generator" }
+    let(:generator) { Puppet::Type.type(:transaction_generator).new :title => "generator" }
     let(:generated) do
-      %w[a b c].map { |name| Puppet::Type.type(:generator).new(:name => name) }
+      %w[a b c].map { |name| Puppet::Type.type(:transaction_generator).new(:name => name) }
     end
 
     before :each do
@@ -673,7 +679,7 @@ describe Puppet::Transaction do
         end
 
         describe "and new resources are generated" do
-          let(:generator) { Puppet::Type.type(:generator).new :title => "generator" }
+          let(:generator) { Puppet::Type.type(:transaction_generator).new :title => "generator" }
           let(:generated) do
             %w[a b c].map { |name| Puppet::Type.type(:package).new :title => "foo", :name => name, :provider => :apt }
           end
@@ -787,16 +793,8 @@ describe Puppet::Transaction do
     end
 
     it "should call Selinux.matchpathcon_fini in case Selinux is enabled ", :if => Puppet.features.posix? do
-      unless defined?(Selinux)
-        module Selinux
-          def self.is_selinux_enabled
-            true
-          end
-
-          def self.matchpathcon_fini
-          end
-        end
-      end
+      selinux = double('selinux', is_selinux_enabled: true, matchpathcon_fini: nil)
+      stub_const('Selinux', selinux)
 
       resource = Puppet::Type.type(:file).new(:path => make_absolute("/tmp/foo"))
       transaction = transaction_with_resource(resource)

data/spec/unit/type/exec_spec.rb

@@ -239,6 +239,19 @@ RSpec.describe Puppet::Type.type(:exec) do
     expect(dependencies.collect(&:to_s)).to eq([Puppet::Relationship.new(tmp, execer).to_s])
   end
 
+  it "should be able to autorequire files mentioned in the array command" do
+    foo = make_absolute('/bin/foo')
+    catalog = Puppet::Resource::Catalog.new
+    tmp = Puppet::Type.type(:file).new(:name => foo)
+    execer = Puppet::Type.type(:exec).new(:name => 'test array', :command => [foo, 'bar'])
+
+    catalog.add_resource tmp
+    catalog.add_resource execer
+    dependencies = execer.autorequire(catalog)
+
+    expect(dependencies.collect(&:to_s)).to eq([Puppet::Relationship.new(tmp, execer).to_s])
+  end
+
   describe "when handling the path parameter" do
     expect = %w{one two three four}
     { "an array"                                      => expect,
@@ -346,7 +359,13 @@ RSpec.describe Puppet::Type.type(:exec) do
   end
 
   shared_examples_for "all exec command parameters" do |param|
-    { "relative" => "example", "absolute" => "/bin/example" }.sort.each do |name, command|
+    array_cmd = ["/bin/example", "*"]
+    array_cmd = [["/bin/example", "*"]] if [:onlyif, :unless].include?(param)
+
+    commands = { "relative" => "example", "absolute" => "/bin/example" }
+    commands["array"] = array_cmd
+
+    commands.sort.each do |name, command|
       describe "if command is #{name}" do
         before :each do
           @param = param
@@ -379,45 +398,44 @@ RSpec.describe Puppet::Type.type(:exec) do
   end
 
   shared_examples_for "all exec command parameters that take arrays" do |param|
-    describe "when given an array of inputs" do
-      before :each do
-        @test = Puppet::Type.type(:exec).new(:name => @executable)
-      end
+    [
+      %w{one two three},
+      [%w{one -a}, %w{two, -b}, 'three']
+    ].each do |input|
+      context "when given #{input.inspect} as input" do
+        let(:resource) { Puppet::Type.type(:exec).new(:name => @executable) }
 
-      it "should accept the array when all commands return valid" do
-        input = %w{one two three}
-        expect(@test.provider).to receive(:validatecmd).exactly(input.length).times.and_return(true)
-        @test[param] = input
-        expect(@test[param]).to eq(input)
-      end
+        it "accepts the array when all commands return valid" do
+          input = %w{one two three}
+          allow(resource.provider).to receive(:validatecmd).exactly(input.length).times.and_return(true)
+          resource[param] = input
+          expect(resource[param]).to eq(input)
+        end
 
-      it "should reject the array when any commands return invalid" do
-        input = %w{one two three}
-        expect(@test.provider).to receive(:validatecmd).with(input.first).and_return(false)
-        input[1..-1].each do |cmd|
-          expect(@test.provider).to receive(:validatecmd).with(cmd).and_return(true)
+        it "rejects the array when any commands return invalid" do
+          input = %w{one two three}
+          allow(resource.provider).to receive(:validatecmd).with(input[0]).and_return(true)
+          allow(resource.provider).to receive(:validatecmd).with(input[1]).and_raise(Puppet::Error)
+
+          expect { resource[param] = input }.to raise_error(Puppet::ResourceError, /Parameter #{param} failed/)
         end
-        @test[param] = input
-        expect(@test[param]).to eq(input)
-      end
 
-      it "should reject the array when all commands return invalid" do
-        input = %w{one two three}
-        expect(@test.provider).to receive(:validatecmd).exactly(input.length).times.and_return(false)
-        @test[param] = input
-        expect(@test[param]).to eq(input)
+        it "stops at the first invalid command" do
+          input = %w{one two three}
+          allow(resource.provider).to receive(:validatecmd).with(input[0]).and_raise(Puppet::Error)
+
+          expect(resource.provider).not_to receive(:validatecmd).with(input[1])
+          expect(resource.provider).not_to receive(:validatecmd).with(input[2])
+          expect { resource[param] = input }.to raise_error(Puppet::ResourceError, /Parameter #{param} failed/)
+        end
       end
     end
   end
 
   describe "when setting command" do
     subject { described_class.new(:name => @command) }
-    it "fails when passed an Array" do
-      expect { subject[:command] = [] }.to raise_error Puppet::Error, /Command must be a String/
-    end
-
     it "fails when passed a Hash" do
-      expect { subject[:command] = {} }.to raise_error Puppet::Error, /Command must be a String/
+      expect { subject[:command] = {} }.to raise_error Puppet::Error, /Command must be a String or Array<String>/
     end
   end
 
@@ -759,6 +777,35 @@ RSpec.describe Puppet::Type.type(:exec) do
           end
         end
 
+        context 'with an array of arrays with multiple items' do
+          before do
+            [true, false].each do |check|
+              allow(@test.provider).to receive(:run).with([@pass, '--flag'], check).
+                and_return(['test output', @pass_status])
+              allow(@test.provider).to receive(:run).with([@fail, '--flag'], check).
+                and_return(['test output', @fail_status])
+              allow(@test.provider).to receive(:run).with([@pass], check).
+                and_return(['test output', @pass_status])
+              allow(@test.provider).to receive(:run).with([@fail], check).
+                and_return(['test output', @fail_status])
+            end
+          end
+          it "runs if all the commands exits non-zero" do
+            @test[param] = [[@fail, '--flag'], [@fail], [@fail, '--flag']]
+            expect(@test.check_all_attributes).to eq(true)
+          end
+
+          it "does not run if one command exits zero" do
+            @test[param] = [[@pass, '--flag'], [@pass], [@fail, '--flag']]
+            expect(@test.check_all_attributes).to eq(false)
+          end
+
+          it "does not run if all command exits zero" do
+            @test[param] = [[@pass, '--flag'], [@pass], [@pass, '--flag']]
+            expect(@test.check_all_attributes).to eq(false)
+          end
+        end
+
         it "should emit output to debug" do
           Puppet::Util::Log.level = :debug
           @test[param] = @fail