puppet 6.21.0-x64-mingw32 → 6.24.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (217) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +5 -5
  3. data/Gemfile +1 -1
  4. data/Gemfile.lock +29 -23
  5. data/README.md +4 -4
  6. data/ext/osx/puppet.plist +2 -0
  7. data/ext/project_data.yaml +3 -2
  8. data/lib/puppet.rb +3 -3
  9. data/lib/puppet/application/agent.rb +12 -5
  10. data/lib/puppet/application/apply.rb +2 -1
  11. data/lib/puppet/application/device.rb +2 -1
  12. data/lib/puppet/application/filebucket.rb +1 -0
  13. data/lib/puppet/application/resource.rb +17 -3
  14. data/lib/puppet/application/script.rb +2 -1
  15. data/lib/puppet/application/ssl.rb +12 -0
  16. data/lib/puppet/configurer/downloader.rb +2 -1
  17. data/lib/puppet/defaults.rb +27 -5
  18. data/lib/puppet/environments.rb +26 -1
  19. data/lib/puppet/face/facts.rb +128 -30
  20. data/lib/puppet/face/help/action.erb +1 -0
  21. data/lib/puppet/face/help/face.erb +1 -0
  22. data/lib/puppet/face/node/clean.rb +11 -0
  23. data/lib/puppet/file_serving/fileset.rb +14 -2
  24. data/lib/puppet/file_system/file_impl.rb +1 -1
  25. data/lib/puppet/file_system/memory_file.rb +8 -1
  26. data/lib/puppet/file_system/windows.rb +4 -2
  27. data/lib/puppet/forge.rb +3 -3
  28. data/lib/puppet/functions/all.rb +1 -1
  29. data/lib/puppet/functions/camelcase.rb +1 -1
  30. data/lib/puppet/functions/capitalize.rb +2 -2
  31. data/lib/puppet/functions/downcase.rb +2 -2
  32. data/lib/puppet/functions/empty.rb +8 -0
  33. data/lib/puppet/functions/get.rb +5 -5
  34. data/lib/puppet/functions/group_by.rb +13 -5
  35. data/lib/puppet/functions/lest.rb +1 -1
  36. data/lib/puppet/functions/new.rb +100 -100
  37. data/lib/puppet/functions/partition.rb +12 -4
  38. data/lib/puppet/functions/require.rb +5 -5
  39. data/lib/puppet/functions/sort.rb +3 -3
  40. data/lib/puppet/functions/strftime.rb +1 -0
  41. data/lib/puppet/functions/tree_each.rb +7 -9
  42. data/lib/puppet/functions/type.rb +4 -4
  43. data/lib/puppet/functions/unwrap.rb +17 -2
  44. data/lib/puppet/functions/upcase.rb +2 -2
  45. data/lib/puppet/http/resolver/server_list.rb +15 -4
  46. data/lib/puppet/http/service/compiler.rb +69 -0
  47. data/lib/puppet/http/service/file_server.rb +2 -1
  48. data/lib/puppet/indirector/catalog/compiler.rb +1 -0
  49. data/lib/puppet/indirector/facts/facter.rb +24 -3
  50. data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
  51. data/lib/puppet/indirector/resource/ral.rb +6 -1
  52. data/lib/puppet/interface/documentation.rb +1 -0
  53. data/lib/puppet/module_tool/applications/installer.rb +4 -0
  54. data/lib/puppet/module_tool/errors/shared.rb +17 -0
  55. data/lib/puppet/network/formats.rb +67 -0
  56. data/lib/puppet/network/http/factory.rb +4 -0
  57. data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
  58. data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
  59. data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
  60. data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
  61. data/lib/puppet/provider/exec/posix.rb +16 -4
  62. data/lib/puppet/provider/package/dnfmodule.rb +1 -1
  63. data/lib/puppet/provider/package/nim.rb +11 -6
  64. data/lib/puppet/provider/package/pip.rb +15 -3
  65. data/lib/puppet/provider/parsedfile.rb +3 -0
  66. data/lib/puppet/provider/service/systemd.rb +14 -4
  67. data/lib/puppet/provider/service/windows.rb +38 -0
  68. data/lib/puppet/provider/user/directoryservice.rb +25 -12
  69. data/lib/puppet/provider/user/useradd.rb +9 -2
  70. data/lib/puppet/reference/configuration.rb +1 -1
  71. data/lib/puppet/settings.rb +30 -7
  72. data/lib/puppet/settings/environment_conf.rb +1 -0
  73. data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
  74. data/lib/puppet/type/exec.rb +16 -3
  75. data/lib/puppet/type/file.rb +19 -1
  76. data/lib/puppet/type/file/mode.rb +6 -0
  77. data/lib/puppet/type/file/selcontext.rb +1 -1
  78. data/lib/puppet/type/service.rb +18 -38
  79. data/lib/puppet/type/tidy.rb +22 -3
  80. data/lib/puppet/type/user.rb +38 -20
  81. data/lib/puppet/util/fact_dif.rb +36 -17
  82. data/lib/puppet/util/monkey_patches.rb +7 -0
  83. data/lib/puppet/util/selinux.rb +30 -4
  84. data/lib/puppet/util/symbolic_file_mode.rb +29 -17
  85. data/lib/puppet/util/windows/adsi.rb +46 -0
  86. data/lib/puppet/util/windows/api_types.rb +1 -1
  87. data/lib/puppet/util/windows/principal.rb +9 -2
  88. data/lib/puppet/util/windows/sid.rb +6 -2
  89. data/lib/puppet/version.rb +1 -1
  90. data/locales/puppet.pot +360 -280
  91. data/man/man5/puppet.conf.5 +279 -251
  92. data/man/man8/puppet-agent.8 +1 -1
  93. data/man/man8/puppet-apply.8 +1 -1
  94. data/man/man8/puppet-catalog.8 +9 -9
  95. data/man/man8/puppet-config.8 +1 -1
  96. data/man/man8/puppet-describe.8 +1 -1
  97. data/man/man8/puppet-device.8 +1 -1
  98. data/man/man8/puppet-doc.8 +1 -1
  99. data/man/man8/puppet-epp.8 +1 -1
  100. data/man/man8/puppet-facts.8 +65 -7
  101. data/man/man8/puppet-filebucket.8 +1 -1
  102. data/man/man8/puppet-generate.8 +1 -1
  103. data/man/man8/puppet-help.8 +1 -1
  104. data/man/man8/puppet-key.8 +7 -7
  105. data/man/man8/puppet-lookup.8 +1 -1
  106. data/man/man8/puppet-man.8 +1 -1
  107. data/man/man8/puppet-module.8 +1 -1
  108. data/man/man8/puppet-node.8 +5 -5
  109. data/man/man8/puppet-parser.8 +1 -1
  110. data/man/man8/puppet-plugin.8 +1 -1
  111. data/man/man8/puppet-report.8 +5 -5
  112. data/man/man8/puppet-resource.8 +1 -1
  113. data/man/man8/puppet-script.8 +1 -1
  114. data/man/man8/puppet-ssl.8 +5 -1
  115. data/man/man8/puppet-status.8 +4 -4
  116. data/man/man8/puppet.8 +2 -2
  117. data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
  118. data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
  119. data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
  120. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
  121. data/spec/fixtures/ssl/ca.pem +57 -35
  122. data/spec/fixtures/ssl/crl.pem +28 -18
  123. data/spec/fixtures/ssl/ec-key.pem +11 -11
  124. data/spec/fixtures/ssl/ec.pem +33 -24
  125. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  126. data/spec/fixtures/ssl/encrypted-key.pem +108 -58
  127. data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
  128. data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
  129. data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
  130. data/spec/fixtures/ssl/intermediate.pem +57 -36
  131. data/spec/fixtures/ssl/oid-key.pem +117 -0
  132. data/spec/fixtures/ssl/oid.pem +69 -0
  133. data/spec/fixtures/ssl/pluto-key.pem +107 -57
  134. data/spec/fixtures/ssl/pluto.pem +52 -30
  135. data/spec/fixtures/ssl/request-key.pem +107 -57
  136. data/spec/fixtures/ssl/request.pem +47 -26
  137. data/spec/fixtures/ssl/revoked-key.pem +107 -57
  138. data/spec/fixtures/ssl/revoked.pem +52 -30
  139. data/spec/fixtures/ssl/signed-key.pem +107 -57
  140. data/spec/fixtures/ssl/signed.pem +52 -30
  141. data/spec/fixtures/ssl/tampered-cert.pem +52 -30
  142. data/spec/fixtures/ssl/tampered-csr.pem +47 -26
  143. data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
  144. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
  145. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
  146. data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
  147. data/spec/fixtures/ssl/unknown-ca.pem +55 -33
  148. data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
  149. data/spec/integration/application/filebucket_spec.rb +11 -0
  150. data/spec/integration/application/module_spec.rb +21 -0
  151. data/spec/integration/application/plugin_spec.rb +1 -1
  152. data/spec/integration/application/resource_spec.rb +64 -0
  153. data/spec/integration/application/ssl_spec.rb +20 -0
  154. data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
  155. data/spec/integration/http/client_spec.rb +12 -0
  156. data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
  157. data/spec/integration/indirector/facts/facter_spec.rb +90 -36
  158. data/spec/integration/type/exec_spec.rb +70 -45
  159. data/spec/integration/util/windows/adsi_spec.rb +18 -0
  160. data/spec/integration/util/windows/principal_spec.rb +21 -0
  161. data/spec/integration/util/windows/registry_spec.rb +6 -0
  162. data/spec/lib/puppet/test_ca.rb +7 -2
  163. data/spec/lib/puppet_spec/settings.rb +1 -0
  164. data/spec/spec_helper.rb +11 -1
  165. data/spec/unit/application/agent_spec.rb +7 -2
  166. data/spec/unit/application/facts_spec.rb +482 -3
  167. data/spec/unit/application/ssl_spec.rb +23 -0
  168. data/spec/unit/configurer/downloader_spec.rb +6 -0
  169. data/spec/unit/configurer_spec.rb +23 -0
  170. data/spec/unit/defaults_spec.rb +16 -0
  171. data/spec/unit/environments_spec.rb +199 -88
  172. data/spec/unit/face/facts_spec.rb +4 -0
  173. data/spec/unit/file_serving/fileset_spec.rb +60 -0
  174. data/spec/unit/file_system_spec.rb +15 -0
  175. data/spec/unit/functions/assert_type_spec.rb +1 -1
  176. data/spec/unit/functions/empty_spec.rb +10 -0
  177. data/spec/unit/functions/unwrap_spec.rb +8 -0
  178. data/spec/unit/functions4_spec.rb +2 -2
  179. data/spec/unit/gettext/config_spec.rb +12 -0
  180. data/spec/unit/http/service/compiler_spec.rb +123 -0
  181. data/spec/unit/indirector/catalog/compiler_spec.rb +14 -10
  182. data/spec/unit/indirector/facts/facter_spec.rb +95 -0
  183. data/spec/unit/indirector/resource/ral_spec.rb +40 -75
  184. data/spec/unit/module_tool/applications/installer_spec.rb +12 -0
  185. data/spec/unit/network/formats_spec.rb +41 -0
  186. data/spec/unit/network/http/factory_spec.rb +19 -0
  187. data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
  188. data/spec/unit/parser/templatewrapper_spec.rb +12 -2
  189. data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
  190. data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
  191. data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
  192. data/spec/unit/provider/package/nim_spec.rb +42 -0
  193. data/spec/unit/provider/package/pip_spec.rb +37 -0
  194. data/spec/unit/provider/parsedfile_spec.rb +10 -0
  195. data/spec/unit/provider/service/init_spec.rb +1 -0
  196. data/spec/unit/provider/service/openwrt_spec.rb +3 -1
  197. data/spec/unit/provider/service/systemd_spec.rb +53 -8
  198. data/spec/unit/provider/service/windows_spec.rb +202 -0
  199. data/spec/unit/provider/user/directoryservice_spec.rb +67 -35
  200. data/spec/unit/provider/user/useradd_spec.rb +21 -6
  201. data/spec/unit/resource/catalog_spec.rb +1 -1
  202. data/spec/unit/settings_spec.rb +97 -56
  203. data/spec/unit/ssl/state_machine_spec.rb +19 -5
  204. data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
  205. data/spec/unit/transaction_spec.rb +18 -20
  206. data/spec/unit/type/exec_spec.rb +76 -29
  207. data/spec/unit/type/file/selinux_spec.rb +3 -3
  208. data/spec/unit/type/file/source_spec.rb +4 -4
  209. data/spec/unit/type/service_spec.rb +59 -188
  210. data/spec/unit/type/tidy_spec.rb +24 -7
  211. data/spec/unit/type/user_spec.rb +45 -0
  212. data/spec/unit/util/selinux_spec.rb +87 -16
  213. data/spec/unit/util/windows/sid_spec.rb +41 -0
  214. data/tasks/generate_cert_fixtures.rake +12 -3
  215. metadata +24 -9
  216. data/spec/lib/matchers/include.rb +0 -27
  217. data/spec/lib/matchers/include_spec.rb +0 -32
@@ -3,26 +3,29 @@ require 'spec_helper'
3
3
  require 'pathname'
4
4
  require 'puppet/util/selinux'
5
5
 
6
- unless defined?(Selinux)
7
- module Selinux
8
- def self.is_selinux_enabled
9
- false
10
- end
11
- end
12
- end
13
-
14
6
  describe Puppet::Util::SELinux do
15
7
  include Puppet::Util::SELinux
16
8
 
9
+ let(:selinux) { double('selinux', is_selinux_enabled: false) }
10
+
11
+ before :each do
12
+ stub_const('Selinux', selinux)
13
+ end
14
+
17
15
  describe "selinux_support?" do
18
- it "should return :true if this system has SELinux enabled" do
16
+ it "should return true if this system has SELinux enabled" do
19
17
  expect(Selinux).to receive(:is_selinux_enabled).and_return(1)
20
- expect(selinux_support?).to be_truthy
18
+ expect(selinux_support?).to eq(true)
21
19
  end
22
20
 
23
- it "should return :false if this system lacks SELinux" do
21
+ it "should return false if this system has SELinux disabled" do
24
22
  expect(Selinux).to receive(:is_selinux_enabled).and_return(0)
25
- expect(selinux_support?).to be_falsey
23
+ expect(selinux_support?).to eq(false)
24
+ end
25
+
26
+ it "should return false if this system lacks SELinux" do
27
+ hide_const('Selinux')
28
+ expect(selinux_support?).to eq(false)
26
29
  end
27
30
 
28
31
  it "should return nil if /proc/mounts does not exist" do
@@ -156,7 +159,7 @@ describe Puppet::Util::SELinux do
156
159
  end
157
160
  end
158
161
 
159
- it "handles no such file or directory errors by issuing a warning" do
162
+ it "backward compatibly handles no such file or directory errors by issuing a warning when resource_ensure not set" do
160
163
  without_partial_double_verification do
161
164
  allow(self).to receive(:selinux_support?).and_return(true)
162
165
  allow(self).to receive(:selinux_label_support?).and_return(true)
@@ -167,6 +170,51 @@ describe Puppet::Util::SELinux do
167
170
  end
168
171
  end
169
172
 
173
+ it "should determine mode based on resource ensure when set to file" do
174
+ without_partial_double_verification do
175
+ allow(self).to receive(:selinux_support?).and_return(true)
176
+ allow(self).to receive(:selinux_label_support?).and_return(true)
177
+ allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 32768).and_return(-1)
178
+ allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
179
+
180
+ expect(get_selinux_default_context("/root/chuj", :present)).to be_nil
181
+ expect(get_selinux_default_context("/root/chuj", :file)).to be_nil
182
+ end
183
+ end
184
+
185
+ it "should determine mode based on resource ensure when set to dir" do
186
+ without_partial_double_verification do
187
+ allow(self).to receive(:selinux_support?).and_return(true)
188
+ allow(self).to receive(:selinux_label_support?).and_return(true)
189
+ allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 16384).and_return(-1)
190
+ allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
191
+
192
+ expect(get_selinux_default_context("/root/chuj", :directory)).to be_nil
193
+ end
194
+ end
195
+
196
+ it "should determine mode based on resource ensure when set to link" do
197
+ without_partial_double_verification do
198
+ allow(self).to receive(:selinux_support?).and_return(true)
199
+ allow(self).to receive(:selinux_label_support?).and_return(true)
200
+ allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 40960).and_return(-1)
201
+ allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
202
+
203
+ expect(get_selinux_default_context("/root/chuj", :link)).to be_nil
204
+ end
205
+ end
206
+
207
+ it "should determine mode based on resource ensure when set to unknown" do
208
+ without_partial_double_verification do
209
+ allow(self).to receive(:selinux_support?).and_return(true)
210
+ allow(self).to receive(:selinux_label_support?).and_return(true)
211
+ allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
212
+ allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
213
+
214
+ expect(get_selinux_default_context("/root/chuj", "unknown")).to be_nil
215
+ end
216
+ end
217
+
170
218
  it "should return nil if matchpathcon returns failure" do
171
219
  without_partial_double_verification do
172
220
  expect(self).to receive(:selinux_support?).and_return(true)
@@ -326,21 +374,44 @@ describe Puppet::Util::SELinux do
326
374
  end
327
375
 
328
376
  it "should return nil if no default context exists" do
329
- expect(self).to receive(:get_selinux_default_context).with("/foo").and_return(nil)
377
+ expect(self).to receive(:get_selinux_default_context).with("/foo", nil).and_return(nil)
330
378
  expect(set_selinux_default_context("/foo")).to be_nil
331
379
  end
332
380
 
333
381
  it "should do nothing and return nil if the current context matches the default context" do
334
- expect(self).to receive(:get_selinux_default_context).with("/foo").and_return("user_u:role_r:type_t")
382
+ expect(self).to receive(:get_selinux_default_context).with("/foo", nil).and_return("user_u:role_r:type_t")
335
383
  expect(self).to receive(:get_selinux_current_context).with("/foo").and_return("user_u:role_r:type_t")
336
384
  expect(set_selinux_default_context("/foo")).to be_nil
337
385
  end
338
386
 
339
387
  it "should set and return the default context if current and default do not match" do
340
- expect(self).to receive(:get_selinux_default_context).with("/foo").and_return("user_u:role_r:type_t")
388
+ expect(self).to receive(:get_selinux_default_context).with("/foo", nil).and_return("user_u:role_r:type_t")
341
389
  expect(self).to receive(:get_selinux_current_context).with("/foo").and_return("olduser_u:role_r:type_t")
342
390
  expect(self).to receive(:set_selinux_context).with("/foo", "user_u:role_r:type_t").and_return(true)
343
391
  expect(set_selinux_default_context("/foo")).to eq("user_u:role_r:type_t")
344
392
  end
345
393
  end
394
+
395
+ describe "get_create_mode" do
396
+ it "should return 0 if the resource is absent" do
397
+ expect(get_create_mode(:absent)).to eq(0)
398
+ end
399
+
400
+ it "should return mode with file type set to S_IFREG when resource is file" do
401
+ expect(get_create_mode(:present)).to eq(32768)
402
+ expect(get_create_mode(:file)).to eq(32768)
403
+ end
404
+
405
+ it "should return mode with file type set to S_IFDIR when resource is dir" do
406
+ expect(get_create_mode(:directory)).to eq(16384)
407
+ end
408
+
409
+ it "should return mode with file type set to S_IFLNK when resource is link" do
410
+ expect(get_create_mode(:link)).to eq(40960)
411
+ end
412
+
413
+ it "should return 0 for everything else" do
414
+ expect(get_create_mode("unknown")).to eq(0)
415
+ end
416
+ end
346
417
  end
@@ -131,33 +131,74 @@ describe "Puppet::Util::Windows::SID", :if => Puppet::Util::Platform.windows? do
131
131
  expect(subject.name_to_principal(unknown_name)).to be_nil
132
132
  end
133
133
 
134
+ it "should print a debug message if the account does not exist" do
135
+ expect(Puppet).to receive(:debug).with(/No mapping between account names and security IDs was done/)
136
+ subject.name_to_principal(unknown_name)
137
+ end
138
+
134
139
  it "should return a Puppet::Util::Windows::SID::Principal instance for any valid sid" do
135
140
  expect(subject.name_to_principal(sid)).to be_an_instance_of(Puppet::Util::Windows::SID::Principal)
136
141
  end
137
142
 
143
+ it "should not print debug messages for valid sid" do
144
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
145
+ expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
146
+ subject.name_to_principal(sid)
147
+ end
148
+
149
+ it "should print a debug message for invalid sid" do
150
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
151
+ expect(Puppet).to receive(:debug).with(/No mapping between account names and security IDs was done/)
152
+ subject.name_to_principal('S-1-5-21-INVALID-SID')
153
+ end
154
+
138
155
  it "should accept unqualified account name" do
139
156
  # NOTE: lookup by name works in localized environments only for a few instances
140
157
  # this works in French Windows, even though the account is really Syst\u00E8me
141
158
  expect(subject.name_to_principal('SYSTEM').sid).to eq(sid)
142
159
  end
143
160
 
161
+ it "should not print debug messages for unqualified account name" do
162
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
163
+ expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
164
+ subject.name_to_principal('SYSTEM')
165
+ end
166
+
144
167
  it "should be case-insensitive" do
145
168
  # NOTE: lookup by name works in localized environments only for a few instances
146
169
  # this works in French Windows, even though the account is really Syst\u00E8me
147
170
  expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal('system'))
148
171
  end
149
172
 
173
+ it "should not print debug messages for wrongly cased account name" do
174
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
175
+ expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
176
+ subject.name_to_principal('system')
177
+ end
178
+
150
179
  it "should be leading and trailing whitespace-insensitive" do
151
180
  # NOTE: lookup by name works in localized environments only for a few instances
152
181
  # this works in French Windows, even though the account is really Syst\u00E8me
153
182
  expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal(' SYSTEM '))
154
183
  end
155
184
 
185
+ it "should not print debug messages for account name with leading and trailing whitespace" do
186
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
187
+ expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
188
+ subject.name_to_principal(' SYSTEM ')
189
+ end
190
+
156
191
  it "should accept domain qualified account names" do
157
192
  # NOTE: lookup by name works in localized environments only for a few instances
158
193
  # this works in French Windows, even though the account is really AUTORITE NT\\Syst\u00E8me
159
194
  expect(subject.name_to_principal('NT AUTHORITY\SYSTEM').sid).to eq(sid)
160
195
  end
196
+
197
+ it "should not print debug messages for domain qualified account names" do
198
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
199
+ expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
200
+ subject.name_to_principal('NT AUTHORITY\SYSTEM')
201
+ end
161
202
  end
162
203
 
163
204
  context "#ads_to_principal" do
@@ -40,6 +40,7 @@ task(:gen_cert_fixtures) do
40
40
  # 127.0.0.1.pem | +- /CN=127.0.0.1 (with dns alt names)
41
41
  # tampered-cert.pem | +- /CN=signed (with different public key)
42
42
  # ec.pem | +- /CN=ec (with EC private key)
43
+ # oid.pem | +- /CN=oid (with custom oid)
43
44
  # |
44
45
  # + /CN=Test CA Agent Subauthority
45
46
  # | |
@@ -49,7 +50,7 @@ task(:gen_cert_fixtures) do
49
50
  #
50
51
  # bad-basic-constraints.pem /CN=Test CA (bad isCA constraint)
51
52
  #
52
- # unknown-ca.pemm /CN=Unknown CA
53
+ # unknown-ca.pem /CN=Unknown CA
53
54
  # |
54
55
  # unknown-127.0.0.1.pem +- /CN=127.0.0.1
55
56
  #
@@ -103,6 +104,14 @@ task(:gen_cert_fixtures) do
103
104
  save(dir, '127.0.0.1.pem', signed[:cert])
104
105
  save(dir, '127.0.0.1-key.pem', signed[:private_key])
105
106
 
107
+ # Create an SSL cert with extensions containing custom oids
108
+ extensions = [
109
+ ['1.3.6.1.4.1.34380.1.2.1.1', OpenSSL::ASN1::UTF8String.new('somevalue'), false],
110
+ ]
111
+ oid = ca.create_cert('oid', inter[:cert], inter[:private_key], extensions: extensions)
112
+ save(dir, 'oid.pem', oid[:cert])
113
+ save(dir, 'oid-key.pem', oid[:private_key])
114
+
106
115
  # Create a leaf/entity key and cert for host "revoked", issued by "Test CA Subauthority"
107
116
  # and revoke the cert
108
117
  revoked = ca.create_cert('revoked', inter[:cert], inter[:private_key])
@@ -173,12 +182,12 @@ task(:gen_cert_fixtures) do
173
182
 
174
183
  # Create a request, but replace its public key after it's signed
175
184
  tampered_csr = ca.create_request('signed')[:csr]
176
- tampered_csr.public_key = OpenSSL::PKey::RSA.new(1024).public_key
185
+ tampered_csr.public_key = OpenSSL::PKey::RSA.new(2048).public_key
177
186
  save(dir, 'tampered-csr.pem', tampered_csr)
178
187
 
179
188
  # Create a cert issued from the real intermediate CA, but replace its
180
189
  # public key
181
190
  tampered_cert = ca.create_cert('signed', inter[:cert], inter[:private_key])[:cert]
182
- tampered_cert.public_key = OpenSSL::PKey::RSA.new(1024).public_key
191
+ tampered_cert.public_key = OpenSSL::PKey::RSA.new(2048).public_key
183
192
  save(dir, 'tampered-cert.pem', tampered_cert)
184
193
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puppet
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.21.0
4
+ version: 6.24.0
5
5
  platform: x64-mingw32
6
6
  authors:
7
7
  - Puppet Labs
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-05 00:00:00.000000000 Z
11
+ date: 2021-07-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: facter
@@ -186,16 +186,22 @@ dependencies:
186
186
  name: win32-dir
187
187
  requirement: !ruby/object:Gem::Requirement
188
188
  requirements:
189
- - - '='
189
+ - - ">="
190
190
  - !ruby/object:Gem::Version
191
191
  version: 0.4.9
192
+ - - "<="
193
+ - !ruby/object:Gem::Version
194
+ version: 0.7.2
192
195
  type: :runtime
193
196
  prerelease: false
194
197
  version_requirements: !ruby/object:Gem::Requirement
195
198
  requirements:
196
- - - '='
199
+ - - ">="
197
200
  - !ruby/object:Gem::Version
198
201
  version: 0.4.9
202
+ - - "<="
203
+ - !ruby/object:Gem::Version
204
+ version: 0.7.2
199
205
  - !ruby/object:Gem::Dependency
200
206
  name: win32-process
201
207
  requirement: !ruby/object:Gem::Requirement
@@ -1548,6 +1554,8 @@ files:
1548
1554
  - spec/fixtures/ssl/intermediate-crl.pem
1549
1555
  - spec/fixtures/ssl/intermediate.pem
1550
1556
  - spec/fixtures/ssl/netlock-arany-utf8.pem
1557
+ - spec/fixtures/ssl/oid-key.pem
1558
+ - spec/fixtures/ssl/oid.pem
1551
1559
  - spec/fixtures/ssl/pluto-key.pem
1552
1560
  - spec/fixtures/ssl/pluto.pem
1553
1561
  - spec/fixtures/ssl/request-key.pem
@@ -1558,6 +1566,7 @@ files:
1558
1566
  - spec/fixtures/ssl/signed.pem
1559
1567
  - spec/fixtures/ssl/tampered-cert.pem
1560
1568
  - spec/fixtures/ssl/tampered-csr.pem
1569
+ - spec/fixtures/ssl/trusted_oid_mapping.yaml
1561
1570
  - spec/fixtures/ssl/unknown-127.0.0.1-key.pem
1562
1571
  - spec/fixtures/ssl/unknown-127.0.0.1.pem
1563
1572
  - spec/fixtures/ssl/unknown-ca-key.pem
@@ -1877,6 +1886,7 @@ files:
1877
1886
  - spec/fixtures/unit/provider/service/smf/svcs_fmri.out
1878
1887
  - spec/fixtures/unit/provider/service/smf/svcs_multiple_fmris.out
1879
1888
  - spec/fixtures/unit/provider/service/systemd/list_unit_files_services
1889
+ - spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset
1880
1890
  - spec/fixtures/unit/provider/user/aix/aix_passwd_file.out
1881
1891
  - spec/fixtures/unit/reports/tagmail/tagmail_email.conf
1882
1892
  - spec/fixtures/unit/reports/tagmail/tagmail_failers.conf
@@ -1906,6 +1916,8 @@ files:
1906
1916
  - spec/integration/application/lookup_spec.rb
1907
1917
  - spec/integration/application/module_spec.rb
1908
1918
  - spec/integration/application/plugin_spec.rb
1919
+ - spec/integration/application/resource_spec.rb
1920
+ - spec/integration/application/ssl_spec.rb
1909
1921
  - spec/integration/configurer_spec.rb
1910
1922
  - spec/integration/data_binding_spec.rb
1911
1923
  - spec/integration/defaults_spec.rb
@@ -1965,10 +1977,8 @@ files:
1965
1977
  - spec/integration/util/windows/user_spec.rb
1966
1978
  - spec/integration/util_spec.rb
1967
1979
  - spec/lib/matchers/containment_matchers.rb
1968
- - spec/lib/matchers/include.rb
1969
1980
  - spec/lib/matchers/include_in_order.rb
1970
1981
  - spec/lib/matchers/include_in_order_spec.rb
1971
- - spec/lib/matchers/include_spec.rb
1972
1982
  - spec/lib/matchers/json.rb
1973
1983
  - spec/lib/matchers/match_tokens2.rb
1974
1984
  - spec/lib/matchers/relationship_graph_matchers.rb
@@ -2741,7 +2751,8 @@ files:
2741
2751
  - tasks/parser.rake
2742
2752
  - tasks/yard.rake
2743
2753
  homepage: https://github.com/puppetlabs/puppet
2744
- licenses: []
2754
+ licenses:
2755
+ - Apache-2.0
2745
2756
  metadata: {}
2746
2757
  post_install_message:
2747
2758
  rdoc_options:
@@ -2818,6 +2829,8 @@ test_files:
2818
2829
  - spec/fixtures/ssl/intermediate-crl.pem
2819
2830
  - spec/fixtures/ssl/intermediate.pem
2820
2831
  - spec/fixtures/ssl/netlock-arany-utf8.pem
2832
+ - spec/fixtures/ssl/oid-key.pem
2833
+ - spec/fixtures/ssl/oid.pem
2821
2834
  - spec/fixtures/ssl/pluto-key.pem
2822
2835
  - spec/fixtures/ssl/pluto.pem
2823
2836
  - spec/fixtures/ssl/request-key.pem
@@ -2828,6 +2841,7 @@ test_files:
2828
2841
  - spec/fixtures/ssl/signed.pem
2829
2842
  - spec/fixtures/ssl/tampered-cert.pem
2830
2843
  - spec/fixtures/ssl/tampered-csr.pem
2844
+ - spec/fixtures/ssl/trusted_oid_mapping.yaml
2831
2845
  - spec/fixtures/ssl/unknown-127.0.0.1-key.pem
2832
2846
  - spec/fixtures/ssl/unknown-127.0.0.1.pem
2833
2847
  - spec/fixtures/ssl/unknown-ca-key.pem
@@ -3147,6 +3161,7 @@ test_files:
3147
3161
  - spec/fixtures/unit/provider/service/smf/svcs_fmri.out
3148
3162
  - spec/fixtures/unit/provider/service/smf/svcs_multiple_fmris.out
3149
3163
  - spec/fixtures/unit/provider/service/systemd/list_unit_files_services
3164
+ - spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset
3150
3165
  - spec/fixtures/unit/provider/user/aix/aix_passwd_file.out
3151
3166
  - spec/fixtures/unit/reports/tagmail/tagmail_email.conf
3152
3167
  - spec/fixtures/unit/reports/tagmail/tagmail_failers.conf
@@ -3176,6 +3191,8 @@ test_files:
3176
3191
  - spec/integration/application/lookup_spec.rb
3177
3192
  - spec/integration/application/module_spec.rb
3178
3193
  - spec/integration/application/plugin_spec.rb
3194
+ - spec/integration/application/resource_spec.rb
3195
+ - spec/integration/application/ssl_spec.rb
3179
3196
  - spec/integration/configurer_spec.rb
3180
3197
  - spec/integration/data_binding_spec.rb
3181
3198
  - spec/integration/defaults_spec.rb
@@ -3235,10 +3252,8 @@ test_files:
3235
3252
  - spec/integration/util/windows/user_spec.rb
3236
3253
  - spec/integration/util_spec.rb
3237
3254
  - spec/lib/matchers/containment_matchers.rb
3238
- - spec/lib/matchers/include.rb
3239
3255
  - spec/lib/matchers/include_in_order.rb
3240
3256
  - spec/lib/matchers/include_in_order_spec.rb
3241
- - spec/lib/matchers/include_spec.rb
3242
3257
  - spec/lib/matchers/json.rb
3243
3258
  - spec/lib/matchers/match_tokens2.rb
3244
3259
  - spec/lib/matchers/relationship_graph_matchers.rb
@@ -1,27 +0,0 @@
1
- module Matchers; module Include
2
- extend RSpec::Matchers::DSL
3
-
4
- matcher :include_in_any_order do |*matchers|
5
- match do |enumerable|
6
- @not_matched = []
7
- expected_as_array.each do |matcher|
8
- if enumerable.empty?
9
- break
10
- end
11
-
12
- if found = enumerable.find { |elem| matcher.matches?(elem) }
13
- enumerable = enumerable.reject { |elem| elem == found }
14
- else
15
- @not_matched << matcher
16
- end
17
- end
18
-
19
-
20
- @not_matched.empty? && enumerable.empty?
21
- end
22
-
23
- failure_message do |enumerable|
24
- "did not match #{@not_matched.collect(&:description).join(', ')} in #{enumerable.inspect}: <#{@not_matched.collect(&:failure_message).join('>, <')}>"
25
- end
26
- end
27
- end; end
@@ -1,32 +0,0 @@
1
- require 'spec_helper'
2
- require 'matchers/include'
3
-
4
- describe "include matchers" do
5
- include Matchers::Include
6
-
7
- context :include_in_any_order do
8
- it "matches an empty list" do
9
- expect([]).to include_in_any_order()
10
- end
11
-
12
- it "matches a list with a single element" do
13
- expect([1]).to include_in_any_order(eq(1))
14
- end
15
-
16
- it "does not match when an expected element is missing" do
17
- expect([1]).to_not include_in_any_order(eq(2))
18
- end
19
-
20
- it "matches a list with 2 elements in a different order from the expectation" do
21
- expect([1, 2]).to include_in_any_order(eq(2), eq(1))
22
- end
23
-
24
- it "does not match when there are more than just the expected elements" do
25
- expect([1, 2]).to_not include_in_any_order(eq(1))
26
- end
27
-
28
- it "matches multiple, equal elements when there are multiple, equal exepectations" do
29
- expect([1, 1]).to include_in_any_order(eq(1), eq(1))
30
- end
31
- end
32
- end