puppet 6.21.0-x64-mingw32 → 6.24.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +5 -5
- data/Gemfile +1 -1
- data/Gemfile.lock +29 -23
- data/README.md +4 -4
- data/ext/osx/puppet.plist +2 -0
- data/ext/project_data.yaml +3 -2
- data/lib/puppet.rb +3 -3
- data/lib/puppet/application/agent.rb +12 -5
- data/lib/puppet/application/apply.rb +2 -1
- data/lib/puppet/application/device.rb +2 -1
- data/lib/puppet/application/filebucket.rb +1 -0
- data/lib/puppet/application/resource.rb +17 -3
- data/lib/puppet/application/script.rb +2 -1
- data/lib/puppet/application/ssl.rb +12 -0
- data/lib/puppet/configurer/downloader.rb +2 -1
- data/lib/puppet/defaults.rb +27 -5
- data/lib/puppet/environments.rb +26 -1
- data/lib/puppet/face/facts.rb +128 -30
- data/lib/puppet/face/help/action.erb +1 -0
- data/lib/puppet/face/help/face.erb +1 -0
- data/lib/puppet/face/node/clean.rb +11 -0
- data/lib/puppet/file_serving/fileset.rb +14 -2
- data/lib/puppet/file_system/file_impl.rb +1 -1
- data/lib/puppet/file_system/memory_file.rb +8 -1
- data/lib/puppet/file_system/windows.rb +4 -2
- data/lib/puppet/forge.rb +3 -3
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/empty.rb +8 -0
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +13 -5
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/partition.rb +12 -4
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/strftime.rb +1 -0
- data/lib/puppet/functions/tree_each.rb +7 -9
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/unwrap.rb +17 -2
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/http/resolver/server_list.rb +15 -4
- data/lib/puppet/http/service/compiler.rb +69 -0
- data/lib/puppet/http/service/file_server.rb +2 -1
- data/lib/puppet/indirector/catalog/compiler.rb +1 -0
- data/lib/puppet/indirector/facts/facter.rb +24 -3
- data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
- data/lib/puppet/indirector/resource/ral.rb +6 -1
- data/lib/puppet/interface/documentation.rb +1 -0
- data/lib/puppet/module_tool/applications/installer.rb +4 -0
- data/lib/puppet/module_tool/errors/shared.rb +17 -0
- data/lib/puppet/network/formats.rb +67 -0
- data/lib/puppet/network/http/factory.rb +4 -0
- data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
- data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
- data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/provider/exec/posix.rb +16 -4
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/package/nim.rb +11 -6
- data/lib/puppet/provider/package/pip.rb +15 -3
- data/lib/puppet/provider/parsedfile.rb +3 -0
- data/lib/puppet/provider/service/systemd.rb +14 -4
- data/lib/puppet/provider/service/windows.rb +38 -0
- data/lib/puppet/provider/user/directoryservice.rb +25 -12
- data/lib/puppet/provider/user/useradd.rb +9 -2
- data/lib/puppet/reference/configuration.rb +1 -1
- data/lib/puppet/settings.rb +30 -7
- data/lib/puppet/settings/environment_conf.rb +1 -0
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/type/exec.rb +16 -3
- data/lib/puppet/type/file.rb +19 -1
- data/lib/puppet/type/file/mode.rb +6 -0
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/service.rb +18 -38
- data/lib/puppet/type/tidy.rb +22 -3
- data/lib/puppet/type/user.rb +38 -20
- data/lib/puppet/util/fact_dif.rb +36 -17
- data/lib/puppet/util/monkey_patches.rb +7 -0
- data/lib/puppet/util/selinux.rb +30 -4
- data/lib/puppet/util/symbolic_file_mode.rb +29 -17
- data/lib/puppet/util/windows/adsi.rb +46 -0
- data/lib/puppet/util/windows/api_types.rb +1 -1
- data/lib/puppet/util/windows/principal.rb +9 -2
- data/lib/puppet/util/windows/sid.rb +6 -2
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +360 -280
- data/man/man5/puppet.conf.5 +279 -251
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +65 -7
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +7 -7
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +5 -1
- data/man/man8/puppet-status.8 +4 -4
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
- data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/ca.pem +57 -35
- data/spec/fixtures/ssl/crl.pem +28 -18
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +33 -24
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +108 -58
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
- data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
- data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
- data/spec/fixtures/ssl/intermediate.pem +57 -36
- data/spec/fixtures/ssl/oid-key.pem +117 -0
- data/spec/fixtures/ssl/oid.pem +69 -0
- data/spec/fixtures/ssl/pluto-key.pem +107 -57
- data/spec/fixtures/ssl/pluto.pem +52 -30
- data/spec/fixtures/ssl/request-key.pem +107 -57
- data/spec/fixtures/ssl/request.pem +47 -26
- data/spec/fixtures/ssl/revoked-key.pem +107 -57
- data/spec/fixtures/ssl/revoked.pem +52 -30
- data/spec/fixtures/ssl/signed-key.pem +107 -57
- data/spec/fixtures/ssl/signed.pem +52 -30
- data/spec/fixtures/ssl/tampered-cert.pem +52 -30
- data/spec/fixtures/ssl/tampered-csr.pem +47 -26
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
- data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-ca.pem +55 -33
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
- data/spec/integration/application/filebucket_spec.rb +11 -0
- data/spec/integration/application/module_spec.rb +21 -0
- data/spec/integration/application/plugin_spec.rb +1 -1
- data/spec/integration/application/resource_spec.rb +64 -0
- data/spec/integration/application/ssl_spec.rb +20 -0
- data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
- data/spec/integration/http/client_spec.rb +12 -0
- data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
- data/spec/integration/indirector/facts/facter_spec.rb +90 -36
- data/spec/integration/type/exec_spec.rb +70 -45
- data/spec/integration/util/windows/adsi_spec.rb +18 -0
- data/spec/integration/util/windows/principal_spec.rb +21 -0
- data/spec/integration/util/windows/registry_spec.rb +6 -0
- data/spec/lib/puppet/test_ca.rb +7 -2
- data/spec/lib/puppet_spec/settings.rb +1 -0
- data/spec/spec_helper.rb +11 -1
- data/spec/unit/application/agent_spec.rb +7 -2
- data/spec/unit/application/facts_spec.rb +482 -3
- data/spec/unit/application/ssl_spec.rb +23 -0
- data/spec/unit/configurer/downloader_spec.rb +6 -0
- data/spec/unit/configurer_spec.rb +23 -0
- data/spec/unit/defaults_spec.rb +16 -0
- data/spec/unit/environments_spec.rb +199 -88
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/file_serving/fileset_spec.rb +60 -0
- data/spec/unit/file_system_spec.rb +15 -0
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +10 -0
- data/spec/unit/functions/unwrap_spec.rb +8 -0
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/gettext/config_spec.rb +12 -0
- data/spec/unit/http/service/compiler_spec.rb +123 -0
- data/spec/unit/indirector/catalog/compiler_spec.rb +14 -10
- data/spec/unit/indirector/facts/facter_spec.rb +95 -0
- data/spec/unit/indirector/resource/ral_spec.rb +40 -75
- data/spec/unit/module_tool/applications/installer_spec.rb +12 -0
- data/spec/unit/network/formats_spec.rb +41 -0
- data/spec/unit/network/http/factory_spec.rb +19 -0
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
- data/spec/unit/parser/templatewrapper_spec.rb +12 -2
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
- data/spec/unit/provider/package/nim_spec.rb +42 -0
- data/spec/unit/provider/package/pip_spec.rb +37 -0
- data/spec/unit/provider/parsedfile_spec.rb +10 -0
- data/spec/unit/provider/service/init_spec.rb +1 -0
- data/spec/unit/provider/service/openwrt_spec.rb +3 -1
- data/spec/unit/provider/service/systemd_spec.rb +53 -8
- data/spec/unit/provider/service/windows_spec.rb +202 -0
- data/spec/unit/provider/user/directoryservice_spec.rb +67 -35
- data/spec/unit/provider/user/useradd_spec.rb +21 -6
- data/spec/unit/resource/catalog_spec.rb +1 -1
- data/spec/unit/settings_spec.rb +97 -56
- data/spec/unit/ssl/state_machine_spec.rb +19 -5
- data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
- data/spec/unit/transaction_spec.rb +18 -20
- data/spec/unit/type/exec_spec.rb +76 -29
- data/spec/unit/type/file/selinux_spec.rb +3 -3
- data/spec/unit/type/file/source_spec.rb +4 -4
- data/spec/unit/type/service_spec.rb +59 -188
- data/spec/unit/type/tidy_spec.rb +24 -7
- data/spec/unit/type/user_spec.rb +45 -0
- data/spec/unit/util/selinux_spec.rb +87 -16
- data/spec/unit/util/windows/sid_spec.rb +41 -0
- data/tasks/generate_cert_fixtures.rake +12 -3
- metadata +24 -9
- data/spec/lib/matchers/include.rb +0 -27
- data/spec/lib/matchers/include_spec.rb +0 -32
@@ -3,26 +3,29 @@ require 'spec_helper'
|
|
3
3
|
require 'pathname'
|
4
4
|
require 'puppet/util/selinux'
|
5
5
|
|
6
|
-
unless defined?(Selinux)
|
7
|
-
module Selinux
|
8
|
-
def self.is_selinux_enabled
|
9
|
-
false
|
10
|
-
end
|
11
|
-
end
|
12
|
-
end
|
13
|
-
|
14
6
|
describe Puppet::Util::SELinux do
|
15
7
|
include Puppet::Util::SELinux
|
16
8
|
|
9
|
+
let(:selinux) { double('selinux', is_selinux_enabled: false) }
|
10
|
+
|
11
|
+
before :each do
|
12
|
+
stub_const('Selinux', selinux)
|
13
|
+
end
|
14
|
+
|
17
15
|
describe "selinux_support?" do
|
18
|
-
it "should return
|
16
|
+
it "should return true if this system has SELinux enabled" do
|
19
17
|
expect(Selinux).to receive(:is_selinux_enabled).and_return(1)
|
20
|
-
expect(selinux_support?).to
|
18
|
+
expect(selinux_support?).to eq(true)
|
21
19
|
end
|
22
20
|
|
23
|
-
it "should return
|
21
|
+
it "should return false if this system has SELinux disabled" do
|
24
22
|
expect(Selinux).to receive(:is_selinux_enabled).and_return(0)
|
25
|
-
expect(selinux_support?).to
|
23
|
+
expect(selinux_support?).to eq(false)
|
24
|
+
end
|
25
|
+
|
26
|
+
it "should return false if this system lacks SELinux" do
|
27
|
+
hide_const('Selinux')
|
28
|
+
expect(selinux_support?).to eq(false)
|
26
29
|
end
|
27
30
|
|
28
31
|
it "should return nil if /proc/mounts does not exist" do
|
@@ -156,7 +159,7 @@ describe Puppet::Util::SELinux do
|
|
156
159
|
end
|
157
160
|
end
|
158
161
|
|
159
|
-
it "handles no such file or directory errors by issuing a warning" do
|
162
|
+
it "backward compatibly handles no such file or directory errors by issuing a warning when resource_ensure not set" do
|
160
163
|
without_partial_double_verification do
|
161
164
|
allow(self).to receive(:selinux_support?).and_return(true)
|
162
165
|
allow(self).to receive(:selinux_label_support?).and_return(true)
|
@@ -167,6 +170,51 @@ describe Puppet::Util::SELinux do
|
|
167
170
|
end
|
168
171
|
end
|
169
172
|
|
173
|
+
it "should determine mode based on resource ensure when set to file" do
|
174
|
+
without_partial_double_verification do
|
175
|
+
allow(self).to receive(:selinux_support?).and_return(true)
|
176
|
+
allow(self).to receive(:selinux_label_support?).and_return(true)
|
177
|
+
allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 32768).and_return(-1)
|
178
|
+
allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
|
179
|
+
|
180
|
+
expect(get_selinux_default_context("/root/chuj", :present)).to be_nil
|
181
|
+
expect(get_selinux_default_context("/root/chuj", :file)).to be_nil
|
182
|
+
end
|
183
|
+
end
|
184
|
+
|
185
|
+
it "should determine mode based on resource ensure when set to dir" do
|
186
|
+
without_partial_double_verification do
|
187
|
+
allow(self).to receive(:selinux_support?).and_return(true)
|
188
|
+
allow(self).to receive(:selinux_label_support?).and_return(true)
|
189
|
+
allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 16384).and_return(-1)
|
190
|
+
allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
|
191
|
+
|
192
|
+
expect(get_selinux_default_context("/root/chuj", :directory)).to be_nil
|
193
|
+
end
|
194
|
+
end
|
195
|
+
|
196
|
+
it "should determine mode based on resource ensure when set to link" do
|
197
|
+
without_partial_double_verification do
|
198
|
+
allow(self).to receive(:selinux_support?).and_return(true)
|
199
|
+
allow(self).to receive(:selinux_label_support?).and_return(true)
|
200
|
+
allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 40960).and_return(-1)
|
201
|
+
allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
|
202
|
+
|
203
|
+
expect(get_selinux_default_context("/root/chuj", :link)).to be_nil
|
204
|
+
end
|
205
|
+
end
|
206
|
+
|
207
|
+
it "should determine mode based on resource ensure when set to unknown" do
|
208
|
+
without_partial_double_verification do
|
209
|
+
allow(self).to receive(:selinux_support?).and_return(true)
|
210
|
+
allow(self).to receive(:selinux_label_support?).and_return(true)
|
211
|
+
allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
|
212
|
+
allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
|
213
|
+
|
214
|
+
expect(get_selinux_default_context("/root/chuj", "unknown")).to be_nil
|
215
|
+
end
|
216
|
+
end
|
217
|
+
|
170
218
|
it "should return nil if matchpathcon returns failure" do
|
171
219
|
without_partial_double_verification do
|
172
220
|
expect(self).to receive(:selinux_support?).and_return(true)
|
@@ -326,21 +374,44 @@ describe Puppet::Util::SELinux do
|
|
326
374
|
end
|
327
375
|
|
328
376
|
it "should return nil if no default context exists" do
|
329
|
-
expect(self).to receive(:get_selinux_default_context).with("/foo").and_return(nil)
|
377
|
+
expect(self).to receive(:get_selinux_default_context).with("/foo", nil).and_return(nil)
|
330
378
|
expect(set_selinux_default_context("/foo")).to be_nil
|
331
379
|
end
|
332
380
|
|
333
381
|
it "should do nothing and return nil if the current context matches the default context" do
|
334
|
-
expect(self).to receive(:get_selinux_default_context).with("/foo").and_return("user_u:role_r:type_t")
|
382
|
+
expect(self).to receive(:get_selinux_default_context).with("/foo", nil).and_return("user_u:role_r:type_t")
|
335
383
|
expect(self).to receive(:get_selinux_current_context).with("/foo").and_return("user_u:role_r:type_t")
|
336
384
|
expect(set_selinux_default_context("/foo")).to be_nil
|
337
385
|
end
|
338
386
|
|
339
387
|
it "should set and return the default context if current and default do not match" do
|
340
|
-
expect(self).to receive(:get_selinux_default_context).with("/foo").and_return("user_u:role_r:type_t")
|
388
|
+
expect(self).to receive(:get_selinux_default_context).with("/foo", nil).and_return("user_u:role_r:type_t")
|
341
389
|
expect(self).to receive(:get_selinux_current_context).with("/foo").and_return("olduser_u:role_r:type_t")
|
342
390
|
expect(self).to receive(:set_selinux_context).with("/foo", "user_u:role_r:type_t").and_return(true)
|
343
391
|
expect(set_selinux_default_context("/foo")).to eq("user_u:role_r:type_t")
|
344
392
|
end
|
345
393
|
end
|
394
|
+
|
395
|
+
describe "get_create_mode" do
|
396
|
+
it "should return 0 if the resource is absent" do
|
397
|
+
expect(get_create_mode(:absent)).to eq(0)
|
398
|
+
end
|
399
|
+
|
400
|
+
it "should return mode with file type set to S_IFREG when resource is file" do
|
401
|
+
expect(get_create_mode(:present)).to eq(32768)
|
402
|
+
expect(get_create_mode(:file)).to eq(32768)
|
403
|
+
end
|
404
|
+
|
405
|
+
it "should return mode with file type set to S_IFDIR when resource is dir" do
|
406
|
+
expect(get_create_mode(:directory)).to eq(16384)
|
407
|
+
end
|
408
|
+
|
409
|
+
it "should return mode with file type set to S_IFLNK when resource is link" do
|
410
|
+
expect(get_create_mode(:link)).to eq(40960)
|
411
|
+
end
|
412
|
+
|
413
|
+
it "should return 0 for everything else" do
|
414
|
+
expect(get_create_mode("unknown")).to eq(0)
|
415
|
+
end
|
416
|
+
end
|
346
417
|
end
|
@@ -131,33 +131,74 @@ describe "Puppet::Util::Windows::SID", :if => Puppet::Util::Platform.windows? do
|
|
131
131
|
expect(subject.name_to_principal(unknown_name)).to be_nil
|
132
132
|
end
|
133
133
|
|
134
|
+
it "should print a debug message if the account does not exist" do
|
135
|
+
expect(Puppet).to receive(:debug).with(/No mapping between account names and security IDs was done/)
|
136
|
+
subject.name_to_principal(unknown_name)
|
137
|
+
end
|
138
|
+
|
134
139
|
it "should return a Puppet::Util::Windows::SID::Principal instance for any valid sid" do
|
135
140
|
expect(subject.name_to_principal(sid)).to be_an_instance_of(Puppet::Util::Windows::SID::Principal)
|
136
141
|
end
|
137
142
|
|
143
|
+
it "should not print debug messages for valid sid" do
|
144
|
+
expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
|
145
|
+
expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
|
146
|
+
subject.name_to_principal(sid)
|
147
|
+
end
|
148
|
+
|
149
|
+
it "should print a debug message for invalid sid" do
|
150
|
+
expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
|
151
|
+
expect(Puppet).to receive(:debug).with(/No mapping between account names and security IDs was done/)
|
152
|
+
subject.name_to_principal('S-1-5-21-INVALID-SID')
|
153
|
+
end
|
154
|
+
|
138
155
|
it "should accept unqualified account name" do
|
139
156
|
# NOTE: lookup by name works in localized environments only for a few instances
|
140
157
|
# this works in French Windows, even though the account is really Syst\u00E8me
|
141
158
|
expect(subject.name_to_principal('SYSTEM').sid).to eq(sid)
|
142
159
|
end
|
143
160
|
|
161
|
+
it "should not print debug messages for unqualified account name" do
|
162
|
+
expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
|
163
|
+
expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
|
164
|
+
subject.name_to_principal('SYSTEM')
|
165
|
+
end
|
166
|
+
|
144
167
|
it "should be case-insensitive" do
|
145
168
|
# NOTE: lookup by name works in localized environments only for a few instances
|
146
169
|
# this works in French Windows, even though the account is really Syst\u00E8me
|
147
170
|
expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal('system'))
|
148
171
|
end
|
149
172
|
|
173
|
+
it "should not print debug messages for wrongly cased account name" do
|
174
|
+
expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
|
175
|
+
expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
|
176
|
+
subject.name_to_principal('system')
|
177
|
+
end
|
178
|
+
|
150
179
|
it "should be leading and trailing whitespace-insensitive" do
|
151
180
|
# NOTE: lookup by name works in localized environments only for a few instances
|
152
181
|
# this works in French Windows, even though the account is really Syst\u00E8me
|
153
182
|
expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal(' SYSTEM '))
|
154
183
|
end
|
155
184
|
|
185
|
+
it "should not print debug messages for account name with leading and trailing whitespace" do
|
186
|
+
expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
|
187
|
+
expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
|
188
|
+
subject.name_to_principal(' SYSTEM ')
|
189
|
+
end
|
190
|
+
|
156
191
|
it "should accept domain qualified account names" do
|
157
192
|
# NOTE: lookup by name works in localized environments only for a few instances
|
158
193
|
# this works in French Windows, even though the account is really AUTORITE NT\\Syst\u00E8me
|
159
194
|
expect(subject.name_to_principal('NT AUTHORITY\SYSTEM').sid).to eq(sid)
|
160
195
|
end
|
196
|
+
|
197
|
+
it "should not print debug messages for domain qualified account names" do
|
198
|
+
expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
|
199
|
+
expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
|
200
|
+
subject.name_to_principal('NT AUTHORITY\SYSTEM')
|
201
|
+
end
|
161
202
|
end
|
162
203
|
|
163
204
|
context "#ads_to_principal" do
|
@@ -40,6 +40,7 @@ task(:gen_cert_fixtures) do
|
|
40
40
|
# 127.0.0.1.pem | +- /CN=127.0.0.1 (with dns alt names)
|
41
41
|
# tampered-cert.pem | +- /CN=signed (with different public key)
|
42
42
|
# ec.pem | +- /CN=ec (with EC private key)
|
43
|
+
# oid.pem | +- /CN=oid (with custom oid)
|
43
44
|
# |
|
44
45
|
# + /CN=Test CA Agent Subauthority
|
45
46
|
# | |
|
@@ -49,7 +50,7 @@ task(:gen_cert_fixtures) do
|
|
49
50
|
#
|
50
51
|
# bad-basic-constraints.pem /CN=Test CA (bad isCA constraint)
|
51
52
|
#
|
52
|
-
# unknown-ca.
|
53
|
+
# unknown-ca.pem /CN=Unknown CA
|
53
54
|
# |
|
54
55
|
# unknown-127.0.0.1.pem +- /CN=127.0.0.1
|
55
56
|
#
|
@@ -103,6 +104,14 @@ task(:gen_cert_fixtures) do
|
|
103
104
|
save(dir, '127.0.0.1.pem', signed[:cert])
|
104
105
|
save(dir, '127.0.0.1-key.pem', signed[:private_key])
|
105
106
|
|
107
|
+
# Create an SSL cert with extensions containing custom oids
|
108
|
+
extensions = [
|
109
|
+
['1.3.6.1.4.1.34380.1.2.1.1', OpenSSL::ASN1::UTF8String.new('somevalue'), false],
|
110
|
+
]
|
111
|
+
oid = ca.create_cert('oid', inter[:cert], inter[:private_key], extensions: extensions)
|
112
|
+
save(dir, 'oid.pem', oid[:cert])
|
113
|
+
save(dir, 'oid-key.pem', oid[:private_key])
|
114
|
+
|
106
115
|
# Create a leaf/entity key and cert for host "revoked", issued by "Test CA Subauthority"
|
107
116
|
# and revoke the cert
|
108
117
|
revoked = ca.create_cert('revoked', inter[:cert], inter[:private_key])
|
@@ -173,12 +182,12 @@ task(:gen_cert_fixtures) do
|
|
173
182
|
|
174
183
|
# Create a request, but replace its public key after it's signed
|
175
184
|
tampered_csr = ca.create_request('signed')[:csr]
|
176
|
-
tampered_csr.public_key = OpenSSL::PKey::RSA.new(
|
185
|
+
tampered_csr.public_key = OpenSSL::PKey::RSA.new(2048).public_key
|
177
186
|
save(dir, 'tampered-csr.pem', tampered_csr)
|
178
187
|
|
179
188
|
# Create a cert issued from the real intermediate CA, but replace its
|
180
189
|
# public key
|
181
190
|
tampered_cert = ca.create_cert('signed', inter[:cert], inter[:private_key])[:cert]
|
182
|
-
tampered_cert.public_key = OpenSSL::PKey::RSA.new(
|
191
|
+
tampered_cert.public_key = OpenSSL::PKey::RSA.new(2048).public_key
|
183
192
|
save(dir, 'tampered-cert.pem', tampered_cert)
|
184
193
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppet
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.
|
4
|
+
version: 6.24.0
|
5
5
|
platform: x64-mingw32
|
6
6
|
authors:
|
7
7
|
- Puppet Labs
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-07-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: facter
|
@@ -186,16 +186,22 @@ dependencies:
|
|
186
186
|
name: win32-dir
|
187
187
|
requirement: !ruby/object:Gem::Requirement
|
188
188
|
requirements:
|
189
|
-
- -
|
189
|
+
- - ">="
|
190
190
|
- !ruby/object:Gem::Version
|
191
191
|
version: 0.4.9
|
192
|
+
- - "<="
|
193
|
+
- !ruby/object:Gem::Version
|
194
|
+
version: 0.7.2
|
192
195
|
type: :runtime
|
193
196
|
prerelease: false
|
194
197
|
version_requirements: !ruby/object:Gem::Requirement
|
195
198
|
requirements:
|
196
|
-
- -
|
199
|
+
- - ">="
|
197
200
|
- !ruby/object:Gem::Version
|
198
201
|
version: 0.4.9
|
202
|
+
- - "<="
|
203
|
+
- !ruby/object:Gem::Version
|
204
|
+
version: 0.7.2
|
199
205
|
- !ruby/object:Gem::Dependency
|
200
206
|
name: win32-process
|
201
207
|
requirement: !ruby/object:Gem::Requirement
|
@@ -1548,6 +1554,8 @@ files:
|
|
1548
1554
|
- spec/fixtures/ssl/intermediate-crl.pem
|
1549
1555
|
- spec/fixtures/ssl/intermediate.pem
|
1550
1556
|
- spec/fixtures/ssl/netlock-arany-utf8.pem
|
1557
|
+
- spec/fixtures/ssl/oid-key.pem
|
1558
|
+
- spec/fixtures/ssl/oid.pem
|
1551
1559
|
- spec/fixtures/ssl/pluto-key.pem
|
1552
1560
|
- spec/fixtures/ssl/pluto.pem
|
1553
1561
|
- spec/fixtures/ssl/request-key.pem
|
@@ -1558,6 +1566,7 @@ files:
|
|
1558
1566
|
- spec/fixtures/ssl/signed.pem
|
1559
1567
|
- spec/fixtures/ssl/tampered-cert.pem
|
1560
1568
|
- spec/fixtures/ssl/tampered-csr.pem
|
1569
|
+
- spec/fixtures/ssl/trusted_oid_mapping.yaml
|
1561
1570
|
- spec/fixtures/ssl/unknown-127.0.0.1-key.pem
|
1562
1571
|
- spec/fixtures/ssl/unknown-127.0.0.1.pem
|
1563
1572
|
- spec/fixtures/ssl/unknown-ca-key.pem
|
@@ -1877,6 +1886,7 @@ files:
|
|
1877
1886
|
- spec/fixtures/unit/provider/service/smf/svcs_fmri.out
|
1878
1887
|
- spec/fixtures/unit/provider/service/smf/svcs_multiple_fmris.out
|
1879
1888
|
- spec/fixtures/unit/provider/service/systemd/list_unit_files_services
|
1889
|
+
- spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset
|
1880
1890
|
- spec/fixtures/unit/provider/user/aix/aix_passwd_file.out
|
1881
1891
|
- spec/fixtures/unit/reports/tagmail/tagmail_email.conf
|
1882
1892
|
- spec/fixtures/unit/reports/tagmail/tagmail_failers.conf
|
@@ -1906,6 +1916,8 @@ files:
|
|
1906
1916
|
- spec/integration/application/lookup_spec.rb
|
1907
1917
|
- spec/integration/application/module_spec.rb
|
1908
1918
|
- spec/integration/application/plugin_spec.rb
|
1919
|
+
- spec/integration/application/resource_spec.rb
|
1920
|
+
- spec/integration/application/ssl_spec.rb
|
1909
1921
|
- spec/integration/configurer_spec.rb
|
1910
1922
|
- spec/integration/data_binding_spec.rb
|
1911
1923
|
- spec/integration/defaults_spec.rb
|
@@ -1965,10 +1977,8 @@ files:
|
|
1965
1977
|
- spec/integration/util/windows/user_spec.rb
|
1966
1978
|
- spec/integration/util_spec.rb
|
1967
1979
|
- spec/lib/matchers/containment_matchers.rb
|
1968
|
-
- spec/lib/matchers/include.rb
|
1969
1980
|
- spec/lib/matchers/include_in_order.rb
|
1970
1981
|
- spec/lib/matchers/include_in_order_spec.rb
|
1971
|
-
- spec/lib/matchers/include_spec.rb
|
1972
1982
|
- spec/lib/matchers/json.rb
|
1973
1983
|
- spec/lib/matchers/match_tokens2.rb
|
1974
1984
|
- spec/lib/matchers/relationship_graph_matchers.rb
|
@@ -2741,7 +2751,8 @@ files:
|
|
2741
2751
|
- tasks/parser.rake
|
2742
2752
|
- tasks/yard.rake
|
2743
2753
|
homepage: https://github.com/puppetlabs/puppet
|
2744
|
-
licenses:
|
2754
|
+
licenses:
|
2755
|
+
- Apache-2.0
|
2745
2756
|
metadata: {}
|
2746
2757
|
post_install_message:
|
2747
2758
|
rdoc_options:
|
@@ -2818,6 +2829,8 @@ test_files:
|
|
2818
2829
|
- spec/fixtures/ssl/intermediate-crl.pem
|
2819
2830
|
- spec/fixtures/ssl/intermediate.pem
|
2820
2831
|
- spec/fixtures/ssl/netlock-arany-utf8.pem
|
2832
|
+
- spec/fixtures/ssl/oid-key.pem
|
2833
|
+
- spec/fixtures/ssl/oid.pem
|
2821
2834
|
- spec/fixtures/ssl/pluto-key.pem
|
2822
2835
|
- spec/fixtures/ssl/pluto.pem
|
2823
2836
|
- spec/fixtures/ssl/request-key.pem
|
@@ -2828,6 +2841,7 @@ test_files:
|
|
2828
2841
|
- spec/fixtures/ssl/signed.pem
|
2829
2842
|
- spec/fixtures/ssl/tampered-cert.pem
|
2830
2843
|
- spec/fixtures/ssl/tampered-csr.pem
|
2844
|
+
- spec/fixtures/ssl/trusted_oid_mapping.yaml
|
2831
2845
|
- spec/fixtures/ssl/unknown-127.0.0.1-key.pem
|
2832
2846
|
- spec/fixtures/ssl/unknown-127.0.0.1.pem
|
2833
2847
|
- spec/fixtures/ssl/unknown-ca-key.pem
|
@@ -3147,6 +3161,7 @@ test_files:
|
|
3147
3161
|
- spec/fixtures/unit/provider/service/smf/svcs_fmri.out
|
3148
3162
|
- spec/fixtures/unit/provider/service/smf/svcs_multiple_fmris.out
|
3149
3163
|
- spec/fixtures/unit/provider/service/systemd/list_unit_files_services
|
3164
|
+
- spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset
|
3150
3165
|
- spec/fixtures/unit/provider/user/aix/aix_passwd_file.out
|
3151
3166
|
- spec/fixtures/unit/reports/tagmail/tagmail_email.conf
|
3152
3167
|
- spec/fixtures/unit/reports/tagmail/tagmail_failers.conf
|
@@ -3176,6 +3191,8 @@ test_files:
|
|
3176
3191
|
- spec/integration/application/lookup_spec.rb
|
3177
3192
|
- spec/integration/application/module_spec.rb
|
3178
3193
|
- spec/integration/application/plugin_spec.rb
|
3194
|
+
- spec/integration/application/resource_spec.rb
|
3195
|
+
- spec/integration/application/ssl_spec.rb
|
3179
3196
|
- spec/integration/configurer_spec.rb
|
3180
3197
|
- spec/integration/data_binding_spec.rb
|
3181
3198
|
- spec/integration/defaults_spec.rb
|
@@ -3235,10 +3252,8 @@ test_files:
|
|
3235
3252
|
- spec/integration/util/windows/user_spec.rb
|
3236
3253
|
- spec/integration/util_spec.rb
|
3237
3254
|
- spec/lib/matchers/containment_matchers.rb
|
3238
|
-
- spec/lib/matchers/include.rb
|
3239
3255
|
- spec/lib/matchers/include_in_order.rb
|
3240
3256
|
- spec/lib/matchers/include_in_order_spec.rb
|
3241
|
-
- spec/lib/matchers/include_spec.rb
|
3242
3257
|
- spec/lib/matchers/json.rb
|
3243
3258
|
- spec/lib/matchers/match_tokens2.rb
|
3244
3259
|
- spec/lib/matchers/relationship_graph_matchers.rb
|
@@ -1,27 +0,0 @@
|
|
1
|
-
module Matchers; module Include
|
2
|
-
extend RSpec::Matchers::DSL
|
3
|
-
|
4
|
-
matcher :include_in_any_order do |*matchers|
|
5
|
-
match do |enumerable|
|
6
|
-
@not_matched = []
|
7
|
-
expected_as_array.each do |matcher|
|
8
|
-
if enumerable.empty?
|
9
|
-
break
|
10
|
-
end
|
11
|
-
|
12
|
-
if found = enumerable.find { |elem| matcher.matches?(elem) }
|
13
|
-
enumerable = enumerable.reject { |elem| elem == found }
|
14
|
-
else
|
15
|
-
@not_matched << matcher
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
|
20
|
-
@not_matched.empty? && enumerable.empty?
|
21
|
-
end
|
22
|
-
|
23
|
-
failure_message do |enumerable|
|
24
|
-
"did not match #{@not_matched.collect(&:description).join(', ')} in #{enumerable.inspect}: <#{@not_matched.collect(&:failure_message).join('>, <')}>"
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end; end
|
@@ -1,32 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'matchers/include'
|
3
|
-
|
4
|
-
describe "include matchers" do
|
5
|
-
include Matchers::Include
|
6
|
-
|
7
|
-
context :include_in_any_order do
|
8
|
-
it "matches an empty list" do
|
9
|
-
expect([]).to include_in_any_order()
|
10
|
-
end
|
11
|
-
|
12
|
-
it "matches a list with a single element" do
|
13
|
-
expect([1]).to include_in_any_order(eq(1))
|
14
|
-
end
|
15
|
-
|
16
|
-
it "does not match when an expected element is missing" do
|
17
|
-
expect([1]).to_not include_in_any_order(eq(2))
|
18
|
-
end
|
19
|
-
|
20
|
-
it "matches a list with 2 elements in a different order from the expectation" do
|
21
|
-
expect([1, 2]).to include_in_any_order(eq(2), eq(1))
|
22
|
-
end
|
23
|
-
|
24
|
-
it "does not match when there are more than just the expected elements" do
|
25
|
-
expect([1, 2]).to_not include_in_any_order(eq(1))
|
26
|
-
end
|
27
|
-
|
28
|
-
it "matches multiple, equal elements when there are multiple, equal exepectations" do
|
29
|
-
expect([1, 1]).to include_in_any_order(eq(1), eq(1))
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|