puppet 6.21.0-x86-mingw32 → 6.24.0-x86-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (217) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +5 -5
  3. data/Gemfile +1 -1
  4. data/Gemfile.lock +29 -23
  5. data/README.md +4 -4
  6. data/ext/osx/puppet.plist +2 -0
  7. data/ext/project_data.yaml +3 -2
  8. data/lib/puppet.rb +3 -3
  9. data/lib/puppet/application/agent.rb +12 -5
  10. data/lib/puppet/application/apply.rb +2 -1
  11. data/lib/puppet/application/device.rb +2 -1
  12. data/lib/puppet/application/filebucket.rb +1 -0
  13. data/lib/puppet/application/resource.rb +17 -3
  14. data/lib/puppet/application/script.rb +2 -1
  15. data/lib/puppet/application/ssl.rb +12 -0
  16. data/lib/puppet/configurer/downloader.rb +2 -1
  17. data/lib/puppet/defaults.rb +27 -5
  18. data/lib/puppet/environments.rb +26 -1
  19. data/lib/puppet/face/facts.rb +128 -30
  20. data/lib/puppet/face/help/action.erb +1 -0
  21. data/lib/puppet/face/help/face.erb +1 -0
  22. data/lib/puppet/face/node/clean.rb +11 -0
  23. data/lib/puppet/file_serving/fileset.rb +14 -2
  24. data/lib/puppet/file_system/file_impl.rb +1 -1
  25. data/lib/puppet/file_system/memory_file.rb +8 -1
  26. data/lib/puppet/file_system/windows.rb +4 -2
  27. data/lib/puppet/forge.rb +3 -3
  28. data/lib/puppet/functions/all.rb +1 -1
  29. data/lib/puppet/functions/camelcase.rb +1 -1
  30. data/lib/puppet/functions/capitalize.rb +2 -2
  31. data/lib/puppet/functions/downcase.rb +2 -2
  32. data/lib/puppet/functions/empty.rb +8 -0
  33. data/lib/puppet/functions/get.rb +5 -5
  34. data/lib/puppet/functions/group_by.rb +13 -5
  35. data/lib/puppet/functions/lest.rb +1 -1
  36. data/lib/puppet/functions/new.rb +100 -100
  37. data/lib/puppet/functions/partition.rb +12 -4
  38. data/lib/puppet/functions/require.rb +5 -5
  39. data/lib/puppet/functions/sort.rb +3 -3
  40. data/lib/puppet/functions/strftime.rb +1 -0
  41. data/lib/puppet/functions/tree_each.rb +7 -9
  42. data/lib/puppet/functions/type.rb +4 -4
  43. data/lib/puppet/functions/unwrap.rb +17 -2
  44. data/lib/puppet/functions/upcase.rb +2 -2
  45. data/lib/puppet/http/resolver/server_list.rb +15 -4
  46. data/lib/puppet/http/service/compiler.rb +69 -0
  47. data/lib/puppet/http/service/file_server.rb +2 -1
  48. data/lib/puppet/indirector/catalog/compiler.rb +1 -0
  49. data/lib/puppet/indirector/facts/facter.rb +24 -3
  50. data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
  51. data/lib/puppet/indirector/resource/ral.rb +6 -1
  52. data/lib/puppet/interface/documentation.rb +1 -0
  53. data/lib/puppet/module_tool/applications/installer.rb +4 -0
  54. data/lib/puppet/module_tool/errors/shared.rb +17 -0
  55. data/lib/puppet/network/formats.rb +67 -0
  56. data/lib/puppet/network/http/factory.rb +4 -0
  57. data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
  58. data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
  59. data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
  60. data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
  61. data/lib/puppet/provider/exec/posix.rb +16 -4
  62. data/lib/puppet/provider/package/dnfmodule.rb +1 -1
  63. data/lib/puppet/provider/package/nim.rb +11 -6
  64. data/lib/puppet/provider/package/pip.rb +15 -3
  65. data/lib/puppet/provider/parsedfile.rb +3 -0
  66. data/lib/puppet/provider/service/systemd.rb +14 -4
  67. data/lib/puppet/provider/service/windows.rb +38 -0
  68. data/lib/puppet/provider/user/directoryservice.rb +25 -12
  69. data/lib/puppet/provider/user/useradd.rb +9 -2
  70. data/lib/puppet/reference/configuration.rb +1 -1
  71. data/lib/puppet/settings.rb +30 -7
  72. data/lib/puppet/settings/environment_conf.rb +1 -0
  73. data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
  74. data/lib/puppet/type/exec.rb +16 -3
  75. data/lib/puppet/type/file.rb +19 -1
  76. data/lib/puppet/type/file/mode.rb +6 -0
  77. data/lib/puppet/type/file/selcontext.rb +1 -1
  78. data/lib/puppet/type/service.rb +18 -38
  79. data/lib/puppet/type/tidy.rb +22 -3
  80. data/lib/puppet/type/user.rb +38 -20
  81. data/lib/puppet/util/fact_dif.rb +36 -17
  82. data/lib/puppet/util/monkey_patches.rb +7 -0
  83. data/lib/puppet/util/selinux.rb +30 -4
  84. data/lib/puppet/util/symbolic_file_mode.rb +29 -17
  85. data/lib/puppet/util/windows/adsi.rb +46 -0
  86. data/lib/puppet/util/windows/api_types.rb +1 -1
  87. data/lib/puppet/util/windows/principal.rb +9 -2
  88. data/lib/puppet/util/windows/sid.rb +6 -2
  89. data/lib/puppet/version.rb +1 -1
  90. data/locales/puppet.pot +360 -280
  91. data/man/man5/puppet.conf.5 +279 -251
  92. data/man/man8/puppet-agent.8 +1 -1
  93. data/man/man8/puppet-apply.8 +1 -1
  94. data/man/man8/puppet-catalog.8 +9 -9
  95. data/man/man8/puppet-config.8 +1 -1
  96. data/man/man8/puppet-describe.8 +1 -1
  97. data/man/man8/puppet-device.8 +1 -1
  98. data/man/man8/puppet-doc.8 +1 -1
  99. data/man/man8/puppet-epp.8 +1 -1
  100. data/man/man8/puppet-facts.8 +65 -7
  101. data/man/man8/puppet-filebucket.8 +1 -1
  102. data/man/man8/puppet-generate.8 +1 -1
  103. data/man/man8/puppet-help.8 +1 -1
  104. data/man/man8/puppet-key.8 +7 -7
  105. data/man/man8/puppet-lookup.8 +1 -1
  106. data/man/man8/puppet-man.8 +1 -1
  107. data/man/man8/puppet-module.8 +1 -1
  108. data/man/man8/puppet-node.8 +5 -5
  109. data/man/man8/puppet-parser.8 +1 -1
  110. data/man/man8/puppet-plugin.8 +1 -1
  111. data/man/man8/puppet-report.8 +5 -5
  112. data/man/man8/puppet-resource.8 +1 -1
  113. data/man/man8/puppet-script.8 +1 -1
  114. data/man/man8/puppet-ssl.8 +5 -1
  115. data/man/man8/puppet-status.8 +4 -4
  116. data/man/man8/puppet.8 +2 -2
  117. data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
  118. data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
  119. data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
  120. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
  121. data/spec/fixtures/ssl/ca.pem +57 -35
  122. data/spec/fixtures/ssl/crl.pem +28 -18
  123. data/spec/fixtures/ssl/ec-key.pem +11 -11
  124. data/spec/fixtures/ssl/ec.pem +33 -24
  125. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  126. data/spec/fixtures/ssl/encrypted-key.pem +108 -58
  127. data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
  128. data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
  129. data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
  130. data/spec/fixtures/ssl/intermediate.pem +57 -36
  131. data/spec/fixtures/ssl/oid-key.pem +117 -0
  132. data/spec/fixtures/ssl/oid.pem +69 -0
  133. data/spec/fixtures/ssl/pluto-key.pem +107 -57
  134. data/spec/fixtures/ssl/pluto.pem +52 -30
  135. data/spec/fixtures/ssl/request-key.pem +107 -57
  136. data/spec/fixtures/ssl/request.pem +47 -26
  137. data/spec/fixtures/ssl/revoked-key.pem +107 -57
  138. data/spec/fixtures/ssl/revoked.pem +52 -30
  139. data/spec/fixtures/ssl/signed-key.pem +107 -57
  140. data/spec/fixtures/ssl/signed.pem +52 -30
  141. data/spec/fixtures/ssl/tampered-cert.pem +52 -30
  142. data/spec/fixtures/ssl/tampered-csr.pem +47 -26
  143. data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
  144. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
  145. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
  146. data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
  147. data/spec/fixtures/ssl/unknown-ca.pem +55 -33
  148. data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
  149. data/spec/integration/application/filebucket_spec.rb +11 -0
  150. data/spec/integration/application/module_spec.rb +21 -0
  151. data/spec/integration/application/plugin_spec.rb +1 -1
  152. data/spec/integration/application/resource_spec.rb +64 -0
  153. data/spec/integration/application/ssl_spec.rb +20 -0
  154. data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
  155. data/spec/integration/http/client_spec.rb +12 -0
  156. data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
  157. data/spec/integration/indirector/facts/facter_spec.rb +90 -36
  158. data/spec/integration/type/exec_spec.rb +70 -45
  159. data/spec/integration/util/windows/adsi_spec.rb +18 -0
  160. data/spec/integration/util/windows/principal_spec.rb +21 -0
  161. data/spec/integration/util/windows/registry_spec.rb +6 -0
  162. data/spec/lib/puppet/test_ca.rb +7 -2
  163. data/spec/lib/puppet_spec/settings.rb +1 -0
  164. data/spec/spec_helper.rb +11 -1
  165. data/spec/unit/application/agent_spec.rb +7 -2
  166. data/spec/unit/application/facts_spec.rb +482 -3
  167. data/spec/unit/application/ssl_spec.rb +23 -0
  168. data/spec/unit/configurer/downloader_spec.rb +6 -0
  169. data/spec/unit/configurer_spec.rb +23 -0
  170. data/spec/unit/defaults_spec.rb +16 -0
  171. data/spec/unit/environments_spec.rb +199 -88
  172. data/spec/unit/face/facts_spec.rb +4 -0
  173. data/spec/unit/file_serving/fileset_spec.rb +60 -0
  174. data/spec/unit/file_system_spec.rb +15 -0
  175. data/spec/unit/functions/assert_type_spec.rb +1 -1
  176. data/spec/unit/functions/empty_spec.rb +10 -0
  177. data/spec/unit/functions/unwrap_spec.rb +8 -0
  178. data/spec/unit/functions4_spec.rb +2 -2
  179. data/spec/unit/gettext/config_spec.rb +12 -0
  180. data/spec/unit/http/service/compiler_spec.rb +123 -0
  181. data/spec/unit/indirector/catalog/compiler_spec.rb +14 -10
  182. data/spec/unit/indirector/facts/facter_spec.rb +95 -0
  183. data/spec/unit/indirector/resource/ral_spec.rb +40 -75
  184. data/spec/unit/module_tool/applications/installer_spec.rb +12 -0
  185. data/spec/unit/network/formats_spec.rb +41 -0
  186. data/spec/unit/network/http/factory_spec.rb +19 -0
  187. data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
  188. data/spec/unit/parser/templatewrapper_spec.rb +12 -2
  189. data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
  190. data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
  191. data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
  192. data/spec/unit/provider/package/nim_spec.rb +42 -0
  193. data/spec/unit/provider/package/pip_spec.rb +37 -0
  194. data/spec/unit/provider/parsedfile_spec.rb +10 -0
  195. data/spec/unit/provider/service/init_spec.rb +1 -0
  196. data/spec/unit/provider/service/openwrt_spec.rb +3 -1
  197. data/spec/unit/provider/service/systemd_spec.rb +53 -8
  198. data/spec/unit/provider/service/windows_spec.rb +202 -0
  199. data/spec/unit/provider/user/directoryservice_spec.rb +67 -35
  200. data/spec/unit/provider/user/useradd_spec.rb +21 -6
  201. data/spec/unit/resource/catalog_spec.rb +1 -1
  202. data/spec/unit/settings_spec.rb +97 -56
  203. data/spec/unit/ssl/state_machine_spec.rb +19 -5
  204. data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
  205. data/spec/unit/transaction_spec.rb +18 -20
  206. data/spec/unit/type/exec_spec.rb +76 -29
  207. data/spec/unit/type/file/selinux_spec.rb +3 -3
  208. data/spec/unit/type/file/source_spec.rb +4 -4
  209. data/spec/unit/type/service_spec.rb +59 -188
  210. data/spec/unit/type/tidy_spec.rb +24 -7
  211. data/spec/unit/type/user_spec.rb +45 -0
  212. data/spec/unit/util/selinux_spec.rb +87 -16
  213. data/spec/unit/util/windows/sid_spec.rb +41 -0
  214. data/tasks/generate_cert_fixtures.rake +12 -3
  215. metadata +24 -9
  216. data/spec/lib/matchers/include.rb +0 -27
  217. data/spec/lib/matchers/include_spec.rb +0 -32
@@ -0,0 +1,20 @@
1
+ require 'spec_helper'
2
+
3
+ describe "puppet ssl", unless: Puppet::Util::Platform.jruby? do
4
+ context "print" do
5
+ it 'translates custom oids to their long name' do
6
+ basedir = File.expand_path("#{__FILE__}/../../../fixtures/ssl")
7
+ # registering custom oids changes global state, so shell out
8
+ output =
9
+ %x{puppet ssl show \
10
+ --certname oid \
11
+ --localcacert #{basedir}/ca.pem \
12
+ --hostcrl #{basedir}/crl.pem \
13
+ --hostprivkey #{basedir}/oid-key.pem \
14
+ --hostcert #{basedir}/oid.pem \
15
+ --trusted_oid_mapping_file #{basedir}/trusted_oid_mapping.yaml 2>&1
16
+ }
17
+ expect(output).to match(/Long name:/)
18
+ end
19
+ end
20
+ end
@@ -9,10 +9,6 @@ describe "interpolating $environment" do
9
9
  let(:confdir) { Puppet[:confdir] }
10
10
  let(:cmdline_args) { ['--confdir', confdir, '--vardir', Puppet[:vardir], '--hiera_config', Puppet[:hiera_config]] }
11
11
 
12
- before(:each) do
13
- FileUtils.mkdir_p(confdir)
14
- end
15
-
16
12
  shared_examples_for "a setting that does not interpolate $environment" do
17
13
 
18
14
  before(:each) do
@@ -151,4 +151,16 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
151
151
  end
152
152
  end
153
153
  end
154
+
155
+ context 'ciphersuites' do
156
+ it "does not connect when using an SSLv3 ciphersuite", :if => Puppet::Util::Package.versioncmp(OpenSSL::OPENSSL_LIBRARY_VERSION.split[1], '1.1.1e') > 0 do
157
+ Puppet[:ciphers] = "DES-CBC3-SHA"
158
+
159
+ https_server.start_server do |port|
160
+ expect {
161
+ client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: root_context})
162
+ }.to raise_error(Puppet::HTTP::ConnectionError, /no cipher match|sslv3 alert handshake failure/)
163
+ end
164
+ end
165
+ end
154
166
  end
@@ -1,5 +1,4 @@
1
1
  require 'spec_helper'
2
- require 'matchers/include'
3
2
 
4
3
  require 'puppet/indirector/file_content/file'
5
4
  require 'puppet/indirector/file_metadata/file'
@@ -30,7 +29,6 @@ end
30
29
 
31
30
  describe Puppet::Indirector::DirectFileServer, " when interacting with FileServing::Fileset and the model" do
32
31
  include PuppetSpec::Files
33
- include Matchers::Include
34
32
 
35
33
  matcher :file_with_content do |name, content|
36
34
  match do |actual|
@@ -52,7 +50,7 @@ describe Puppet::Indirector::DirectFileServer, " when interacting with FileServi
52
50
  terminus = Puppet::Indirector::FileContent::File.new
53
51
  request = terminus.indirection.request(:search, Puppet::Util.path_to_uri(path).to_s, nil, :recurse => true)
54
52
 
55
- expect(terminus.search(request)).to include_in_any_order(
53
+ expect(terminus.search(request)).to contain_exactly(
56
54
  file_with_content(File.join(path, "one"), "one content"),
57
55
  file_with_content(File.join(path, "two"), "two content"),
58
56
  directory_named(path))
@@ -6,6 +6,7 @@ require 'puppet/indirector/facts/facter'
6
6
  describe Puppet::Node::Facts::Facter do
7
7
  include PuppetSpec::Files
8
8
  include PuppetSpec::Compiler
9
+ include PuppetSpec::Settings
9
10
 
10
11
  before :each do
11
12
  Puppet::Node::Facts.indirection.terminus_class = :facter
@@ -66,49 +67,102 @@ describe Puppet::Node::Facts::Facter do
66
67
  end
67
68
  end
68
69
 
69
- it "adds the puppetversion fact" do
70
- allow(Facter).to receive(:reset)
71
-
72
- cat = compile_to_catalog('notify { $::puppetversion: }',
73
- Puppet::Node.indirection.find('foo'))
74
- expect(cat.resource("Notify[#{Puppet.version.to_s}]")).to be
75
- end
70
+ context "adding facts" do
71
+ it "adds the puppetversion fact" do
72
+ allow(Facter).to receive(:reset)
76
73
 
77
- it "the agent_specified_environment fact is nil when not set" do
78
- expect do
79
- compile_to_catalog('notify { $::agent_specified_environment: }',
80
- Puppet::Node.indirection.find('foo'))
81
- end.to raise_error(Puppet::PreformattedError)
82
- end
83
-
84
- it "adds the agent_specified_environment fact when set in puppet.conf" do
85
- FileUtils.mkdir_p(Puppet[:confdir])
86
- File.open(File.join(Puppet[:confdir], 'puppet.conf'), 'w') do |f|
87
- f.puts("environment=bar")
74
+ cat = compile_to_catalog('notify { $::puppetversion: }',
75
+ Puppet::Node.indirection.find('foo'))
76
+ expect(cat.resource("Notify[#{Puppet.version.to_s}]")).to be
88
77
  end
89
78
 
90
- Puppet.initialize_settings
91
- cat = compile_to_catalog('notify { $::agent_specified_environment: }',
79
+ context "when adding the agent_specified_environment fact" do
80
+ it "does not add the fact if the agent environment is not set" do
81
+ expect do
82
+ compile_to_catalog('notify { $::agent_specified_environment: }',
92
83
  Puppet::Node.indirection.find('foo'))
93
- expect(cat.resource("Notify[bar]")).to be
94
- end
84
+ end.to raise_error(Puppet::PreformattedError)
85
+ end
95
86
 
96
- it "adds the agent_specified_environment fact when set via command-line" do
97
- Puppet.initialize_settings(['--environment', 'bar'])
98
- cat = compile_to_catalog('notify { $::agent_specified_environment: }',
87
+ it "does not add the fact if the agent environment is set in sections other than agent or main" do
88
+ set_puppet_conf(Puppet[:confdir], <<~CONF)
89
+ [user]
90
+ environment=bar
91
+ CONF
92
+
93
+ Puppet.initialize_settings
94
+ expect do
95
+ compile_to_catalog('notify { $::agent_specified_environment: }',
99
96
  Puppet::Node.indirection.find('foo'))
100
- expect(cat.resource("Notify[bar]")).to be
101
- end
97
+ end.to raise_error(Puppet::PreformattedError)
98
+ end
102
99
 
103
- it "adds the agent_specified_environment fact, preferring cli, when set in puppet.conf and via command-line" do
104
- FileUtils.mkdir_p(Puppet[:confdir])
105
- File.open(File.join(Puppet[:confdir], 'puppet.conf'), 'w') do |f|
106
- f.puts("environment=bar")
107
- end
100
+ it "adds the agent_specified_environment fact when set in the agent section in puppet.conf" do
101
+ set_puppet_conf(Puppet[:confdir], <<~CONF)
102
+ [agent]
103
+ environment=bar
104
+ CONF
108
105
 
109
- Puppet.initialize_settings(['--environment', 'baz'])
110
- cat = compile_to_catalog('notify { $::agent_specified_environment: }',
111
- Puppet::Node.indirection.find('foo'))
112
- expect(cat.resource("Notify[baz]")).to be
106
+ Puppet.initialize_settings
107
+ cat = compile_to_catalog('notify { $::agent_specified_environment: }',
108
+ Puppet::Node.indirection.find('foo'))
109
+ expect(cat.resource("Notify[bar]")).to be
110
+ end
111
+
112
+ it "prefers agent_specified_environment from main if set in section other than agent" do
113
+ set_puppet_conf(Puppet[:confdir], <<~CONF)
114
+ [main]
115
+ environment=baz
116
+
117
+ [user]
118
+ environment=bar
119
+ CONF
120
+
121
+ Puppet.initialize_settings
122
+ cat = compile_to_catalog('notify { $::agent_specified_environment: }',
123
+ Puppet::Node.indirection.find('foo'))
124
+ expect(cat.resource("Notify[baz]")).to be
125
+ end
126
+
127
+ it "prefers agent_specified_environment from agent if set in multiple sections" do
128
+ set_puppet_conf(Puppet[:confdir], <<~CONF)
129
+ [main]
130
+ environment=baz
131
+
132
+ [agent]
133
+ environment=bar
134
+ CONF
135
+
136
+ Puppet.initialize_settings
137
+ cat = compile_to_catalog('notify { $::agent_specified_environment: }',
138
+ Puppet::Node.indirection.find('foo'))
139
+ expect(cat.resource("Notify[bar]")).to be
140
+ end
141
+
142
+ it "adds the agent_specified_environment fact when set in puppet.conf" do
143
+ set_puppet_conf(Puppet[:confdir], 'environment=bar')
144
+
145
+ Puppet.initialize_settings
146
+ cat = compile_to_catalog('notify { $::agent_specified_environment: }',
147
+ Puppet::Node.indirection.find('foo'))
148
+ expect(cat.resource("Notify[bar]")).to be
149
+ end
150
+
151
+ it "adds the agent_specified_environment fact when set via command-line" do
152
+ Puppet.initialize_settings(['--environment', 'bar'])
153
+ cat = compile_to_catalog('notify { $::agent_specified_environment: }',
154
+ Puppet::Node.indirection.find('foo'))
155
+ expect(cat.resource("Notify[bar]")).to be
156
+ end
157
+
158
+ it "adds the agent_specified_environment fact, preferring cli, when set in puppet.conf and via command-line" do
159
+ set_puppet_conf(Puppet[:confdir], 'environment=bar')
160
+
161
+ Puppet.initialize_settings(['--environment', 'baz'])
162
+ cat = compile_to_catalog('notify { $::agent_specified_environment: }',
163
+ Puppet::Node.indirection.find('foo'))
164
+ expect(cat.resource("Notify[baz]")).to be
165
+ end
166
+ end
113
167
  end
114
168
  end
@@ -7,70 +7,95 @@ describe Puppet::Type.type(:exec), unless: Puppet::Util::Platform.jruby? do
7
7
 
8
8
  let(:catalog) { Puppet::Resource::Catalog.new }
9
9
  let(:path) { tmpfile('exec_provider') }
10
- let(:command) { "ruby -e 'File.open(\"#{path}\", \"w\") { |f| f.print \"foo\" }'" }
11
10
 
12
11
  before :each do
13
12
  catalog.host_config = false
14
13
  end
15
14
 
16
- it "should execute the command" do
17
- exec = described_class.new :command => command, :path => ENV['PATH']
15
+ shared_examples_for 'a valid exec resource' do
16
+ it "should execute the command" do
17
+ exec = described_class.new :command => command, :path => ENV['PATH']
18
18
 
19
- catalog.add_resource exec
20
- catalog.apply
19
+ catalog.add_resource exec
20
+ catalog.apply
21
21
 
22
- expect(File.read(path)).to eq('foo')
23
- end
22
+ expect(File.read(path)).to eq('foo')
23
+ end
24
24
 
25
- it "should not execute the command if onlyif returns non-zero" do
26
- exec = described_class.new(
27
- :command => command,
28
- :onlyif => "ruby -e 'exit 44'",
29
- :path => ENV['PATH']
30
- )
25
+ it "should not execute the command if onlyif returns non-zero" do
26
+ exec = described_class.new(
27
+ :command => command,
28
+ :onlyif => "ruby -e 'exit 44'",
29
+ :path => ENV['PATH']
30
+ )
31
31
 
32
- catalog.add_resource exec
33
- catalog.apply
32
+ catalog.add_resource exec
33
+ catalog.apply
34
34
 
35
- expect(Puppet::FileSystem.exist?(path)).to be_falsey
36
- end
35
+ expect(Puppet::FileSystem.exist?(path)).to be_falsey
36
+ end
37
37
 
38
- it "should execute the command if onlyif returns zero" do
39
- exec = described_class.new(
40
- :command => command,
41
- :onlyif => "ruby -e 'exit 0'",
42
- :path => ENV['PATH']
43
- )
38
+ it "should execute the command if onlyif returns zero" do
39
+ exec = described_class.new(
40
+ :command => command,
41
+ :onlyif => "ruby -e 'exit 0'",
42
+ :path => ENV['PATH']
43
+ )
44
44
 
45
- catalog.add_resource exec
46
- catalog.apply
45
+ catalog.add_resource exec
46
+ catalog.apply
47
47
 
48
- expect(File.read(path)).to eq('foo')
49
- end
48
+ expect(File.read(path)).to eq('foo')
49
+ end
50
+
51
+ it "should execute the command if unless returns non-zero" do
52
+ exec = described_class.new(
53
+ :command => command,
54
+ :unless => "ruby -e 'exit 45'",
55
+ :path => ENV['PATH']
56
+ )
57
+
58
+ catalog.add_resource exec
59
+ catalog.apply
60
+
61
+ expect(File.read(path)).to eq('foo')
62
+ end
50
63
 
51
- it "should execute the command if unless returns non-zero" do
52
- exec = described_class.new(
53
- :command => command,
54
- :unless => "ruby -e 'exit 45'",
55
- :path => ENV['PATH']
56
- )
64
+ it "should not execute the command if unless returns zero" do
65
+ exec = described_class.new(
66
+ :command => command,
67
+ :unless => "ruby -e 'exit 0'",
68
+ :path => ENV['PATH']
69
+ )
57
70
 
58
- catalog.add_resource exec
59
- catalog.apply
71
+ catalog.add_resource exec
72
+ catalog.apply
60
73
 
61
- expect(File.read(path)).to eq('foo')
74
+ expect(Puppet::FileSystem.exist?(path)).to be_falsey
75
+ end
62
76
  end
63
77
 
64
- it "should not execute the command if unless returns zero" do
65
- exec = described_class.new(
66
- :command => command,
67
- :unless => "ruby -e 'exit 0'",
68
- :path => ENV['PATH']
69
- )
78
+ context 'when command is a string' do
79
+ let(:command) { "ruby -e 'File.open(\"#{path}\", \"w\") { |f| f.print \"foo\" }'" }
80
+
81
+ it_behaves_like 'a valid exec resource'
82
+ end
83
+
84
+ context 'when command is an array' do
85
+ let(:command) { ['ruby', '-e', "File.open(\"#{path}\", \"w\") { |f| f.print \"foo\" }"] }
86
+
87
+ it_behaves_like 'a valid exec resource'
88
+
89
+ context 'when is invalid' do
90
+ let(:command) { [ "ruby -e 'puts 1'" ] }
70
91
 
71
- catalog.add_resource exec
72
- catalog.apply
92
+ it 'logs error' do
93
+ exec = described_class.new :command => command, :path => ENV['PATH']
94
+ catalog.add_resource exec
95
+ logs = catalog.apply.report.logs
73
96
 
74
- expect(Puppet::FileSystem.exist?(path)).to be_falsey
97
+ expect(logs[0].message).to eql("Could not find command 'ruby -e 'puts 1''")
98
+ end
99
+ end
75
100
  end
76
101
  end
@@ -55,6 +55,24 @@ describe Puppet::Util::Windows::ADSI::User,
55
55
  end
56
56
  end
57
57
  end
58
+
59
+ describe '.current_user_name_with_format' do
60
+ context 'when desired format is NameSamCompatible' do
61
+ it 'should get the same user name as the current_user_name method but fully qualified' do
62
+ user_name = Puppet::Util::Windows::ADSI::User.current_user_name
63
+ fully_qualified_user_name = Puppet::Util::Windows::ADSI::User.current_sam_compatible_user_name
64
+
65
+ expect(fully_qualified_user_name).to match(/^.+\\#{user_name}$/)
66
+ end
67
+
68
+ it 'should have the same SID as with the current_user_name method' do
69
+ user_name = Puppet::Util::Windows::ADSI::User.current_user_name
70
+ fully_qualified_user_name = Puppet::Util::Windows::ADSI::User.current_sam_compatible_user_name
71
+
72
+ expect(Puppet::Util::Windows::SID.name_to_sid(user_name)).to eq(Puppet::Util::Windows::SID.name_to_sid(fully_qualified_user_name))
73
+ end
74
+ end
75
+ end
58
76
  end
59
77
 
60
78
  describe Puppet::Util::Windows::ADSI::Group,
@@ -7,6 +7,7 @@ describe Puppet::Util::Windows::SID::Principal, :if => Puppet::Util::Platform.wi
7
7
  let (:system_bytes) { [1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0] }
8
8
  let (:null_sid_bytes) { [1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] }
9
9
  let (:administrator_bytes) { [1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0] }
10
+ let (:all_application_packages_bytes) { [1, 2, 0, 0, 0, 0, 0, 15, 2, 0, 0, 0, 1, 0, 0, 0] }
10
11
  let (:computer_sid) { Puppet::Util::Windows::SID.name_to_principal(Puppet::Util::Windows::ADSI.computer_name) }
11
12
  # BUILTIN is localized on German Windows, but not French
12
13
  # looking this up like this dilutes the values of the tests as we're comparing two mechanisms
@@ -121,6 +122,26 @@ describe Puppet::Util::Windows::SID::Principal, :if => Puppet::Util::Platform.wi
121
122
  expect(principal.to_s).to eq(builtin_localized)
122
123
  end
123
124
 
125
+ it "should always sanitize the account name first" do
126
+ expect(Puppet::Util::Windows::SID::Principal).to receive(:sanitize_account_name).with('NT AUTHORITY\\SYSTEM').and_call_original
127
+ Puppet::Util::Windows::SID::Principal.lookup_account_name('NT AUTHORITY\\SYSTEM')
128
+ end
129
+
130
+ it "should be able to create an instance from an account name prefixed by APPLICATION PACKAGE AUTHORITY" do
131
+ principal = Puppet::Util::Windows::SID::Principal.lookup_account_name('APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES')
132
+ expect(principal.account).to eq('ALL APPLICATION PACKAGES')
133
+ expect(principal.sid_bytes).to eq(all_application_packages_bytes)
134
+ expect(principal.sid).to eq('S-1-15-2-1')
135
+ expect(principal.domain).to eq('APPLICATION PACKAGE AUTHORITY')
136
+ expect(principal.domain_account).to eq('APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES')
137
+ expect(principal.account_type).to eq(:SidTypeWellKnownGroup)
138
+ expect(principal.to_s).to eq('APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES')
139
+ end
140
+
141
+ it "should fail without proper account name sanitization when it is prefixed by APPLICATION PACKAGE AUTHORITY" do
142
+ given_account_name = 'APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES'
143
+ expect { Puppet::Util::Windows::SID::Principal.lookup_account_name(nil, false, given_account_name) }.to raise_error(Puppet::Util::Windows::Error, /No mapping between account names and security IDs was done./)
144
+ end
124
145
  end
125
146
 
126
147
  describe ".lookup_account_sid" do
@@ -263,6 +263,12 @@ describe Puppet::Util::Windows::Registry do
263
263
  type: Win32::Registry::REG_EXPAND_SZ,
264
264
  value: "\0\0\0reg expand string",
265
265
  expected_value: ""
266
+ },
267
+ {
268
+ name: 'REG_EXPAND_SZ_2',
269
+ type: Win32::Registry::REG_EXPAND_SZ,
270
+ value: "1\x002\x003\x004\x00\x00\x00\x90\xD8UoY".force_encoding("UTF-16LE"),
271
+ expected_value: "1234"
266
272
  }
267
273
  ].each do |pair|
268
274
  it 'reads up to the first wide null' do
@@ -30,7 +30,7 @@ module Puppet
30
30
  end
31
31
 
32
32
  def create_request(name)
33
- key = OpenSSL::PKey::RSA.new(1024)
33
+ key = OpenSSL::PKey::RSA.new(2048)
34
34
  csr = OpenSSL::X509::Request.new
35
35
  csr.public_key = key.public_key
36
36
  csr.subject = OpenSSL::X509::Name.new([["CN", name]])
@@ -46,6 +46,11 @@ module Puppet
46
46
  ext = ef.create_extension(["subjectAltName", opts[:subject_alt_names], false])
47
47
  cert.add_extension(ext)
48
48
  end
49
+ if exts = opts[:extensions]
50
+ exts.each do |e|
51
+ cert.add_extension(OpenSSL::X509::Extension.new(*e))
52
+ end
53
+ end
49
54
  cert.sign(issuer_key, @digest)
50
55
  { private_key: key, cert: cert }
51
56
  end
@@ -127,7 +132,7 @@ module Puppet
127
132
  key = if opts[:key_type] == :ec
128
133
  key = OpenSSL::PKey::EC.generate('prime256v1')
129
134
  else
130
- key = OpenSSL::PKey::RSA.new(1024)
135
+ key = OpenSSL::PKey::RSA.new(2048)
131
136
  end
132
137
  cert = OpenSSL::X509::Certificate.new
133
138
  cert.public_key = if key.is_a?(OpenSSL::PKey::EC)