puppet 6.21.0-x86-mingw32 → 6.24.0-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +5 -5
- data/Gemfile +1 -1
- data/Gemfile.lock +29 -23
- data/README.md +4 -4
- data/ext/osx/puppet.plist +2 -0
- data/ext/project_data.yaml +3 -2
- data/lib/puppet.rb +3 -3
- data/lib/puppet/application/agent.rb +12 -5
- data/lib/puppet/application/apply.rb +2 -1
- data/lib/puppet/application/device.rb +2 -1
- data/lib/puppet/application/filebucket.rb +1 -0
- data/lib/puppet/application/resource.rb +17 -3
- data/lib/puppet/application/script.rb +2 -1
- data/lib/puppet/application/ssl.rb +12 -0
- data/lib/puppet/configurer/downloader.rb +2 -1
- data/lib/puppet/defaults.rb +27 -5
- data/lib/puppet/environments.rb +26 -1
- data/lib/puppet/face/facts.rb +128 -30
- data/lib/puppet/face/help/action.erb +1 -0
- data/lib/puppet/face/help/face.erb +1 -0
- data/lib/puppet/face/node/clean.rb +11 -0
- data/lib/puppet/file_serving/fileset.rb +14 -2
- data/lib/puppet/file_system/file_impl.rb +1 -1
- data/lib/puppet/file_system/memory_file.rb +8 -1
- data/lib/puppet/file_system/windows.rb +4 -2
- data/lib/puppet/forge.rb +3 -3
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/empty.rb +8 -0
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +13 -5
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/partition.rb +12 -4
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/strftime.rb +1 -0
- data/lib/puppet/functions/tree_each.rb +7 -9
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/unwrap.rb +17 -2
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/http/resolver/server_list.rb +15 -4
- data/lib/puppet/http/service/compiler.rb +69 -0
- data/lib/puppet/http/service/file_server.rb +2 -1
- data/lib/puppet/indirector/catalog/compiler.rb +1 -0
- data/lib/puppet/indirector/facts/facter.rb +24 -3
- data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
- data/lib/puppet/indirector/resource/ral.rb +6 -1
- data/lib/puppet/interface/documentation.rb +1 -0
- data/lib/puppet/module_tool/applications/installer.rb +4 -0
- data/lib/puppet/module_tool/errors/shared.rb +17 -0
- data/lib/puppet/network/formats.rb +67 -0
- data/lib/puppet/network/http/factory.rb +4 -0
- data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
- data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
- data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/provider/exec/posix.rb +16 -4
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/package/nim.rb +11 -6
- data/lib/puppet/provider/package/pip.rb +15 -3
- data/lib/puppet/provider/parsedfile.rb +3 -0
- data/lib/puppet/provider/service/systemd.rb +14 -4
- data/lib/puppet/provider/service/windows.rb +38 -0
- data/lib/puppet/provider/user/directoryservice.rb +25 -12
- data/lib/puppet/provider/user/useradd.rb +9 -2
- data/lib/puppet/reference/configuration.rb +1 -1
- data/lib/puppet/settings.rb +30 -7
- data/lib/puppet/settings/environment_conf.rb +1 -0
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/type/exec.rb +16 -3
- data/lib/puppet/type/file.rb +19 -1
- data/lib/puppet/type/file/mode.rb +6 -0
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/service.rb +18 -38
- data/lib/puppet/type/tidy.rb +22 -3
- data/lib/puppet/type/user.rb +38 -20
- data/lib/puppet/util/fact_dif.rb +36 -17
- data/lib/puppet/util/monkey_patches.rb +7 -0
- data/lib/puppet/util/selinux.rb +30 -4
- data/lib/puppet/util/symbolic_file_mode.rb +29 -17
- data/lib/puppet/util/windows/adsi.rb +46 -0
- data/lib/puppet/util/windows/api_types.rb +1 -1
- data/lib/puppet/util/windows/principal.rb +9 -2
- data/lib/puppet/util/windows/sid.rb +6 -2
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +360 -280
- data/man/man5/puppet.conf.5 +279 -251
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +65 -7
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +7 -7
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +5 -1
- data/man/man8/puppet-status.8 +4 -4
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
- data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/ca.pem +57 -35
- data/spec/fixtures/ssl/crl.pem +28 -18
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +33 -24
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +108 -58
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
- data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
- data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
- data/spec/fixtures/ssl/intermediate.pem +57 -36
- data/spec/fixtures/ssl/oid-key.pem +117 -0
- data/spec/fixtures/ssl/oid.pem +69 -0
- data/spec/fixtures/ssl/pluto-key.pem +107 -57
- data/spec/fixtures/ssl/pluto.pem +52 -30
- data/spec/fixtures/ssl/request-key.pem +107 -57
- data/spec/fixtures/ssl/request.pem +47 -26
- data/spec/fixtures/ssl/revoked-key.pem +107 -57
- data/spec/fixtures/ssl/revoked.pem +52 -30
- data/spec/fixtures/ssl/signed-key.pem +107 -57
- data/spec/fixtures/ssl/signed.pem +52 -30
- data/spec/fixtures/ssl/tampered-cert.pem +52 -30
- data/spec/fixtures/ssl/tampered-csr.pem +47 -26
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
- data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-ca.pem +55 -33
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
- data/spec/integration/application/filebucket_spec.rb +11 -0
- data/spec/integration/application/module_spec.rb +21 -0
- data/spec/integration/application/plugin_spec.rb +1 -1
- data/spec/integration/application/resource_spec.rb +64 -0
- data/spec/integration/application/ssl_spec.rb +20 -0
- data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
- data/spec/integration/http/client_spec.rb +12 -0
- data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
- data/spec/integration/indirector/facts/facter_spec.rb +90 -36
- data/spec/integration/type/exec_spec.rb +70 -45
- data/spec/integration/util/windows/adsi_spec.rb +18 -0
- data/spec/integration/util/windows/principal_spec.rb +21 -0
- data/spec/integration/util/windows/registry_spec.rb +6 -0
- data/spec/lib/puppet/test_ca.rb +7 -2
- data/spec/lib/puppet_spec/settings.rb +1 -0
- data/spec/spec_helper.rb +11 -1
- data/spec/unit/application/agent_spec.rb +7 -2
- data/spec/unit/application/facts_spec.rb +482 -3
- data/spec/unit/application/ssl_spec.rb +23 -0
- data/spec/unit/configurer/downloader_spec.rb +6 -0
- data/spec/unit/configurer_spec.rb +23 -0
- data/spec/unit/defaults_spec.rb +16 -0
- data/spec/unit/environments_spec.rb +199 -88
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/file_serving/fileset_spec.rb +60 -0
- data/spec/unit/file_system_spec.rb +15 -0
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +10 -0
- data/spec/unit/functions/unwrap_spec.rb +8 -0
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/gettext/config_spec.rb +12 -0
- data/spec/unit/http/service/compiler_spec.rb +123 -0
- data/spec/unit/indirector/catalog/compiler_spec.rb +14 -10
- data/spec/unit/indirector/facts/facter_spec.rb +95 -0
- data/spec/unit/indirector/resource/ral_spec.rb +40 -75
- data/spec/unit/module_tool/applications/installer_spec.rb +12 -0
- data/spec/unit/network/formats_spec.rb +41 -0
- data/spec/unit/network/http/factory_spec.rb +19 -0
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
- data/spec/unit/parser/templatewrapper_spec.rb +12 -2
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
- data/spec/unit/provider/package/nim_spec.rb +42 -0
- data/spec/unit/provider/package/pip_spec.rb +37 -0
- data/spec/unit/provider/parsedfile_spec.rb +10 -0
- data/spec/unit/provider/service/init_spec.rb +1 -0
- data/spec/unit/provider/service/openwrt_spec.rb +3 -1
- data/spec/unit/provider/service/systemd_spec.rb +53 -8
- data/spec/unit/provider/service/windows_spec.rb +202 -0
- data/spec/unit/provider/user/directoryservice_spec.rb +67 -35
- data/spec/unit/provider/user/useradd_spec.rb +21 -6
- data/spec/unit/resource/catalog_spec.rb +1 -1
- data/spec/unit/settings_spec.rb +97 -56
- data/spec/unit/ssl/state_machine_spec.rb +19 -5
- data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
- data/spec/unit/transaction_spec.rb +18 -20
- data/spec/unit/type/exec_spec.rb +76 -29
- data/spec/unit/type/file/selinux_spec.rb +3 -3
- data/spec/unit/type/file/source_spec.rb +4 -4
- data/spec/unit/type/service_spec.rb +59 -188
- data/spec/unit/type/tidy_spec.rb +24 -7
- data/spec/unit/type/user_spec.rb +45 -0
- data/spec/unit/util/selinux_spec.rb +87 -16
- data/spec/unit/util/windows/sid_spec.rb +41 -0
- data/tasks/generate_cert_fixtures.rake +12 -3
- metadata +24 -9
- data/spec/lib/matchers/include.rb +0 -27
- data/spec/lib/matchers/include_spec.rb +0 -32
@@ -0,0 +1,20 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe "puppet ssl", unless: Puppet::Util::Platform.jruby? do
|
4
|
+
context "print" do
|
5
|
+
it 'translates custom oids to their long name' do
|
6
|
+
basedir = File.expand_path("#{__FILE__}/../../../fixtures/ssl")
|
7
|
+
# registering custom oids changes global state, so shell out
|
8
|
+
output =
|
9
|
+
%x{puppet ssl show \
|
10
|
+
--certname oid \
|
11
|
+
--localcacert #{basedir}/ca.pem \
|
12
|
+
--hostcrl #{basedir}/crl.pem \
|
13
|
+
--hostprivkey #{basedir}/oid-key.pem \
|
14
|
+
--hostcert #{basedir}/oid.pem \
|
15
|
+
--trusted_oid_mapping_file #{basedir}/trusted_oid_mapping.yaml 2>&1
|
16
|
+
}
|
17
|
+
expect(output).to match(/Long name:/)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -9,10 +9,6 @@ describe "interpolating $environment" do
|
|
9
9
|
let(:confdir) { Puppet[:confdir] }
|
10
10
|
let(:cmdline_args) { ['--confdir', confdir, '--vardir', Puppet[:vardir], '--hiera_config', Puppet[:hiera_config]] }
|
11
11
|
|
12
|
-
before(:each) do
|
13
|
-
FileUtils.mkdir_p(confdir)
|
14
|
-
end
|
15
|
-
|
16
12
|
shared_examples_for "a setting that does not interpolate $environment" do
|
17
13
|
|
18
14
|
before(:each) do
|
@@ -151,4 +151,16 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
|
|
151
151
|
end
|
152
152
|
end
|
153
153
|
end
|
154
|
+
|
155
|
+
context 'ciphersuites' do
|
156
|
+
it "does not connect when using an SSLv3 ciphersuite", :if => Puppet::Util::Package.versioncmp(OpenSSL::OPENSSL_LIBRARY_VERSION.split[1], '1.1.1e') > 0 do
|
157
|
+
Puppet[:ciphers] = "DES-CBC3-SHA"
|
158
|
+
|
159
|
+
https_server.start_server do |port|
|
160
|
+
expect {
|
161
|
+
client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: root_context})
|
162
|
+
}.to raise_error(Puppet::HTTP::ConnectionError, /no cipher match|sslv3 alert handshake failure/)
|
163
|
+
end
|
164
|
+
end
|
165
|
+
end
|
154
166
|
end
|
@@ -1,5 +1,4 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
-
require 'matchers/include'
|
3
2
|
|
4
3
|
require 'puppet/indirector/file_content/file'
|
5
4
|
require 'puppet/indirector/file_metadata/file'
|
@@ -30,7 +29,6 @@ end
|
|
30
29
|
|
31
30
|
describe Puppet::Indirector::DirectFileServer, " when interacting with FileServing::Fileset and the model" do
|
32
31
|
include PuppetSpec::Files
|
33
|
-
include Matchers::Include
|
34
32
|
|
35
33
|
matcher :file_with_content do |name, content|
|
36
34
|
match do |actual|
|
@@ -52,7 +50,7 @@ describe Puppet::Indirector::DirectFileServer, " when interacting with FileServi
|
|
52
50
|
terminus = Puppet::Indirector::FileContent::File.new
|
53
51
|
request = terminus.indirection.request(:search, Puppet::Util.path_to_uri(path).to_s, nil, :recurse => true)
|
54
52
|
|
55
|
-
expect(terminus.search(request)).to
|
53
|
+
expect(terminus.search(request)).to contain_exactly(
|
56
54
|
file_with_content(File.join(path, "one"), "one content"),
|
57
55
|
file_with_content(File.join(path, "two"), "two content"),
|
58
56
|
directory_named(path))
|
@@ -6,6 +6,7 @@ require 'puppet/indirector/facts/facter'
|
|
6
6
|
describe Puppet::Node::Facts::Facter do
|
7
7
|
include PuppetSpec::Files
|
8
8
|
include PuppetSpec::Compiler
|
9
|
+
include PuppetSpec::Settings
|
9
10
|
|
10
11
|
before :each do
|
11
12
|
Puppet::Node::Facts.indirection.terminus_class = :facter
|
@@ -66,49 +67,102 @@ describe Puppet::Node::Facts::Facter do
|
|
66
67
|
end
|
67
68
|
end
|
68
69
|
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
cat = compile_to_catalog('notify { $::puppetversion: }',
|
73
|
-
Puppet::Node.indirection.find('foo'))
|
74
|
-
expect(cat.resource("Notify[#{Puppet.version.to_s}]")).to be
|
75
|
-
end
|
70
|
+
context "adding facts" do
|
71
|
+
it "adds the puppetversion fact" do
|
72
|
+
allow(Facter).to receive(:reset)
|
76
73
|
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
Puppet::Node.indirection.find('foo'))
|
81
|
-
end.to raise_error(Puppet::PreformattedError)
|
82
|
-
end
|
83
|
-
|
84
|
-
it "adds the agent_specified_environment fact when set in puppet.conf" do
|
85
|
-
FileUtils.mkdir_p(Puppet[:confdir])
|
86
|
-
File.open(File.join(Puppet[:confdir], 'puppet.conf'), 'w') do |f|
|
87
|
-
f.puts("environment=bar")
|
74
|
+
cat = compile_to_catalog('notify { $::puppetversion: }',
|
75
|
+
Puppet::Node.indirection.find('foo'))
|
76
|
+
expect(cat.resource("Notify[#{Puppet.version.to_s}]")).to be
|
88
77
|
end
|
89
78
|
|
90
|
-
|
91
|
-
|
79
|
+
context "when adding the agent_specified_environment fact" do
|
80
|
+
it "does not add the fact if the agent environment is not set" do
|
81
|
+
expect do
|
82
|
+
compile_to_catalog('notify { $::agent_specified_environment: }',
|
92
83
|
Puppet::Node.indirection.find('foo'))
|
93
|
-
|
94
|
-
|
84
|
+
end.to raise_error(Puppet::PreformattedError)
|
85
|
+
end
|
95
86
|
|
96
|
-
|
97
|
-
|
98
|
-
|
87
|
+
it "does not add the fact if the agent environment is set in sections other than agent or main" do
|
88
|
+
set_puppet_conf(Puppet[:confdir], <<~CONF)
|
89
|
+
[user]
|
90
|
+
environment=bar
|
91
|
+
CONF
|
92
|
+
|
93
|
+
Puppet.initialize_settings
|
94
|
+
expect do
|
95
|
+
compile_to_catalog('notify { $::agent_specified_environment: }',
|
99
96
|
Puppet::Node.indirection.find('foo'))
|
100
|
-
|
101
|
-
|
97
|
+
end.to raise_error(Puppet::PreformattedError)
|
98
|
+
end
|
102
99
|
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
100
|
+
it "adds the agent_specified_environment fact when set in the agent section in puppet.conf" do
|
101
|
+
set_puppet_conf(Puppet[:confdir], <<~CONF)
|
102
|
+
[agent]
|
103
|
+
environment=bar
|
104
|
+
CONF
|
108
105
|
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
106
|
+
Puppet.initialize_settings
|
107
|
+
cat = compile_to_catalog('notify { $::agent_specified_environment: }',
|
108
|
+
Puppet::Node.indirection.find('foo'))
|
109
|
+
expect(cat.resource("Notify[bar]")).to be
|
110
|
+
end
|
111
|
+
|
112
|
+
it "prefers agent_specified_environment from main if set in section other than agent" do
|
113
|
+
set_puppet_conf(Puppet[:confdir], <<~CONF)
|
114
|
+
[main]
|
115
|
+
environment=baz
|
116
|
+
|
117
|
+
[user]
|
118
|
+
environment=bar
|
119
|
+
CONF
|
120
|
+
|
121
|
+
Puppet.initialize_settings
|
122
|
+
cat = compile_to_catalog('notify { $::agent_specified_environment: }',
|
123
|
+
Puppet::Node.indirection.find('foo'))
|
124
|
+
expect(cat.resource("Notify[baz]")).to be
|
125
|
+
end
|
126
|
+
|
127
|
+
it "prefers agent_specified_environment from agent if set in multiple sections" do
|
128
|
+
set_puppet_conf(Puppet[:confdir], <<~CONF)
|
129
|
+
[main]
|
130
|
+
environment=baz
|
131
|
+
|
132
|
+
[agent]
|
133
|
+
environment=bar
|
134
|
+
CONF
|
135
|
+
|
136
|
+
Puppet.initialize_settings
|
137
|
+
cat = compile_to_catalog('notify { $::agent_specified_environment: }',
|
138
|
+
Puppet::Node.indirection.find('foo'))
|
139
|
+
expect(cat.resource("Notify[bar]")).to be
|
140
|
+
end
|
141
|
+
|
142
|
+
it "adds the agent_specified_environment fact when set in puppet.conf" do
|
143
|
+
set_puppet_conf(Puppet[:confdir], 'environment=bar')
|
144
|
+
|
145
|
+
Puppet.initialize_settings
|
146
|
+
cat = compile_to_catalog('notify { $::agent_specified_environment: }',
|
147
|
+
Puppet::Node.indirection.find('foo'))
|
148
|
+
expect(cat.resource("Notify[bar]")).to be
|
149
|
+
end
|
150
|
+
|
151
|
+
it "adds the agent_specified_environment fact when set via command-line" do
|
152
|
+
Puppet.initialize_settings(['--environment', 'bar'])
|
153
|
+
cat = compile_to_catalog('notify { $::agent_specified_environment: }',
|
154
|
+
Puppet::Node.indirection.find('foo'))
|
155
|
+
expect(cat.resource("Notify[bar]")).to be
|
156
|
+
end
|
157
|
+
|
158
|
+
it "adds the agent_specified_environment fact, preferring cli, when set in puppet.conf and via command-line" do
|
159
|
+
set_puppet_conf(Puppet[:confdir], 'environment=bar')
|
160
|
+
|
161
|
+
Puppet.initialize_settings(['--environment', 'baz'])
|
162
|
+
cat = compile_to_catalog('notify { $::agent_specified_environment: }',
|
163
|
+
Puppet::Node.indirection.find('foo'))
|
164
|
+
expect(cat.resource("Notify[baz]")).to be
|
165
|
+
end
|
166
|
+
end
|
113
167
|
end
|
114
168
|
end
|
@@ -7,70 +7,95 @@ describe Puppet::Type.type(:exec), unless: Puppet::Util::Platform.jruby? do
|
|
7
7
|
|
8
8
|
let(:catalog) { Puppet::Resource::Catalog.new }
|
9
9
|
let(:path) { tmpfile('exec_provider') }
|
10
|
-
let(:command) { "ruby -e 'File.open(\"#{path}\", \"w\") { |f| f.print \"foo\" }'" }
|
11
10
|
|
12
11
|
before :each do
|
13
12
|
catalog.host_config = false
|
14
13
|
end
|
15
14
|
|
16
|
-
|
17
|
-
|
15
|
+
shared_examples_for 'a valid exec resource' do
|
16
|
+
it "should execute the command" do
|
17
|
+
exec = described_class.new :command => command, :path => ENV['PATH']
|
18
18
|
|
19
|
-
|
20
|
-
|
19
|
+
catalog.add_resource exec
|
20
|
+
catalog.apply
|
21
21
|
|
22
|
-
|
23
|
-
|
22
|
+
expect(File.read(path)).to eq('foo')
|
23
|
+
end
|
24
24
|
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
25
|
+
it "should not execute the command if onlyif returns non-zero" do
|
26
|
+
exec = described_class.new(
|
27
|
+
:command => command,
|
28
|
+
:onlyif => "ruby -e 'exit 44'",
|
29
|
+
:path => ENV['PATH']
|
30
|
+
)
|
31
31
|
|
32
|
-
|
33
|
-
|
32
|
+
catalog.add_resource exec
|
33
|
+
catalog.apply
|
34
34
|
|
35
|
-
|
36
|
-
|
35
|
+
expect(Puppet::FileSystem.exist?(path)).to be_falsey
|
36
|
+
end
|
37
37
|
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
38
|
+
it "should execute the command if onlyif returns zero" do
|
39
|
+
exec = described_class.new(
|
40
|
+
:command => command,
|
41
|
+
:onlyif => "ruby -e 'exit 0'",
|
42
|
+
:path => ENV['PATH']
|
43
|
+
)
|
44
44
|
|
45
|
-
|
46
|
-
|
45
|
+
catalog.add_resource exec
|
46
|
+
catalog.apply
|
47
47
|
|
48
|
-
|
49
|
-
|
48
|
+
expect(File.read(path)).to eq('foo')
|
49
|
+
end
|
50
|
+
|
51
|
+
it "should execute the command if unless returns non-zero" do
|
52
|
+
exec = described_class.new(
|
53
|
+
:command => command,
|
54
|
+
:unless => "ruby -e 'exit 45'",
|
55
|
+
:path => ENV['PATH']
|
56
|
+
)
|
57
|
+
|
58
|
+
catalog.add_resource exec
|
59
|
+
catalog.apply
|
60
|
+
|
61
|
+
expect(File.read(path)).to eq('foo')
|
62
|
+
end
|
50
63
|
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
64
|
+
it "should not execute the command if unless returns zero" do
|
65
|
+
exec = described_class.new(
|
66
|
+
:command => command,
|
67
|
+
:unless => "ruby -e 'exit 0'",
|
68
|
+
:path => ENV['PATH']
|
69
|
+
)
|
57
70
|
|
58
|
-
|
59
|
-
|
71
|
+
catalog.add_resource exec
|
72
|
+
catalog.apply
|
60
73
|
|
61
|
-
|
74
|
+
expect(Puppet::FileSystem.exist?(path)).to be_falsey
|
75
|
+
end
|
62
76
|
end
|
63
77
|
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
78
|
+
context 'when command is a string' do
|
79
|
+
let(:command) { "ruby -e 'File.open(\"#{path}\", \"w\") { |f| f.print \"foo\" }'" }
|
80
|
+
|
81
|
+
it_behaves_like 'a valid exec resource'
|
82
|
+
end
|
83
|
+
|
84
|
+
context 'when command is an array' do
|
85
|
+
let(:command) { ['ruby', '-e', "File.open(\"#{path}\", \"w\") { |f| f.print \"foo\" }"] }
|
86
|
+
|
87
|
+
it_behaves_like 'a valid exec resource'
|
88
|
+
|
89
|
+
context 'when is invalid' do
|
90
|
+
let(:command) { [ "ruby -e 'puts 1'" ] }
|
70
91
|
|
71
|
-
|
72
|
-
|
92
|
+
it 'logs error' do
|
93
|
+
exec = described_class.new :command => command, :path => ENV['PATH']
|
94
|
+
catalog.add_resource exec
|
95
|
+
logs = catalog.apply.report.logs
|
73
96
|
|
74
|
-
|
97
|
+
expect(logs[0].message).to eql("Could not find command 'ruby -e 'puts 1''")
|
98
|
+
end
|
99
|
+
end
|
75
100
|
end
|
76
101
|
end
|
@@ -55,6 +55,24 @@ describe Puppet::Util::Windows::ADSI::User,
|
|
55
55
|
end
|
56
56
|
end
|
57
57
|
end
|
58
|
+
|
59
|
+
describe '.current_user_name_with_format' do
|
60
|
+
context 'when desired format is NameSamCompatible' do
|
61
|
+
it 'should get the same user name as the current_user_name method but fully qualified' do
|
62
|
+
user_name = Puppet::Util::Windows::ADSI::User.current_user_name
|
63
|
+
fully_qualified_user_name = Puppet::Util::Windows::ADSI::User.current_sam_compatible_user_name
|
64
|
+
|
65
|
+
expect(fully_qualified_user_name).to match(/^.+\\#{user_name}$/)
|
66
|
+
end
|
67
|
+
|
68
|
+
it 'should have the same SID as with the current_user_name method' do
|
69
|
+
user_name = Puppet::Util::Windows::ADSI::User.current_user_name
|
70
|
+
fully_qualified_user_name = Puppet::Util::Windows::ADSI::User.current_sam_compatible_user_name
|
71
|
+
|
72
|
+
expect(Puppet::Util::Windows::SID.name_to_sid(user_name)).to eq(Puppet::Util::Windows::SID.name_to_sid(fully_qualified_user_name))
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
58
76
|
end
|
59
77
|
|
60
78
|
describe Puppet::Util::Windows::ADSI::Group,
|
@@ -7,6 +7,7 @@ describe Puppet::Util::Windows::SID::Principal, :if => Puppet::Util::Platform.wi
|
|
7
7
|
let (:system_bytes) { [1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0] }
|
8
8
|
let (:null_sid_bytes) { [1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] }
|
9
9
|
let (:administrator_bytes) { [1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0] }
|
10
|
+
let (:all_application_packages_bytes) { [1, 2, 0, 0, 0, 0, 0, 15, 2, 0, 0, 0, 1, 0, 0, 0] }
|
10
11
|
let (:computer_sid) { Puppet::Util::Windows::SID.name_to_principal(Puppet::Util::Windows::ADSI.computer_name) }
|
11
12
|
# BUILTIN is localized on German Windows, but not French
|
12
13
|
# looking this up like this dilutes the values of the tests as we're comparing two mechanisms
|
@@ -121,6 +122,26 @@ describe Puppet::Util::Windows::SID::Principal, :if => Puppet::Util::Platform.wi
|
|
121
122
|
expect(principal.to_s).to eq(builtin_localized)
|
122
123
|
end
|
123
124
|
|
125
|
+
it "should always sanitize the account name first" do
|
126
|
+
expect(Puppet::Util::Windows::SID::Principal).to receive(:sanitize_account_name).with('NT AUTHORITY\\SYSTEM').and_call_original
|
127
|
+
Puppet::Util::Windows::SID::Principal.lookup_account_name('NT AUTHORITY\\SYSTEM')
|
128
|
+
end
|
129
|
+
|
130
|
+
it "should be able to create an instance from an account name prefixed by APPLICATION PACKAGE AUTHORITY" do
|
131
|
+
principal = Puppet::Util::Windows::SID::Principal.lookup_account_name('APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES')
|
132
|
+
expect(principal.account).to eq('ALL APPLICATION PACKAGES')
|
133
|
+
expect(principal.sid_bytes).to eq(all_application_packages_bytes)
|
134
|
+
expect(principal.sid).to eq('S-1-15-2-1')
|
135
|
+
expect(principal.domain).to eq('APPLICATION PACKAGE AUTHORITY')
|
136
|
+
expect(principal.domain_account).to eq('APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES')
|
137
|
+
expect(principal.account_type).to eq(:SidTypeWellKnownGroup)
|
138
|
+
expect(principal.to_s).to eq('APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES')
|
139
|
+
end
|
140
|
+
|
141
|
+
it "should fail without proper account name sanitization when it is prefixed by APPLICATION PACKAGE AUTHORITY" do
|
142
|
+
given_account_name = 'APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES'
|
143
|
+
expect { Puppet::Util::Windows::SID::Principal.lookup_account_name(nil, false, given_account_name) }.to raise_error(Puppet::Util::Windows::Error, /No mapping between account names and security IDs was done./)
|
144
|
+
end
|
124
145
|
end
|
125
146
|
|
126
147
|
describe ".lookup_account_sid" do
|
@@ -263,6 +263,12 @@ describe Puppet::Util::Windows::Registry do
|
|
263
263
|
type: Win32::Registry::REG_EXPAND_SZ,
|
264
264
|
value: "\0\0\0reg expand string",
|
265
265
|
expected_value: ""
|
266
|
+
},
|
267
|
+
{
|
268
|
+
name: 'REG_EXPAND_SZ_2',
|
269
|
+
type: Win32::Registry::REG_EXPAND_SZ,
|
270
|
+
value: "1\x002\x003\x004\x00\x00\x00\x90\xD8UoY".force_encoding("UTF-16LE"),
|
271
|
+
expected_value: "1234"
|
266
272
|
}
|
267
273
|
].each do |pair|
|
268
274
|
it 'reads up to the first wide null' do
|
data/spec/lib/puppet/test_ca.rb
CHANGED
@@ -30,7 +30,7 @@ module Puppet
|
|
30
30
|
end
|
31
31
|
|
32
32
|
def create_request(name)
|
33
|
-
key = OpenSSL::PKey::RSA.new(
|
33
|
+
key = OpenSSL::PKey::RSA.new(2048)
|
34
34
|
csr = OpenSSL::X509::Request.new
|
35
35
|
csr.public_key = key.public_key
|
36
36
|
csr.subject = OpenSSL::X509::Name.new([["CN", name]])
|
@@ -46,6 +46,11 @@ module Puppet
|
|
46
46
|
ext = ef.create_extension(["subjectAltName", opts[:subject_alt_names], false])
|
47
47
|
cert.add_extension(ext)
|
48
48
|
end
|
49
|
+
if exts = opts[:extensions]
|
50
|
+
exts.each do |e|
|
51
|
+
cert.add_extension(OpenSSL::X509::Extension.new(*e))
|
52
|
+
end
|
53
|
+
end
|
49
54
|
cert.sign(issuer_key, @digest)
|
50
55
|
{ private_key: key, cert: cert }
|
51
56
|
end
|
@@ -127,7 +132,7 @@ module Puppet
|
|
127
132
|
key = if opts[:key_type] == :ec
|
128
133
|
key = OpenSSL::PKey::EC.generate('prime256v1')
|
129
134
|
else
|
130
|
-
key = OpenSSL::PKey::RSA.new(
|
135
|
+
key = OpenSSL::PKey::RSA.new(2048)
|
131
136
|
end
|
132
137
|
cert = OpenSSL::X509::Certificate.new
|
133
138
|
cert.public_key = if key.is_a?(OpenSSL::PKey::EC)
|