RubyGems - puppet - Versions diffs - 6.21.0-x86-mingw32 → 6.24.0-x86-mingw32 - Mend

puppet 6.21.0-x86-mingw32 → 6.24.0-x86-mingw32

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (217) hide show

checksums.yaml +4 -4
data/CONTRIBUTING.md +5 -5
data/Gemfile +1 -1
data/Gemfile.lock +29 -23
data/README.md +4 -4
data/ext/osx/puppet.plist +2 -0
data/ext/project_data.yaml +3 -2
data/lib/puppet.rb +3 -3
data/lib/puppet/application/agent.rb +12 -5
data/lib/puppet/application/apply.rb +2 -1
data/lib/puppet/application/device.rb +2 -1
data/lib/puppet/application/filebucket.rb +1 -0
data/lib/puppet/application/resource.rb +17 -3
data/lib/puppet/application/script.rb +2 -1
data/lib/puppet/application/ssl.rb +12 -0
data/lib/puppet/configurer/downloader.rb +2 -1
data/lib/puppet/defaults.rb +27 -5
data/lib/puppet/environments.rb +26 -1
data/lib/puppet/face/facts.rb +128 -30
data/lib/puppet/face/help/action.erb +1 -0
data/lib/puppet/face/help/face.erb +1 -0
data/lib/puppet/face/node/clean.rb +11 -0
data/lib/puppet/file_serving/fileset.rb +14 -2
data/lib/puppet/file_system/file_impl.rb +1 -1
data/lib/puppet/file_system/memory_file.rb +8 -1
data/lib/puppet/file_system/windows.rb +4 -2
data/lib/puppet/forge.rb +3 -3
data/lib/puppet/functions/all.rb +1 -1
data/lib/puppet/functions/camelcase.rb +1 -1
data/lib/puppet/functions/capitalize.rb +2 -2
data/lib/puppet/functions/downcase.rb +2 -2
data/lib/puppet/functions/empty.rb +8 -0
data/lib/puppet/functions/get.rb +5 -5
data/lib/puppet/functions/group_by.rb +13 -5
data/lib/puppet/functions/lest.rb +1 -1
data/lib/puppet/functions/new.rb +100 -100
data/lib/puppet/functions/partition.rb +12 -4
data/lib/puppet/functions/require.rb +5 -5
data/lib/puppet/functions/sort.rb +3 -3
data/lib/puppet/functions/strftime.rb +1 -0
data/lib/puppet/functions/tree_each.rb +7 -9
data/lib/puppet/functions/type.rb +4 -4
data/lib/puppet/functions/unwrap.rb +17 -2
data/lib/puppet/functions/upcase.rb +2 -2
data/lib/puppet/http/resolver/server_list.rb +15 -4
data/lib/puppet/http/service/compiler.rb +69 -0
data/lib/puppet/http/service/file_server.rb +2 -1
data/lib/puppet/indirector/catalog/compiler.rb +1 -0
data/lib/puppet/indirector/facts/facter.rb +24 -3
data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
data/lib/puppet/indirector/resource/ral.rb +6 -1
data/lib/puppet/interface/documentation.rb +1 -0
data/lib/puppet/module_tool/applications/installer.rb +4 -0
data/lib/puppet/module_tool/errors/shared.rb +17 -0
data/lib/puppet/network/formats.rb +67 -0
data/lib/puppet/network/http/factory.rb +4 -0
data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
data/lib/puppet/provider/exec/posix.rb +16 -4
data/lib/puppet/provider/package/dnfmodule.rb +1 -1
data/lib/puppet/provider/package/nim.rb +11 -6
data/lib/puppet/provider/package/pip.rb +15 -3
data/lib/puppet/provider/parsedfile.rb +3 -0
data/lib/puppet/provider/service/systemd.rb +14 -4
data/lib/puppet/provider/service/windows.rb +38 -0
data/lib/puppet/provider/user/directoryservice.rb +25 -12
data/lib/puppet/provider/user/useradd.rb +9 -2
data/lib/puppet/reference/configuration.rb +1 -1
data/lib/puppet/settings.rb +30 -7
data/lib/puppet/settings/environment_conf.rb +1 -0
data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
data/lib/puppet/type/exec.rb +16 -3
data/lib/puppet/type/file.rb +19 -1
data/lib/puppet/type/file/mode.rb +6 -0
data/lib/puppet/type/file/selcontext.rb +1 -1
data/lib/puppet/type/service.rb +18 -38
data/lib/puppet/type/tidy.rb +22 -3
data/lib/puppet/type/user.rb +38 -20
data/lib/puppet/util/fact_dif.rb +36 -17
data/lib/puppet/util/monkey_patches.rb +7 -0
data/lib/puppet/util/selinux.rb +30 -4
data/lib/puppet/util/symbolic_file_mode.rb +29 -17
data/lib/puppet/util/windows/adsi.rb +46 -0
data/lib/puppet/util/windows/api_types.rb +1 -1
data/lib/puppet/util/windows/principal.rb +9 -2
data/lib/puppet/util/windows/sid.rb +6 -2
data/lib/puppet/version.rb +1 -1
data/locales/puppet.pot +360 -280
data/man/man5/puppet.conf.5 +279 -251
data/man/man8/puppet-agent.8 +1 -1
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-catalog.8 +9 -9
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +1 -1
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +65 -7
data/man/man8/puppet-filebucket.8 +1 -1
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-key.8 +7 -7
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +1 -1
data/man/man8/puppet-node.8 +5 -5
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +5 -5
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +5 -1
data/man/man8/puppet-status.8 +4 -4
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
data/spec/fixtures/ssl/ca.pem +57 -35
data/spec/fixtures/ssl/crl.pem +28 -18
data/spec/fixtures/ssl/ec-key.pem +11 -11
data/spec/fixtures/ssl/ec.pem +33 -24
data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
data/spec/fixtures/ssl/encrypted-key.pem +108 -58
data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
data/spec/fixtures/ssl/intermediate.pem +57 -36
data/spec/fixtures/ssl/oid-key.pem +117 -0
data/spec/fixtures/ssl/oid.pem +69 -0
data/spec/fixtures/ssl/pluto-key.pem +107 -57
data/spec/fixtures/ssl/pluto.pem +52 -30
data/spec/fixtures/ssl/request-key.pem +107 -57
data/spec/fixtures/ssl/request.pem +47 -26
data/spec/fixtures/ssl/revoked-key.pem +107 -57
data/spec/fixtures/ssl/revoked.pem +52 -30
data/spec/fixtures/ssl/signed-key.pem +107 -57
data/spec/fixtures/ssl/signed.pem +52 -30
data/spec/fixtures/ssl/tampered-cert.pem +52 -30
data/spec/fixtures/ssl/tampered-csr.pem +47 -26
data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
data/spec/fixtures/ssl/unknown-ca.pem +55 -33
data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
data/spec/integration/application/filebucket_spec.rb +11 -0
data/spec/integration/application/module_spec.rb +21 -0
data/spec/integration/application/plugin_spec.rb +1 -1
data/spec/integration/application/resource_spec.rb +64 -0
data/spec/integration/application/ssl_spec.rb +20 -0
data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
data/spec/integration/http/client_spec.rb +12 -0
data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
data/spec/integration/indirector/facts/facter_spec.rb +90 -36
data/spec/integration/type/exec_spec.rb +70 -45
data/spec/integration/util/windows/adsi_spec.rb +18 -0
data/spec/integration/util/windows/principal_spec.rb +21 -0
data/spec/integration/util/windows/registry_spec.rb +6 -0
data/spec/lib/puppet/test_ca.rb +7 -2
data/spec/lib/puppet_spec/settings.rb +1 -0
data/spec/spec_helper.rb +11 -1
data/spec/unit/application/agent_spec.rb +7 -2
data/spec/unit/application/facts_spec.rb +482 -3
data/spec/unit/application/ssl_spec.rb +23 -0
data/spec/unit/configurer/downloader_spec.rb +6 -0
data/spec/unit/configurer_spec.rb +23 -0
data/spec/unit/defaults_spec.rb +16 -0
data/spec/unit/environments_spec.rb +199 -88
data/spec/unit/face/facts_spec.rb +4 -0
data/spec/unit/file_serving/fileset_spec.rb +60 -0
data/spec/unit/file_system_spec.rb +15 -0
data/spec/unit/functions/assert_type_spec.rb +1 -1
data/spec/unit/functions/empty_spec.rb +10 -0
data/spec/unit/functions/unwrap_spec.rb +8 -0
data/spec/unit/functions4_spec.rb +2 -2
data/spec/unit/gettext/config_spec.rb +12 -0
data/spec/unit/http/service/compiler_spec.rb +123 -0
data/spec/unit/indirector/catalog/compiler_spec.rb +14 -10
data/spec/unit/indirector/facts/facter_spec.rb +95 -0
data/spec/unit/indirector/resource/ral_spec.rb +40 -75
data/spec/unit/module_tool/applications/installer_spec.rb +12 -0
data/spec/unit/network/formats_spec.rb +41 -0
data/spec/unit/network/http/factory_spec.rb +19 -0
data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
data/spec/unit/parser/templatewrapper_spec.rb +12 -2
data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
data/spec/unit/provider/package/nim_spec.rb +42 -0
data/spec/unit/provider/package/pip_spec.rb +37 -0
data/spec/unit/provider/parsedfile_spec.rb +10 -0
data/spec/unit/provider/service/init_spec.rb +1 -0
data/spec/unit/provider/service/openwrt_spec.rb +3 -1
data/spec/unit/provider/service/systemd_spec.rb +53 -8
data/spec/unit/provider/service/windows_spec.rb +202 -0
data/spec/unit/provider/user/directoryservice_spec.rb +67 -35
data/spec/unit/provider/user/useradd_spec.rb +21 -6
data/spec/unit/resource/catalog_spec.rb +1 -1
data/spec/unit/settings_spec.rb +97 -56
data/spec/unit/ssl/state_machine_spec.rb +19 -5
data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
data/spec/unit/transaction_spec.rb +18 -20
data/spec/unit/type/exec_spec.rb +76 -29
data/spec/unit/type/file/selinux_spec.rb +3 -3
data/spec/unit/type/file/source_spec.rb +4 -4
data/spec/unit/type/service_spec.rb +59 -188
data/spec/unit/type/tidy_spec.rb +24 -7
data/spec/unit/type/user_spec.rb +45 -0
data/spec/unit/util/selinux_spec.rb +87 -16
data/spec/unit/util/windows/sid_spec.rb +41 -0
data/tasks/generate_cert_fixtures.rake +12 -3
metadata +24 -9
data/spec/lib/matchers/include.rb +0 -27
data/spec/lib/matchers/include_spec.rb +0 -32

data/spec/unit/indirector/resource/ral_spec.rb CHANGED Viewed

@@ -1,120 +1,85 @@
 require 'spec_helper'
 require 'puppet/indirector/resource/ral'
-describe "Puppet::Resource::Ral" do
+describe Puppet::Resource::Ral do
+  let(:my_instance) { Puppet::Type.type(:user).new(:name => "root") }
+  let(:wrong_instance) { Puppet::Type.type(:user).new(:name => "bob")}
+  def stub_retrieve(*instances)
+    instances.each do |i|
+      allow(i).to receive(:retrieve).and_return(Puppet::Resource.new(i, nil))
+    end
+  end
+  before do
+    described_class.indirection.terminus_class = :ral
+    # make sure we don't try to retrieve current state
+    allow_any_instance_of(Puppet::Type.type(:user)).to receive(:retrieve).never
+    stub_retrieve(my_instance, wrong_instance)
+  end
   it "disallows remote requests" do
     expect(Puppet::Resource::Ral.new.allow_remote_requests?).to eq(false)
   end
   describe "find" do
-    before do
-      @request = double('request', :key => "user/root")
-    end
     it "should find an existing instance" do
-      my_resource    = double("my user resource")
+      allow(Puppet::Type.type(:user)).to receive(:instances).and_return([ wrong_instance, my_instance, wrong_instance ])
-      wrong_instance = double("wrong user", :name => "bob")
-      my_instance    = double("my user",    :name => "root", :to_resource => my_resource)
-      expect(Puppet::Type.type(:user)).to receive(:instances).and_return([ wrong_instance, my_instance, wrong_instance ])
-      expect(Puppet::Resource::Ral.new.find(@request)).to eq(my_resource)
+      actual_resource = described_class.indirection.find('user/root')
+      expect(actual_resource.name).to eq('User/root')
     end
     it "should produce Puppet::Error instead of ArgumentError" do
-      @bad_request = double('thiswillcauseanerror', :key => "thiswill/causeanerror")
-      expect{Puppet::Resource::Ral.new.find(@bad_request)}.to raise_error(Puppet::Error)
+      expect{described_class.indirection.find('thiswill/causeanerror')}.to raise_error(Puppet::Error)
     end
     it "if there is no instance, it should create one" do
-      wrong_instance = double("wrong user", :name => "bob")
-      root = double("Root User")
-      root_resource = double("Root Resource")
-      expect(Puppet::Type.type(:user)).to receive(:instances).and_return([ wrong_instance, wrong_instance ])
-      expect(Puppet::Type.type(:user)).to receive(:new).with(hash_including(name: "root")).and_return(root)
-      expect(root).to receive(:to_resource).and_return(root_resource)
-      result = Puppet::Resource::Ral.new.find(@request)
+      allow(Puppet::Type.type(:user)).to receive(:instances).and_return([wrong_instance])
-      expect(result).to eq(root_resource)
+      expect(Puppet::Type.type(:user)).to receive(:new).with(hash_including(name: "root")).and_return(my_instance)
+      expect(described_class.indirection.find('user/root')).to be
     end
   end
   describe "search" do
-    before do
-      @request = double('request', :key => "user/", :options => {})
-    end
     it "should convert ral resources into regular resources" do
-      my_resource = double("my user resource", :title => "my user resource")
-      my_instance = double("my user", :name => "root", :to_resource => my_resource)
+      allow(Puppet::Type.type(:user)).to receive(:instances).and_return([ my_instance ])
-      expect(Puppet::Type.type(:user)).to receive(:instances).and_return([ my_instance ])
-      expect(Puppet::Resource::Ral.new.search(@request)).to eq([my_resource])
+      actual = described_class.indirection.search('user')
+      expect(actual).to contain_exactly(an_instance_of(Puppet::Resource))
     end
     it "should filter results by name if there's a name in the key" do
-      my_resource = double("my user resource", title: "my user resource")
-      allow(my_resource).to receive(:to_resource).and_return(my_resource)
-      allow(my_resource).to receive(:[]).with(:name).and_return("root")
-      wrong_resource = double("wrong resource")
-      allow(wrong_resource).to receive(:to_resource).and_return(wrong_resource)
-      allow(wrong_resource).to receive(:[]).with(:name).and_return("bad")
+      allow(Puppet::Type.type(:user)).to receive(:instances).and_return([ my_instance, wrong_instance ])
-      my_instance    = double("my user",    :to_resource => my_resource)
-      wrong_instance = double("wrong user", :to_resource => wrong_resource)
-      @request = double('request', :key => "user/root", :options => {})
-      expect(Puppet::Type.type(:user)).to receive(:instances).and_return([ my_instance, wrong_instance ])
-      expect(Puppet::Resource::Ral.new.search(@request)).to eq([my_resource])
+      actual = described_class.indirection.search('user/root')
+      expect(actual).to contain_exactly(an_object_having_attributes(name: 'User/root'))
     end
     it "should filter results by query parameters" do
-      wrong_resource = double("my user resource", title: "my user resource")
-      allow(wrong_resource).to receive(:to_resource).and_return(wrong_resource)
-      allow(wrong_resource).to receive(:[]).with(:name).and_return("root")
-      my_resource = double("wrong resource", title: "wrong resource")
-      allow(my_resource).to receive(:to_resource).and_return(my_resource)
-      allow(my_resource).to receive(:[]).with(:name).and_return("bob")
+      allow(Puppet::Type.type(:user)).to receive(:instances).and_return([ my_instance, wrong_instance ])
-      my_instance    = double("my user",    :to_resource => my_resource)
-      wrong_instance = double("wrong user", :to_resource => wrong_resource)
-      @request = double('request', :key => "user/", :options => {:name => "bob"})
-      expect(Puppet::Type.type(:user)).to receive(:instances).and_return([ my_instance, wrong_instance ])
-      expect(Puppet::Resource::Ral.new.search(@request)).to eq([my_resource])
+      actual = described_class.indirection.search('user', name: 'bob')
+      expect(actual).to contain_exactly(an_object_having_attributes(name: 'User/bob'))
     end
     it "should return sorted results" do
-      a_resource = double("alice resource")
-      allow(a_resource).to receive(:to_resource).and_return(a_resource)
-      allow(a_resource).to receive(:title).and_return("alice")
-      b_resource = double("bob resource")
-      allow(b_resource).to receive(:to_resource).and_return(b_resource)
-      allow(b_resource).to receive(:title).and_return("bob")
-      a_instance = double("alice user", :to_resource => a_resource)
-      b_instance = double("bob user",   :to_resource => b_resource)
-      @request = double('request', :key => "user/", :options => {})
+      a_instance = Puppet::Type.type(:user).new(:name => "alice")
+      b_instance = Puppet::Type.type(:user).new(:name => "bob")
+      stub_retrieve(a_instance, b_instance)
+      allow(Puppet::Type.type(:user)).to receive(:instances).and_return([ b_instance, a_instance ])
-      expect(Puppet::Type.type(:user)).to receive(:instances).and_return([ b_instance, a_instance ])
-      expect(Puppet::Resource::Ral.new.search(@request)).to eq([a_resource, b_resource])
+      expect(described_class.indirection.search('user').map(&:title)).to eq(['alice', 'bob'])
     end
   end
   describe "save" do
     it "returns a report covering the application of the given resource to the system" do
       resource = Puppet::Resource.new(:notify, "the title")
-      ral = Puppet::Resource::Ral.new
-      applied_resource, report = ral.save(Puppet::Indirector::Request.new(:ral, :save, 'testing', resource, :environment => Puppet::Node::Environment.remote(:testing)))
+      applied_resource, report = described_class.indirection.save(resource, nil, environment: Puppet::Node::Environment.remote(:testing))
       expect(applied_resource.title).to eq("the title")
       expect(report.environment).to eq("testing")

data/spec/unit/module_tool/applications/installer_spec.rb CHANGED Viewed

@@ -66,6 +66,18 @@ describe Puppet::ModuleTool::Applications::Installer, :unless => RUBY_PLATFORM =
       graph_should_include 'pmtacceptance-stdlib', nil => v('4.1.0')
     end
+    it 'reports a meaningful error if the name is invalid' do
+      app = installer('ntp', install_dir, options)
+      results = app.run
+      expect(results).to include :result => :failure
+      expect(results[:error][:oneline]).to eq("Could not install 'ntp', did you mean 'puppetlabs-ntp'?")
+      expect(results[:error][:multiline]).to eq(<<~END.chomp)
+        Could not install module 'ntp'
+          The name 'ntp' is invalid
+            Did you mean `puppet module install puppetlabs-ntp`?
+      END
+    end
     context 'with a tarball file' do
       let(:module) { fixtures('stdlib.tgz') }

data/spec/unit/network/formats_spec.rb CHANGED Viewed

@@ -534,4 +534,45 @@ EOT
       end
     end
   end
+  describe ":flat format" do
+    let(:flat) { Puppet::Network::FormatHandler.format(:flat) }
+    it "should include a flat format" do
+      expect(flat).to be_an_instance_of Puppet::Network::Format
+    end
+    [:intern, :intern_multiple].each do |method|
+      it "should not implement #{method}" do
+        expect { flat.send(method, String, 'blah') }.to raise_error NotImplementedError
+      end
+    end
+    context "when rendering arrays" do
+      {
+          []                           => "",
+          [1, 2]                       => "0=1\n1=2\n",
+          ["one"]                      => "0=one\n",
+          [{"one" => 1}, {"two" => 2}] => "0.one=1\n1.two=2\n",
+          [['something', 'for'], ['the', 'test']]  => "0=[\"something\", \"for\"]\n1=[\"the\", \"test\"]\n"
+      }.each_pair do |input, output|
+        it "should render #{input.inspect} as one item per line" do
+          expect(flat.render(input)).to eq(output)
+        end
+      end
+    end
+    context "when rendering hashes" do
+      {
+          {}                                   => "",
+          {1 => 2}                             => "1=2\n",
+          {"one" => "two"}                     => "one=two\n",
+          {[1,2] => 3, [2,3] => 5, [3,4] => 7} => "[1, 2]=3\n[2, 3]=5\n[3, 4]=7\n",
+      }.each_pair do |input, output|
+        it "should render #{input.inspect}" do
+          expect(flat.render(input)).to eq(output)
+        end
+      end
+    end
+  end
 end

data/spec/unit/network/http/factory_spec.rb CHANGED Viewed

@@ -144,4 +144,23 @@ describe Puppet::Network::HTTP::Factory do
       expect(conn.local_host).to eq('127.0.0.1')
     end
   end
+  context 'tls' do
+    it "sets the minimum version to TLS 1.0", if: RUBY_VERSION.to_f >= 2.5 do
+      conn = create_connection(site)
+      expect(conn.min_version).to eq(OpenSSL::SSL::TLS1_VERSION)
+    end
+    it "defaults to ciphersuites providing 128 bits of security or greater" do
+      conn = create_connection(site)
+      expect(conn.ciphers).to eq("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256")
+    end
+    it "can be restricted to TLSv1.3 ciphers" do
+      tls13_ciphers = "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
+      Puppet[:ciphers] = tls13_ciphers
+      conn = create_connection(site)
+      expect(conn.ciphers).to eq(tls13_ciphers)
+    end
+  end
 end

data/spec/unit/parser/functions/fqdn_rand_spec.rb CHANGED Viewed

@@ -61,12 +61,26 @@ describe "the fqdn_rand function" do
     expect(fqdn_rand(5000, :extra_identifier => ['expensive job 33'])).to eql(2389)
   end
+  it "returns the same value if only host differs by case" do
+    val1 = fqdn_rand(1000000000, :host => "host.example.com", :extra_identifier => [nil, true])
+    val2 = fqdn_rand(1000000000, :host => "HOST.example.com", :extra_identifier => [nil, true])
+    expect(val1).to eql(val2)
+  end
+  it "returns the same value if only host differs by case and an initial seed is given" do
+    val1 = fqdn_rand(1000000000, :host => "host.example.com", :extra_identifier => ['a seed', true])
+    val2 = fqdn_rand(1000000000, :host => "HOST.example.com", :extra_identifier => ['a seed', true])
+    expect(val1).to eql(val2)
+  end
   def fqdn_rand(max, args = {})
     host = args[:host] || '127.0.0.1'
     extra = args[:extra_identifier] || []
     scope = create_test_scope_for_node('localhost')
-    allow(scope).to receive(:[]).with("::fqdn").and_return(host)
+    scope.compiler.topscope['fqdn'] = host.freeze
     scope.function_fqdn_rand([max] + extra)
   end

data/spec/unit/parser/templatewrapper_spec.rb CHANGED Viewed

@@ -2,6 +2,8 @@ require 'spec_helper'
 require 'puppet/parser/templatewrapper'
 describe Puppet::Parser::TemplateWrapper do
+  include PuppetSpec::Files
   let(:known_resource_types) { Puppet::Resource::TypeCollection.new("env") }
   let(:scope) do
     compiler = Puppet::Parser::Compiler.new(Puppet::Node.new("mynode"))
@@ -41,6 +43,13 @@ describe Puppet::Parser::TemplateWrapper do
     expect(tw.result).to eq(full_file_name)
   end
+  it "ignores a leading BOM" do
+    full_file_name = given_a_template_file("bom_template", "\uFEFF<%= file %>")
+    tw.file = "bom_template"
+    expect(tw.result).to eq(full_file_name)
+  end
   it "evaluates a given string as a template" do
     expect(tw.result("template contents")).to eql("template contents")
   end
@@ -90,11 +99,12 @@ describe Puppet::Parser::TemplateWrapper do
   end
   def given_a_template_file(name, contents)
-    full_name = "/full/path/to/#{name}"
+    full_name = tmpfile("template_#{name}")
+    File.binwrite(full_name, contents)
     allow(Puppet::Parser::Files).to receive(:find_template).
       with(name, anything()).
       and_return(full_name)
-    allow(Puppet::FileSystem).to receive(:read_preserve_line_endings).with(full_name).and_return(contents)
     full_name
   end

data/spec/unit/pops/types/p_sem_ver_type_spec.rb CHANGED Viewed

@@ -125,6 +125,24 @@ describe 'Semantic Versions' do
         expect(eval_and_collect_notices(code)).to eql(['true', 'false'])
       end
+      it 'can be compared to another instance created from arguments' do
+        code = <<-CODE
+          $x = SemVer('1.2.3-rc4+5')
+          $y = SemVer(1, 2, 3, 'rc4', '5')
+          notice($x == $y)
+        CODE
+        expect(eval_and_collect_notices(code)).to eql(['true'])
+      end
+      it 'can be compared to another instance created from a hash' do
+        code = <<-CODE
+          $x = SemVer('1.2.3-rc4+5')
+          $y = SemVer(major => 1, minor => 2, patch => 3, prerelease => 'rc4', build => '5')
+          notice($x == $y)
+        CODE
+        expect(eval_and_collect_notices(code)).to eql(['true'])
+      end
       it 'can be compared to another instance for magnitude' do
         code = <<-CODE
           $x = SemVer('1.1.1')

data/spec/unit/pops/types/p_sensitive_type_spec.rb CHANGED Viewed

@@ -113,6 +113,24 @@ describe 'Sensitive Type' do
       expect(eval_and_collect_notices(code)).to eq(['Sensitive[Integer] != Sensitive[String]'])
     end
+    it 'equals another instance with the same value' do
+      code =<<-CODE
+        $i = Sensitive('secret')
+        $o = Sensitive('secret')
+        notice($i == $o)
+      CODE
+      expect(eval_and_collect_notices(code)).to eq(['true'])
+    end
+    it 'has equal hash keys for same values' do
+      code =<<-CODE
+        $i = Sensitive('secret')
+        $o = Sensitive('secret')
+        notice({$i => 1} == {$o => 1})
+      CODE
+      expect(eval_and_collect_notices(code)).to eq(['true'])
+    end
     it 'can be created from another sensitive instance ' do
       code =<<-CODE
         $o = Sensitive("hunter2")

data/spec/unit/provider/package/dnfmodule_spec.rb CHANGED Viewed

@@ -123,7 +123,7 @@ describe Puppet::Type.type(:package).provider(:dnfmodule) do
         provider.install
       end
-      it "should just enable the module if it has no default profile" do
+      it "should just enable the module if it has no default profile(missing groups or modules)" do
         dnf_exception = Puppet::ExecutionFailure.new("Error: Problems in request:\nmissing groups or modules: #{resource[:name]}")
         allow(provider).to receive(:execute).with(array_including('install')).and_raise(dnf_exception)
         resource[:ensure] = :present
@@ -132,6 +132,15 @@ describe Puppet::Type.type(:package).provider(:dnfmodule) do
         provider.install
       end
+      it "should just enable the module if it has no default profile(broken groups or modules)" do
+        dnf_exception = Puppet::ExecutionFailure.new("Error: Problems in request:\nbroken groups or modules: #{resource[:name]}")
+        allow(provider).to receive(:execute).with(array_including('install')).and_raise(dnf_exception)
+        resource[:ensure] = :present
+        expect(provider).to receive(:execute).with(array_including('install')).ordered
+        expect(provider).to receive(:execute).with(array_including('enable')).ordered
+        provider.install
+      end
       it "should just enable the module if enable_only = true" do
         resource[:ensure] = :present
         resource[:enable_only] = true

data/spec/unit/provider/package/nim_spec.rb CHANGED Viewed

@@ -191,6 +191,27 @@ OUTPUT
           expect(versions[version]).to eq(:rpm)
         end
       end
+      it "should be able to parse RPM package listings with letters in version" do
+        showres_output = <<END
+cairo                                                              ALL  @@R:cairo _all_filesets
+   @@R:cairo-1.14.6-2waixX11 1.14.6-2waixX11
+END
+        packages = subject.send(:parse_showres_output, showres_output)
+        expect(Set.new(packages.keys)).to eq(Set.new(['cairo']))
+        versions = packages['cairo']
+        expect(versions.has_key?('1.14.6-2waixX11')).to eq(true)
+        expect(versions['1.14.6-2waixX11']).to eq(:rpm)
+      end
+      it "should raise error when parsing invalid RPM package listings" do
+              showres_output = <<END
+cairo                                                              ALL  @@R:cairo _all_filesets
+   @@R:cairo-invalid_version invalid_version
+END
+        expect{ subject.send(:parse_showres_output, showres_output) }.to raise_error(Puppet::Error,
+          /Unable to parse output from nimclient showres: package string does not match expected rpm package string format/)
+      end
     end
     context "#determine_latest_version" do
@@ -220,6 +241,27 @@ END
       it "should return :installp for installp/bff packages" do
         expect(subject.send(:determine_package_type, bff_showres_output, 'mypackage.foo', '1.2.3.4')).to eq(:installp)
       end
+      it "should return :installp for security updates" do
+        nimclient_showres_output = <<END
+bos.net                                                            ALL  @@S:bos.net _all_filesets
+ + 7.2.0.1  TCP/IP ntp Applications                                     @@S:bos.net.tcp.ntp 7.2.0.1
+ + 7.2.0.2  TCP/IP ntp Applications                                     @@S:bos.net.tcp.ntp 7.2.0.2
+END
+        expect(subject.send(:determine_package_type, nimclient_showres_output, 'bos.net.tcp.ntp', '7.2.0.2')).to eq(:installp)
+      end
+      it "should raise error when invalid header format is given" do
+        nimclient_showres_output = <<END
+bos.net                                                            ALL  @@INVALID_TYPE:bos.net _all_filesets
+ + 7.2.0.1  TCP/IP ntp Applications                                     @@INVALID_TYPE:bos.net.tcp.ntp 7.2.0.1
+ + 7.2.0.2  TCP/IP ntp Applications                                     @@INVALID_TYPE:bos.net.tcp.ntp 7.2.0.2
+END
+        expect{ subject.send(:determine_package_type, nimclient_showres_output, 'bos.net.tcp.ntp', '7.2.0.2') }.to raise_error(
+          Puppet::Error, /Unable to parse output from nimclient showres: line does not match expected package header format/)
+      end
     end
   end
 end