puppet 6.21.1-x86-mingw32 → 6.25.0-x86-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (427) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +5 -5
  3. data/Gemfile +3 -3
  4. data/Gemfile.lock +34 -28
  5. data/README.md +4 -4
  6. data/{ext → examples/enc}/regexp_nodes/classes/databases +0 -0
  7. data/{ext → examples/enc}/regexp_nodes/classes/webservers +0 -0
  8. data/{ext → examples/enc}/regexp_nodes/environment/development +0 -0
  9. data/{ext → examples/enc}/regexp_nodes/parameters/service/prod +0 -0
  10. data/{ext → examples/enc}/regexp_nodes/parameters/service/qa +0 -0
  11. data/{ext → examples/enc}/regexp_nodes/parameters/service/sandbox +0 -0
  12. data/{ext → examples/enc}/regexp_nodes/regexp_nodes.rb +0 -0
  13. data/{ext → examples}/nagios/check_puppet.rb +2 -2
  14. data/ext/README.md +13 -0
  15. data/ext/osx/puppet.plist +2 -0
  16. data/ext/project_data.yaml +3 -2
  17. data/lib/puppet/application/agent.rb +16 -5
  18. data/lib/puppet/application/apply.rb +22 -3
  19. data/lib/puppet/application/device.rb +2 -1
  20. data/lib/puppet/application/filebucket.rb +1 -0
  21. data/lib/puppet/application/resource.rb +32 -16
  22. data/lib/puppet/application/script.rb +2 -1
  23. data/lib/puppet/application/ssl.rb +12 -0
  24. data/lib/puppet/concurrent/thread_local_singleton.rb +1 -0
  25. data/lib/puppet/configurer/downloader.rb +2 -1
  26. data/lib/puppet/configurer.rb +85 -57
  27. data/lib/puppet/confine/variable.rb +1 -1
  28. data/lib/puppet/defaults.rb +63 -35
  29. data/lib/puppet/environments.rb +91 -26
  30. data/lib/puppet/face/facts.rb +129 -31
  31. data/lib/puppet/face/help/action.erb +1 -0
  32. data/lib/puppet/face/help/face.erb +1 -0
  33. data/lib/puppet/face/node/clean.rb +11 -0
  34. data/lib/puppet/facter_impl.rb +96 -0
  35. data/lib/puppet/file_serving/configuration/parser.rb +2 -0
  36. data/lib/puppet/file_serving/configuration.rb +3 -0
  37. data/lib/puppet/file_serving/fileset.rb +14 -2
  38. data/lib/puppet/file_serving/mount/file.rb +4 -4
  39. data/lib/puppet/file_serving/mount/scripts.rb +24 -0
  40. data/lib/puppet/file_system/file_impl.rb +3 -1
  41. data/lib/puppet/file_system/memory_file.rb +8 -1
  42. data/lib/puppet/file_system/windows.rb +4 -2
  43. data/lib/puppet/forge.rb +4 -4
  44. data/lib/puppet/functions/all.rb +1 -1
  45. data/lib/puppet/functions/camelcase.rb +1 -1
  46. data/lib/puppet/functions/capitalize.rb +2 -2
  47. data/lib/puppet/functions/downcase.rb +2 -2
  48. data/lib/puppet/functions/empty.rb +8 -0
  49. data/lib/puppet/functions/find_template.rb +2 -2
  50. data/lib/puppet/functions/get.rb +5 -5
  51. data/lib/puppet/functions/group_by.rb +13 -5
  52. data/lib/puppet/functions/lest.rb +1 -1
  53. data/lib/puppet/functions/new.rb +100 -100
  54. data/lib/puppet/functions/partition.rb +12 -4
  55. data/lib/puppet/functions/require.rb +5 -5
  56. data/lib/puppet/functions/sort.rb +3 -3
  57. data/lib/puppet/functions/strftime.rb +1 -0
  58. data/lib/puppet/functions/tree_each.rb +7 -9
  59. data/lib/puppet/functions/type.rb +4 -4
  60. data/lib/puppet/functions/unwrap.rb +17 -2
  61. data/lib/puppet/functions/upcase.rb +2 -2
  62. data/lib/puppet/http/resolver/server_list.rb +15 -4
  63. data/lib/puppet/http/service/compiler.rb +75 -1
  64. data/lib/puppet/http/service/file_server.rb +2 -1
  65. data/lib/puppet/indirector/catalog/compiler.rb +25 -6
  66. data/lib/puppet/indirector/catalog/rest.rb +1 -0
  67. data/lib/puppet/indirector/facts/facter.rb +28 -7
  68. data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
  69. data/lib/puppet/indirector/indirection.rb +1 -1
  70. data/lib/puppet/indirector/resource/ral.rb +6 -1
  71. data/lib/puppet/indirector/terminus.rb +4 -0
  72. data/lib/puppet/interface/documentation.rb +1 -0
  73. data/lib/puppet/module/plan.rb +0 -1
  74. data/lib/puppet/module/task.rb +1 -1
  75. data/lib/puppet/module.rb +1 -0
  76. data/lib/puppet/module_tool/applications/installer.rb +12 -4
  77. data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
  78. data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
  79. data/lib/puppet/module_tool/errors/shared.rb +17 -0
  80. data/lib/puppet/network/formats.rb +67 -0
  81. data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
  82. data/lib/puppet/network/http/factory.rb +4 -0
  83. data/lib/puppet/node/environment.rb +10 -11
  84. data/lib/puppet/pal/pal_impl.rb +1 -1
  85. data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
  86. data/lib/puppet/parser/scope.rb +1 -0
  87. data/lib/puppet/parser/templatewrapper.rb +1 -0
  88. data/lib/puppet/pops/lookup/lookup_adapter.rb +3 -2
  89. data/lib/puppet/pops/model/ast.rb +1 -0
  90. data/lib/puppet/pops/model/factory.rb +2 -1
  91. data/lib/puppet/pops/parser/eparser.rb +201 -201
  92. data/lib/puppet/pops/parser/lexer2.rb +92 -91
  93. data/lib/puppet/pops/parser/slurp_support.rb +1 -0
  94. data/lib/puppet/pops/serialization/to_data_converter.rb +18 -6
  95. data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
  96. data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
  97. data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
  98. data/lib/puppet/pops/types/type_formatter.rb +4 -3
  99. data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
  100. data/lib/puppet/pops/types/types.rb +1 -1
  101. data/lib/puppet/provider/aix_object.rb +1 -1
  102. data/lib/puppet/provider/exec/posix.rb +16 -4
  103. data/lib/puppet/provider/group/groupadd.rb +5 -2
  104. data/lib/puppet/provider/package/dnfmodule.rb +1 -1
  105. data/lib/puppet/provider/package/nim.rb +11 -6
  106. data/lib/puppet/provider/package/pip.rb +15 -3
  107. data/lib/puppet/provider/package/pkg.rb +19 -2
  108. data/lib/puppet/provider/package/puppetserver_gem.rb +1 -1
  109. data/lib/puppet/provider/package/yum.rb +1 -1
  110. data/lib/puppet/provider/parsedfile.rb +3 -0
  111. data/lib/puppet/provider/service/base.rb +1 -1
  112. data/lib/puppet/provider/service/init.rb +5 -5
  113. data/lib/puppet/provider/service/launchd.rb +2 -2
  114. data/lib/puppet/provider/service/redhat.rb +1 -1
  115. data/lib/puppet/provider/service/smf.rb +3 -3
  116. data/lib/puppet/provider/service/systemd.rb +16 -6
  117. data/lib/puppet/provider/service/upstart.rb +5 -5
  118. data/lib/puppet/provider/service/windows.rb +38 -0
  119. data/lib/puppet/provider/user/aix.rb +44 -1
  120. data/lib/puppet/provider/user/directoryservice.rb +26 -13
  121. data/lib/puppet/provider/user/useradd.rb +73 -17
  122. data/lib/puppet/provider.rb +1 -1
  123. data/lib/puppet/reference/configuration.rb +1 -1
  124. data/lib/puppet/reference/providers.rb +2 -2
  125. data/lib/puppet/resource/type_collection.rb +1 -0
  126. data/lib/puppet/runtime.rb +11 -1
  127. data/lib/puppet/settings/environment_conf.rb +1 -0
  128. data/lib/puppet/settings.rb +32 -9
  129. data/lib/puppet/test/test_helper.rb +4 -1
  130. data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
  131. data/lib/puppet/transaction/persistence.rb +11 -1
  132. data/lib/puppet/transaction/report.rb +15 -1
  133. data/lib/puppet/type/exec.rb +35 -5
  134. data/lib/puppet/type/file/mode.rb +6 -0
  135. data/lib/puppet/type/file/selcontext.rb +1 -1
  136. data/lib/puppet/type/file.rb +25 -7
  137. data/lib/puppet/type/filebucket.rb +3 -3
  138. data/lib/puppet/type/group.rb +0 -1
  139. data/lib/puppet/type/resources.rb +1 -1
  140. data/lib/puppet/type/service.rb +26 -41
  141. data/lib/puppet/type/tidy.rb +22 -3
  142. data/lib/puppet/type/user.rb +38 -21
  143. data/lib/puppet/type.rb +1 -1
  144. data/lib/puppet/util/command_line.rb +1 -1
  145. data/lib/puppet/util/fact_dif.rb +36 -17
  146. data/lib/puppet/util/filetype.rb +2 -2
  147. data/lib/puppet/util/json.rb +3 -0
  148. data/lib/puppet/util/log.rb +1 -2
  149. data/lib/puppet/util/logging.rb +1 -25
  150. data/lib/puppet/util/monkey_patches.rb +7 -0
  151. data/lib/puppet/util/pidlock.rb +1 -1
  152. data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
  153. data/lib/puppet/util/selinux.rb +30 -4
  154. data/lib/puppet/util/suidmanager.rb +1 -2
  155. data/lib/puppet/util/symbolic_file_mode.rb +29 -17
  156. data/lib/puppet/util/tagging.rb +1 -0
  157. data/lib/puppet/util/windows/adsi.rb +46 -0
  158. data/lib/puppet/util/windows/api_types.rb +1 -1
  159. data/lib/puppet/util/windows/principal.rb +9 -2
  160. data/lib/puppet/util/windows/sid.rb +6 -2
  161. data/lib/puppet/util/windows/user.rb +0 -2
  162. data/lib/puppet/util.rb +4 -3
  163. data/lib/puppet/version.rb +1 -1
  164. data/lib/puppet.rb +5 -9
  165. data/locales/puppet.pot +506 -410
  166. data/man/man5/puppet.conf.5 +310 -274
  167. data/man/man8/puppet-agent.8 +4 -1
  168. data/man/man8/puppet-apply.8 +1 -1
  169. data/man/man8/puppet-catalog.8 +9 -9
  170. data/man/man8/puppet-config.8 +1 -1
  171. data/man/man8/puppet-describe.8 +1 -1
  172. data/man/man8/puppet-device.8 +1 -1
  173. data/man/man8/puppet-doc.8 +1 -1
  174. data/man/man8/puppet-epp.8 +1 -1
  175. data/man/man8/puppet-facts.8 +65 -7
  176. data/man/man8/puppet-filebucket.8 +1 -1
  177. data/man/man8/puppet-generate.8 +1 -1
  178. data/man/man8/puppet-help.8 +1 -1
  179. data/man/man8/puppet-key.8 +7 -7
  180. data/man/man8/puppet-lookup.8 +1 -1
  181. data/man/man8/puppet-man.8 +1 -1
  182. data/man/man8/puppet-module.8 +3 -3
  183. data/man/man8/puppet-node.8 +5 -5
  184. data/man/man8/puppet-parser.8 +1 -1
  185. data/man/man8/puppet-plugin.8 +1 -1
  186. data/man/man8/puppet-report.8 +5 -5
  187. data/man/man8/puppet-resource.8 +1 -1
  188. data/man/man8/puppet-script.8 +1 -1
  189. data/man/man8/puppet-ssl.8 +5 -1
  190. data/man/man8/puppet-status.8 +4 -4
  191. data/man/man8/puppet.8 +2 -2
  192. data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +3 -0
  193. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +4 -0
  194. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +3 -0
  195. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +8 -0
  196. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +25 -0
  197. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +19 -0
  198. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +20 -0
  199. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +8 -0
  200. data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
  201. data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
  202. data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
  203. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
  204. data/spec/fixtures/ssl/ca.pem +57 -35
  205. data/spec/fixtures/ssl/crl.pem +28 -18
  206. data/spec/fixtures/ssl/ec-key.pem +11 -11
  207. data/spec/fixtures/ssl/ec.pem +33 -24
  208. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  209. data/spec/fixtures/ssl/encrypted-key.pem +108 -58
  210. data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
  211. data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
  212. data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
  213. data/spec/fixtures/ssl/intermediate.pem +57 -36
  214. data/spec/fixtures/ssl/oid-key.pem +117 -0
  215. data/spec/fixtures/ssl/oid.pem +69 -0
  216. data/spec/fixtures/ssl/pluto-key.pem +107 -57
  217. data/spec/fixtures/ssl/pluto.pem +52 -30
  218. data/spec/fixtures/ssl/request-key.pem +107 -57
  219. data/spec/fixtures/ssl/request.pem +47 -26
  220. data/spec/fixtures/ssl/revoked-key.pem +107 -57
  221. data/spec/fixtures/ssl/revoked.pem +52 -30
  222. data/spec/fixtures/ssl/signed-key.pem +107 -57
  223. data/spec/fixtures/ssl/signed.pem +52 -30
  224. data/spec/fixtures/ssl/tampered-cert.pem +52 -30
  225. data/spec/fixtures/ssl/tampered-csr.pem +47 -26
  226. data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
  227. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
  228. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
  229. data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
  230. data/spec/fixtures/ssl/unknown-ca.pem +55 -33
  231. data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
  232. data/spec/integration/application/agent_spec.rb +113 -37
  233. data/spec/integration/application/filebucket_spec.rb +16 -0
  234. data/spec/integration/application/module_spec.rb +21 -0
  235. data/spec/integration/application/plugin_spec.rb +1 -1
  236. data/spec/integration/application/resource_spec.rb +64 -0
  237. data/spec/integration/application/ssl_spec.rb +20 -0
  238. data/spec/integration/configurer_spec.rb +18 -2
  239. data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
  240. data/spec/integration/http/client_spec.rb +12 -0
  241. data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
  242. data/spec/integration/indirector/facts/facter_spec.rb +93 -39
  243. data/spec/integration/l10n/compiler_spec.rb +37 -0
  244. data/spec/integration/transaction/report_spec.rb +1 -1
  245. data/spec/integration/type/exec_spec.rb +70 -45
  246. data/spec/integration/type/file_spec.rb +2 -2
  247. data/spec/integration/type/package_spec.rb +6 -6
  248. data/spec/integration/util/rdoc/parser_spec.rb +1 -1
  249. data/spec/integration/util/windows/adsi_spec.rb +18 -0
  250. data/spec/integration/util/windows/principal_spec.rb +21 -0
  251. data/spec/integration/util/windows/process_spec.rb +1 -9
  252. data/spec/integration/util/windows/registry_spec.rb +6 -0
  253. data/spec/lib/puppet/test_ca.rb +7 -2
  254. data/spec/lib/puppet_spec/modules.rb +13 -2
  255. data/spec/lib/puppet_spec/puppetserver.rb +15 -0
  256. data/spec/lib/puppet_spec/settings.rb +1 -0
  257. data/spec/shared_behaviours/documentation_on_faces.rb +0 -2
  258. data/spec/shared_contexts/l10n.rb +27 -0
  259. data/spec/spec_helper.rb +12 -11
  260. data/spec/unit/application/agent_spec.rb +7 -2
  261. data/spec/unit/application/apply_spec.rb +76 -56
  262. data/spec/unit/application/facts_spec.rb +482 -3
  263. data/spec/unit/application/resource_spec.rb +29 -0
  264. data/spec/unit/application/ssl_spec.rb +23 -0
  265. data/spec/unit/configurer/downloader_spec.rb +6 -0
  266. data/spec/unit/configurer_spec.rb +194 -56
  267. data/spec/unit/defaults_spec.rb +17 -0
  268. data/spec/unit/environments_spec.rb +348 -88
  269. data/spec/unit/face/facts_spec.rb +4 -0
  270. data/spec/unit/facter_impl_spec.rb +31 -0
  271. data/spec/unit/file_bucket/dipper_spec.rb +2 -2
  272. data/spec/unit/file_serving/configuration/parser_spec.rb +23 -0
  273. data/spec/unit/file_serving/configuration_spec.rb +14 -4
  274. data/spec/unit/file_serving/fileset_spec.rb +60 -0
  275. data/spec/unit/file_serving/mount/scripts_spec.rb +69 -0
  276. data/spec/unit/file_system_spec.rb +22 -0
  277. data/spec/unit/functions/assert_type_spec.rb +1 -1
  278. data/spec/unit/functions/empty_spec.rb +10 -0
  279. data/spec/unit/functions/logging_spec.rb +1 -0
  280. data/spec/unit/functions/lookup_spec.rb +64 -0
  281. data/spec/unit/functions/unwrap_spec.rb +8 -0
  282. data/spec/unit/functions4_spec.rb +2 -2
  283. data/spec/unit/gettext/config_spec.rb +12 -0
  284. data/spec/unit/http/service/compiler_spec.rb +131 -0
  285. data/spec/unit/indirector/catalog/compiler_spec.rb +101 -10
  286. data/spec/unit/indirector/catalog/rest_spec.rb +8 -0
  287. data/spec/unit/indirector/facts/facter_spec.rb +95 -0
  288. data/spec/unit/indirector/indirection_spec.rb +10 -3
  289. data/spec/unit/indirector/resource/ral_spec.rb +40 -75
  290. data/spec/unit/interface/action_spec.rb +0 -9
  291. data/spec/unit/module_spec.rb +15 -1
  292. data/spec/unit/module_tool/applications/installer_spec.rb +51 -12
  293. data/spec/unit/network/authstore_spec.rb +0 -15
  294. data/spec/unit/network/formats_spec.rb +47 -0
  295. data/spec/unit/network/http/factory_spec.rb +19 -0
  296. data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
  297. data/spec/unit/parser/templatewrapper_spec.rb +12 -2
  298. data/spec/unit/pops/parser/parse_containers_spec.rb +0 -11
  299. data/spec/unit/pops/serialization/to_from_hr_spec.rb +58 -0
  300. data/spec/unit/pops/serialization/to_stringified_spec.rb +5 -0
  301. data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
  302. data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
  303. data/spec/unit/pops/types/type_calculator_spec.rb +6 -0
  304. data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
  305. data/spec/unit/provider/package/gem_spec.rb +1 -1
  306. data/spec/unit/provider/package/nim_spec.rb +42 -0
  307. data/spec/unit/provider/package/pip2_spec.rb +1 -1
  308. data/spec/unit/provider/package/pip3_spec.rb +1 -1
  309. data/spec/unit/provider/package/pip_spec.rb +38 -1
  310. data/spec/unit/provider/package/pkg_spec.rb +29 -4
  311. data/spec/unit/provider/package/puppet_gem_spec.rb +1 -1
  312. data/spec/unit/provider/package/puppetserver_gem_spec.rb +1 -1
  313. data/spec/unit/provider/parsedfile_spec.rb +10 -0
  314. data/spec/unit/provider/service/init_spec.rb +1 -0
  315. data/spec/unit/provider/service/launchd_spec.rb +11 -0
  316. data/spec/unit/provider/service/openwrt_spec.rb +3 -1
  317. data/spec/unit/provider/service/systemd_spec.rb +54 -9
  318. data/spec/unit/provider/service/windows_spec.rb +202 -0
  319. data/spec/unit/provider/user/aix_spec.rb +100 -0
  320. data/spec/unit/provider/user/directoryservice_spec.rb +68 -36
  321. data/spec/unit/provider/user/useradd_spec.rb +61 -5
  322. data/spec/unit/provider_spec.rb +4 -4
  323. data/spec/unit/puppet_spec.rb +12 -4
  324. data/spec/unit/resource/catalog_spec.rb +1 -1
  325. data/spec/unit/settings_spec.rb +97 -56
  326. data/spec/unit/ssl/certificate_request_spec.rb +8 -14
  327. data/spec/unit/ssl/state_machine_spec.rb +19 -5
  328. data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
  329. data/spec/unit/transaction_spec.rb +18 -20
  330. data/spec/unit/type/exec_spec.rb +76 -29
  331. data/spec/unit/type/file/selinux_spec.rb +3 -3
  332. data/spec/unit/type/file/source_spec.rb +4 -4
  333. data/spec/unit/type/service_spec.rb +86 -188
  334. data/spec/unit/type/tidy_spec.rb +24 -7
  335. data/spec/unit/type/user_spec.rb +45 -0
  336. data/spec/unit/type_spec.rb +2 -2
  337. data/spec/unit/util/logging_spec.rb +2 -0
  338. data/spec/unit/util/selinux_spec.rb +87 -16
  339. data/spec/unit/util/windows/sid_spec.rb +41 -0
  340. data/tasks/generate_cert_fixtures.rake +12 -3
  341. data/tasks/parallel.rake +3 -3
  342. metadata +59 -101
  343. data/ext/README.environment +0 -8
  344. data/ext/dbfix.sql +0 -132
  345. data/ext/debian/README.Debian +0 -8
  346. data/ext/debian/README.source +0 -2
  347. data/ext/debian/TODO.Debian +0 -1
  348. data/ext/debian/changelog.erb +0 -1122
  349. data/ext/debian/compat +0 -1
  350. data/ext/debian/control +0 -144
  351. data/ext/debian/copyright +0 -339
  352. data/ext/debian/docs +0 -1
  353. data/ext/debian/fileserver.conf +0 -41
  354. data/ext/debian/puppet-common.dirs +0 -13
  355. data/ext/debian/puppet-common.install +0 -3
  356. data/ext/debian/puppet-common.lintian-overrides +0 -5
  357. data/ext/debian/puppet-common.manpages +0 -28
  358. data/ext/debian/puppet-common.postinst +0 -35
  359. data/ext/debian/puppet-common.postrm +0 -33
  360. data/ext/debian/puppet-el.dirs +0 -1
  361. data/ext/debian/puppet-el.emacsen-install +0 -25
  362. data/ext/debian/puppet-el.emacsen-remove +0 -11
  363. data/ext/debian/puppet-el.emacsen-startup +0 -9
  364. data/ext/debian/puppet-el.install +0 -1
  365. data/ext/debian/puppet-testsuite.install +0 -2
  366. data/ext/debian/puppet-testsuite.lintian-overrides +0 -4
  367. data/ext/debian/puppet.lintian-overrides +0 -3
  368. data/ext/debian/puppet.logrotate +0 -20
  369. data/ext/debian/puppet.postinst +0 -20
  370. data/ext/debian/puppet.postrm +0 -20
  371. data/ext/debian/puppet.preinst +0 -20
  372. data/ext/debian/puppetmaster-common.install +0 -2
  373. data/ext/debian/puppetmaster-common.manpages +0 -2
  374. data/ext/debian/puppetmaster-common.postinst +0 -6
  375. data/ext/debian/puppetmaster-passenger.dirs +0 -4
  376. data/ext/debian/puppetmaster-passenger.postinst +0 -162
  377. data/ext/debian/puppetmaster-passenger.postrm +0 -61
  378. data/ext/debian/puppetmaster.README.debian +0 -17
  379. data/ext/debian/puppetmaster.default +0 -14
  380. data/ext/debian/puppetmaster.init +0 -137
  381. data/ext/debian/puppetmaster.lintian-overrides +0 -3
  382. data/ext/debian/puppetmaster.postinst +0 -20
  383. data/ext/debian/puppetmaster.postrm +0 -5
  384. data/ext/debian/puppetmaster.preinst +0 -22
  385. data/ext/debian/rules +0 -132
  386. data/ext/debian/source/format +0 -1
  387. data/ext/debian/source/options +0 -1
  388. data/ext/debian/vim-puppet.README.Debian +0 -13
  389. data/ext/debian/vim-puppet.dirs +0 -5
  390. data/ext/debian/vim-puppet.yaml +0 -7
  391. data/ext/debian/watch +0 -2
  392. data/ext/freebsd/puppetd +0 -26
  393. data/ext/freebsd/puppetmasterd +0 -26
  394. data/ext/gentoo/conf.d/puppet +0 -5
  395. data/ext/gentoo/conf.d/puppetmaster +0 -12
  396. data/ext/gentoo/init.d/puppet +0 -38
  397. data/ext/gentoo/init.d/puppetmaster +0 -51
  398. data/ext/gentoo/puppet/fileserver.conf +0 -41
  399. data/ext/ips/puppet-agent +0 -44
  400. data/ext/ips/puppet-master +0 -44
  401. data/ext/ips/puppet.p5m.erb +0 -12
  402. data/ext/ips/puppetagent.xml +0 -42
  403. data/ext/ips/puppetmaster.xml +0 -42
  404. data/ext/ips/rules +0 -19
  405. data/ext/ips/transforms +0 -34
  406. data/ext/ldap/puppet.schema +0 -24
  407. data/ext/logcheck/puppet +0 -23
  408. data/ext/osx/file_mapping.yaml +0 -33
  409. data/ext/osx/postflight.erb +0 -109
  410. data/ext/osx/preflight.erb +0 -52
  411. data/ext/osx/prototype.plist.erb +0 -38
  412. data/ext/redhat/fileserver.conf +0 -41
  413. data/ext/redhat/logrotate +0 -21
  414. data/ext/redhat/puppet.spec.erb +0 -842
  415. data/ext/redhat/server.init +0 -128
  416. data/ext/redhat/server.sysconfig +0 -13
  417. data/ext/solaris/pkginfo +0 -6
  418. data/ext/solaris/smf/puppetd.xml +0 -77
  419. data/ext/solaris/smf/puppetmasterd.xml +0 -77
  420. data/ext/solaris/smf/svc-puppetd +0 -71
  421. data/ext/solaris/smf/svc-puppetmasterd +0 -67
  422. data/ext/suse/puppet.spec +0 -310
  423. data/ext/suse/server.init +0 -173
  424. data/ext/yaml_nodes.rb +0 -105
  425. data/spec/lib/matchers/include.rb +0 -27
  426. data/spec/lib/matchers/include_spec.rb +0 -32
  427. data/spec/unit/indirector/store_configs_spec.rb +0 -7
@@ -34,7 +34,7 @@ describe 'Puppet::Type::Service::Provider::Systemd',
34
34
  end
35
35
  end
36
36
 
37
- [7, 8].each do |ver|
37
+ [7, 8, 9].each do |ver|
38
38
  it "should be the default provider on rhel#{ver}" do
39
39
  allow(Facter).to receive(:value).with(:osfamily).and_return(:redhat)
40
40
  allow(Facter).to receive(:value).with(:operatingsystem).and_return(:redhat)
@@ -200,6 +200,17 @@ describe 'Puppet::Type::Service::Provider::Systemd',
200
200
  })
201
201
  end
202
202
 
203
+ it "correctly parses services when list-unit-files has an additional column" do
204
+ expect(provider_class).to receive(:systemctl).with('list-unit-files', '--type', 'service', '--full', '--all', '--no-pager').and_return(File.read(my_fixture('list_unit_files_services_vendor_preset')))
205
+ expect(provider_class.instances.map(&:name)).to match_array(%w{
206
+ arp-ethers.service
207
+ auditd.service
208
+ dbus.service
209
+ umountnfs.service
210
+ urandom.service
211
+ })
212
+ end
213
+
203
214
  it "should print a debug message when a service with the state `bad` is found" do
204
215
  expect(provider_class).to receive(:systemctl).with('list-unit-files', '--type', 'service', '--full', '--all', '--no-pager').and_return(File.read(my_fixture('list_unit_files_services')))
205
216
  expect(Puppet).to receive(:debug).with("apparmor.service marked as bad by `systemctl`. It is recommended to be further checked.")
@@ -346,6 +357,9 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
346
357
  describe "#mask" do
347
358
  it "should run systemctl to disable and mask a service" do
348
359
  provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
360
+ expect(provider).to receive(:execute).
361
+ with(['/bin/systemctl','cat', '--', 'sshd.service'], :failonfail => false).
362
+ and_return(Puppet::Util::Execution::ProcessOutput.new("# /lib/systemd/system/sshd.service\n...", 0))
349
363
  # :disable is the only call in the provider that uses a symbol instead of
350
364
  # a string.
351
365
  # This should be made consistent in the future and all tests updated.
@@ -353,6 +367,15 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
353
367
  expect(provider).to receive(:systemctl).with(:mask, '--', 'sshd.service')
354
368
  provider.mask
355
369
  end
370
+
371
+ it "masks a service that doesn't exist" do
372
+ provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'doesnotexist.service'))
373
+ expect(provider).to receive(:execute).
374
+ with(['/bin/systemctl','cat', '--', 'doesnotexist.service'], :failonfail => false).
375
+ and_return(Puppet::Util::Execution::ProcessOutput.new("No files found for doesnotexist.service.\n", 1))
376
+ expect(provider).to receive(:systemctl).with(:mask, '--', 'doesnotexist.service')
377
+ provider.mask
378
+ end
356
379
  end
357
380
 
358
381
  # Note: systemd provider does not care about hasstatus or a custom status
@@ -456,17 +479,39 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
456
479
  context 'when service state is static' do
457
480
  let(:service_state) { 'static' }
458
481
 
459
- it 'is always enabled_insync even if current value is the same as expected' do
460
- expect(provider).to be_enabled_insync(:false)
461
- end
482
+ context 'when enable is not mask' do
483
+ it 'is always enabled_insync even if current value is the same as expected' do
484
+ expect(provider).to be_enabled_insync(:false)
485
+ end
462
486
 
463
- it 'is always enabled_insync even if current value is not the same as expected' do
464
- expect(provider).to be_enabled_insync(:true)
487
+ it 'is always enabled_insync even if current value is not the same as expected' do
488
+ expect(provider).to be_enabled_insync(:true)
489
+ end
490
+
491
+ it 'logs a debug messsage' do
492
+ expect(Puppet).to receive(:debug).with("Unable to enable or disable static service sshd.service")
493
+ provider.enabled_insync?(:true)
494
+ end
465
495
  end
466
496
 
467
- it 'logs a debug messsage' do
468
- expect(Puppet).to receive(:debug).with("Unable to enable or disable static service sshd.service")
469
- provider.enabled_insync?(:true)
497
+ context 'when enable is mask' do
498
+ let(:provider) do
499
+ provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service',
500
+ :enable => 'mask'))
501
+ end
502
+
503
+ it 'is enabled_insync if current value is the same as expected' do
504
+ expect(provider).to be_enabled_insync(:mask)
505
+ end
506
+
507
+ it 'is not enabled_insync if current value is not the same as expected' do
508
+ expect(provider).not_to be_enabled_insync(:true)
509
+ end
510
+
511
+ it 'logs no debug messsage' do
512
+ expect(Puppet).not_to receive(:debug)
513
+ provider.enabled_insync?(:true)
514
+ end
470
515
  end
471
516
  end
472
517
 
@@ -271,4 +271,206 @@ describe 'Puppet::Type::Service::Provider::Windows',
271
271
  }.to raise_error(Puppet::Error, /Cannot enable #{name}/)
272
272
  end
273
273
  end
274
+
275
+ describe "when managing logon credentials" do
276
+ before do
277
+ allow(Puppet::Util::Windows::ADSI).to receive(:computer_name).and_return(computer_name)
278
+ allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(principal)
279
+ allow(Puppet::Util::Windows::Service).to receive(:set_startup_configuration).and_return(nil)
280
+ end
281
+
282
+ let(:computer_name) { 'myPC' }
283
+
284
+ describe "#logonaccount=" do
285
+ before do
286
+ allow(Puppet::Util::Windows::User).to receive(:password_is?).and_return(true)
287
+ resource[:logonaccount] = user_input
288
+ provider.logonaccount_insync?(user_input)
289
+ end
290
+
291
+ let(:user_input) { principal.account }
292
+ let(:principal) do
293
+ Puppet::Util::Windows::SID::Principal.new("myUser", nil, nil, computer_name, :SidTypeUser)
294
+ end
295
+
296
+ context "when given user is 'myUser'" do
297
+ it "should fail when the `Log On As A Service` right is missing from given user" do
298
+ allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("")
299
+ expect { provider.logonaccount=(user_input) }.to raise_error(Puppet::Error, /".\\#{principal.account}" is missing the 'Log On As A Service' right./)
300
+ end
301
+
302
+ it "should fail when the `Log On As A Service` right is set to denied for given user" do
303
+ allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("SeDenyServiceLogonRight")
304
+ expect { provider.logonaccount=(user_input) }.to raise_error(Puppet::Error, /".\\#{principal.account}" has the 'Log On As A Service' right set to denied./)
305
+ end
306
+
307
+ it "should not fail when given user has the `Log On As A Service` right" do
308
+ allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("SeServiceLogonRight")
309
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
310
+ end
311
+
312
+ ['myUser', 'myPC\\myUser', ".\\myUser", "MYPC\\mYuseR"].each do |user_input_variant|
313
+ let(:user_input) { user_input_variant }
314
+
315
+ it "should succesfully munge #{user_input_variant} to '.\\myUser'" do
316
+ allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("SeServiceLogonRight")
317
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
318
+ expect(resource[:logonaccount]).to eq(".\\myUser")
319
+ end
320
+ end
321
+ end
322
+
323
+ context "when given user is a system account" do
324
+ before do
325
+ allow(Puppet::Util::Windows::User).to receive(:default_system_account?).and_return(true)
326
+ end
327
+
328
+ let(:user_input) { principal.account }
329
+ let(:principal) do
330
+ Puppet::Util::Windows::SID::Principal.new("LOCAL SERVICE", nil, nil, "NT AUTHORITY", :SidTypeUser)
331
+ end
332
+
333
+ it "should not fail when given user is a default system account even if the `Log On As A Service` right is missing" do
334
+ expect(Puppet::Util::Windows::User).not_to receive(:get_rights)
335
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
336
+ end
337
+
338
+ ['LocalSystem', '.\LocalSystem', 'myPC\LocalSystem', 'lOcALsysTem'].each do |user_input_variant|
339
+ let(:user_input) { user_input_variant }
340
+
341
+ it "should succesfully munge #{user_input_variant} to 'LocalSystem'" do
342
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
343
+ expect(resource[:logonaccount]).to eq('LocalSystem')
344
+ end
345
+ end
346
+ end
347
+
348
+ context "when domain is different from computer name" do
349
+ before do
350
+ allow(Puppet::Util::Windows::User).to receive(:get_rights).and_return("SeServiceLogonRight")
351
+ end
352
+
353
+ context "when given user is from AD" do
354
+ let(:user_input) { 'myRemoteUser' }
355
+ let(:principal) do
356
+ Puppet::Util::Windows::SID::Principal.new("myRemoteUser", nil, nil, "AD", :SidTypeUser)
357
+ end
358
+
359
+ it "should not raise any error" do
360
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
361
+ end
362
+
363
+ it "should succesfully be munged" do
364
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
365
+ expect(resource[:logonaccount]).to eq('AD\myRemoteUser')
366
+ end
367
+ end
368
+
369
+ context "when given user is LocalService" do
370
+ let(:user_input) { 'LocalService' }
371
+ let(:principal) do
372
+ Puppet::Util::Windows::SID::Principal.new("LOCAL SERVICE", nil, nil, "NT AUTHORITY", :SidTypeWellKnownGroup)
373
+ end
374
+
375
+ it "should succesfully munge well known user" do
376
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
377
+ expect(resource[:logonaccount]).to eq('NT AUTHORITY\LOCAL SERVICE')
378
+ end
379
+ end
380
+
381
+ context "when given user is in SID form" do
382
+ let(:user_input) { 'S-1-5-20' }
383
+ let(:principal) do
384
+ Puppet::Util::Windows::SID::Principal.new("NETWORK SERVICE", nil, nil, "NT AUTHORITY", :SidTypeUser)
385
+ end
386
+
387
+ it "should succesfully munge" do
388
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
389
+ expect(resource[:logonaccount]).to eq('NT AUTHORITY\NETWORK SERVICE')
390
+ end
391
+ end
392
+
393
+ context "when given user is actually a group" do
394
+ let(:principal) do
395
+ Puppet::Util::Windows::SID::Principal.new("Administrators", nil, nil, "BUILTIN", :SidTypeAlias)
396
+ end
397
+ let(:user_input) { 'Administrators' }
398
+
399
+ it "should fail when sid type is not user or well known user" do
400
+ expect { provider.logonaccount=(user_input) }.to raise_error(Puppet::Error, /"BUILTIN\\#{user_input}" is not a valid account/)
401
+ end
402
+ end
403
+ end
404
+ end
405
+
406
+ describe "#logonpassword=" do
407
+ before do
408
+ allow(Puppet::Util::Windows::User).to receive(:get_rights).and_return('SeServiceLogonRight')
409
+ resource[:logonaccount] = account
410
+ resource[:logonpassword] = user_input
411
+ provider.logonaccount_insync?(account)
412
+ end
413
+
414
+ let(:account) { 'LocalSystem' }
415
+
416
+ describe "when given logonaccount is a predefined_local_account" do
417
+ let(:user_input) { 'pass' }
418
+ let(:principal) { nil }
419
+
420
+ it "should pass validation when given account is 'LocalSystem'" do
421
+ allow(Puppet::Util::Windows::User).to receive(:localsystem?).with('LocalSystem').and_return(true)
422
+ allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with('LocalSystem').and_return(true)
423
+
424
+ expect(Puppet::Util::Windows::User).not_to receive(:password_is?)
425
+ expect { provider.logonpassword=(user_input) }.not_to raise_error
426
+ end
427
+
428
+ ['LOCAL SERVICE', 'NETWORK SERVICE', 'SYSTEM'].each do |predefined_local_account|
429
+ describe "when given account is #{predefined_local_account}" do
430
+ let(:account) { 'predefined_local_account' }
431
+ let(:principal) do
432
+ Puppet::Util::Windows::SID::Principal.new(account, nil, nil, "NT AUTHORITY", :SidTypeUser)
433
+ end
434
+
435
+ it "should pass validation" do
436
+ allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(principal.account).and_return(false)
437
+ allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(principal.domain_account).and_return(false)
438
+ expect(Puppet::Util::Windows::User).to receive(:default_system_account?).with(principal.domain_account).and_return(true).twice
439
+
440
+ expect(Puppet::Util::Windows::User).not_to receive(:password_is?)
441
+ expect { provider.logonpassword=(user_input) }.not_to raise_error
442
+ end
443
+ end
444
+ end
445
+ end
446
+
447
+ describe "when given logonaccount is not a predefined local account" do
448
+ before do
449
+ allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(".\\#{principal.account}").and_return(false)
450
+ allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with(".\\#{principal.account}").and_return(false)
451
+ end
452
+
453
+ let(:account) { 'myUser' }
454
+ let(:principal) do
455
+ Puppet::Util::Windows::SID::Principal.new(account, nil, nil, computer_name, :SidTypeUser)
456
+ end
457
+
458
+ describe "when password is proven correct" do
459
+ let(:user_input) { 'myPass' }
460
+ it "should pass validation" do
461
+ allow(Puppet::Util::Windows::User).to receive(:password_is?).with('myUser', 'myPass', '.').and_return(true)
462
+ expect { provider.logonpassword=(user_input) }.not_to raise_error
463
+ end
464
+ end
465
+
466
+ describe "when password is not proven correct" do
467
+ let(:user_input) { 'myWrongPass' }
468
+ it "should not pass validation" do
469
+ allow(Puppet::Util::Windows::User).to receive(:password_is?).with('myUser', 'myWrongPass', '.').and_return(false)
470
+ expect { provider.logonpassword=(user_input) }.to raise_error(Puppet::Error, /The given password is invalid for user '.\\myUser'/)
471
+ end
472
+ end
473
+ end
474
+ end
475
+ end
274
476
  end
@@ -217,4 +217,104 @@ describe 'Puppet::Type::User::Provider::Aix' do
217
217
  provider.create
218
218
  end
219
219
  end
220
+
221
+ describe '#list_all_homes' do
222
+ it "should return empty array and output debug on failure" do
223
+ allow(Puppet::Util::Execution).to receive(:execute).and_raise(Puppet::ExecutionFailure, 'Execution failed')
224
+ expect(Puppet).to receive(:debug).with('Could not list home of all users: Execution failed')
225
+ expect(provider.list_all_homes).to eql({})
226
+ end
227
+ end
228
+
229
+ describe '#delete' do
230
+ before(:each) do
231
+ allow(File).to receive(:realpath).and_call_original
232
+ allow(FileUtils).to receive(:remove_entry_secure).and_call_original
233
+
234
+ allow(provider.resource).to receive(:should).with(anything).and_return(nil)
235
+ allow(provider).to receive(:home).and_return(Dir.tmpdir)
236
+ allow(provider).to receive(:execute).and_return(nil)
237
+ allow(provider).to receive(:object_info).and_return(nil)
238
+ allow(FileUtils).to receive(:remove_entry_secure).with(Dir.tmpdir, true).and_return(nil)
239
+ end
240
+
241
+ context 'with managehome true' do
242
+ before(:each) do
243
+ allow(provider.resource).to receive(:managehome?).and_return(true)
244
+ allow(provider).to receive(:list_all_homes).and_return([])
245
+ end
246
+
247
+ it 'should delete the user without error' do
248
+ expect{ provider.delete }.not_to raise_error
249
+ end
250
+
251
+ it "should not remove home when relative" do
252
+ allow(provider).to receive(:home).and_return('relative_path')
253
+
254
+ expect(Puppet).to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
255
+ provider.delete
256
+ end
257
+
258
+ it "should not remove home when '/'" do
259
+ allow(provider).to receive(:home).and_return('/')
260
+
261
+ expect(Puppet).to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
262
+ provider.delete
263
+ end
264
+
265
+ it "should not remove home when symlink" do
266
+ allow(Puppet::FileSystem).to receive(:symlink?).with(Dir.tmpdir).and_return(true)
267
+
268
+ expect(Puppet).to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
269
+ provider.delete
270
+ end
271
+
272
+ it "should not remove home when other users would be affected" do
273
+ allow(provider).to receive(:home).and_return('/special')
274
+ allow(File).to receive(:realpath).with('/special').and_return('/special')
275
+ allow(Puppet::Util).to receive(:absolute_path?).with('/special').and_return(true)
276
+ allow(provider).to receive(:list_all_homes).and_return([{:name => 'other_user', :home => '/special/other_user'}])
277
+
278
+ expect(Puppet).to receive(:debug).with(/it would remove the home directory '\/special\/other_user' of user 'other_user' also./)
279
+ provider.delete
280
+ end
281
+
282
+ it 'should remove homedir' do
283
+ expect(FileUtils).to receive(:remove_entry_secure).with(Dir.tmpdir, true)
284
+ provider.delete
285
+ end
286
+ end
287
+
288
+ context 'with managehome false' do
289
+ before(:each) do
290
+ allow(provider.resource).to receive(:managehome?).and_return(false)
291
+ end
292
+
293
+ it 'should delete the user without error' do
294
+ expect{ provider.delete }.not_to raise_error
295
+ end
296
+
297
+ it 'should not remove homedir' do
298
+ expect(FileUtils).not_to receive(:remove_entry_secure).with(Dir.tmpdir, true)
299
+ end
300
+
301
+ it 'should not print manage home debug messages' do
302
+ expect(Puppet).not_to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
303
+ expect(Puppet).not_to receive(:debug).with(/it would remove the home directory '\/special\/other_user' of user 'other_user' also./)
304
+
305
+ provider.delete
306
+ end
307
+ end
308
+ end
309
+
310
+ describe '#deletecmd' do
311
+ it 'uses the -p flag when removing the user' do
312
+ allow(provider.class).to receive(:command).with(:delete).and_return('delete')
313
+ allow(provider).to receive(:ia_module_args).and_return(['ia_module_args'])
314
+
315
+ expect(provider.deletecmd).to eql(
316
+ ['delete', '-p', 'ia_module_args', provider.resource.name]
317
+ )
318
+ end
319
+ end
220
320
  end
@@ -925,28 +925,75 @@ end
925
925
  }
926
926
  end
927
927
 
928
- it 'should call set_salted_sha512 on 10.7 when given a salted-SHA512 password hash' do
929
- expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
930
- expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(sha512_shadowhashdata)
931
- expect(provider.class).to receive(:get_os_version).and_return('10.7')
932
- expect(provider).to receive(:set_salted_sha512).with(sample_users_plist, sha512_shadowhashdata, sha512_password_hash)
933
- provider.write_password_to_users_plist(sha512_password_hash)
928
+ before do
929
+ allow(provider).to receive(:merge_attribute_with_dscl).with('Users', username, 'AuthenticationAuthority', any_args)
934
930
  end
935
931
 
936
- it 'should call set_salted_pbkdf2 on 10.8 when given a PBKDF2 password hash' do
937
- expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
938
- expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
939
- expect(provider.class).to receive(:get_os_version).and_return('10.8')
940
- expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
941
- provider.write_password_to_users_plist(pbkdf2_password_hash)
932
+ describe 'when on macOS 11 (Big Sur) or greater' do
933
+ before do
934
+ allow(provider.class).to receive(:get_os_version).and_return('11.0.0')
935
+ end
936
+
937
+ it 'should add salted_sha512_pbkdf2 AuthenticationAuthority key if missing' do
938
+ expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
939
+ expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
940
+ expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
941
+ expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(true)
942
+
943
+ expect(Puppet).to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
944
+ provider.write_password_to_users_plist(pbkdf2_password_hash)
945
+ end
946
+
947
+ it 'should not add salted_sha512_pbkdf2 AuthenticationAuthority key if not missing' do
948
+ expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
949
+ expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
950
+ expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
951
+ expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
952
+
953
+ expect(Puppet).not_to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
954
+ provider.write_password_to_users_plist(pbkdf2_password_hash)
955
+ end
942
956
  end
943
957
 
944
- it "should delete the SALTED-SHA512 key in the shadow_hash_data hash if it exists on a 10.8 system and write_password_to_users_plist has been called to set the user's password" do
945
- expect(provider).to receive(:get_users_plist).and_return('users_plist')
946
- expect(provider).to receive(:get_shadow_hash_data).with('users_plist').and_return(sha512_shadowhashdata)
947
- expect(provider.class).to receive(:get_os_version).and_return('10.8')
948
- expect(provider).to receive(:set_salted_pbkdf2).with('users_plist', {}, 'entropy', pbkdf2_password_hash)
949
- provider.write_password_to_users_plist(pbkdf2_password_hash)
958
+ describe 'when on macOS version lower than 11' do
959
+ before do
960
+ allow(provider.class).to receive(:get_os_version)
961
+ allow(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
962
+ end
963
+
964
+ it 'should not add salted_sha512_pbkdf2 AuthenticationAuthority' do
965
+ expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
966
+ expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
967
+ expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
968
+ expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
969
+
970
+ expect(Puppet).not_to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
971
+ provider.write_password_to_users_plist(pbkdf2_password_hash)
972
+ end
973
+
974
+ it 'should call set_salted_sha512 on 10.7 when given a salted-SHA512 password hash' do
975
+ expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
976
+ expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(sha512_shadowhashdata)
977
+ expect(provider.class).to receive(:get_os_version).and_return('10.7')
978
+ expect(provider).to receive(:set_salted_sha512).with(sample_users_plist, sha512_shadowhashdata, sha512_password_hash)
979
+ provider.write_password_to_users_plist(sha512_password_hash)
980
+ end
981
+
982
+ it 'should call set_salted_pbkdf2 on 10.8 when given a PBKDF2 password hash' do
983
+ expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
984
+ expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
985
+ expect(provider.class).to receive(:get_os_version).and_return('10.8')
986
+ expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
987
+ provider.write_password_to_users_plist(pbkdf2_password_hash)
988
+ end
989
+
990
+ it "should delete the SALTED-SHA512 key in the shadow_hash_data hash if it exists on a 10.8 system and write_password_to_users_plist has been called to set the user's password" do
991
+ expect(provider).to receive(:get_users_plist).and_return('users_plist')
992
+ expect(provider).to receive(:get_shadow_hash_data).with('users_plist').and_return(sha512_shadowhashdata)
993
+ expect(provider.class).to receive(:get_os_version).and_return('10.8')
994
+ expect(provider).to receive(:set_salted_pbkdf2).with('users_plist', {}, 'entropy', pbkdf2_password_hash)
995
+ provider.write_password_to_users_plist(pbkdf2_password_hash)
996
+ end
950
997
  end
951
998
  end
952
999
 
@@ -974,16 +1021,7 @@ end
974
1021
  describe '#set_shadow_hash_data' do
975
1022
  let(:users_plist) { {'ShadowHashData' => ['string_data'] } }
976
1023
 
977
- it 'should flush the plist data to disk on OS X < 10.15' do
978
- allow(provider.class).to receive(:get_os_version).and_return('10.12')
979
-
980
- expect(provider).to receive(:write_users_plist_to_disk)
981
- provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
982
- end
983
-
984
- it 'should flush the plist data a temporary file on OS X >= 10.15' do
985
- allow(provider.class).to receive(:get_os_version).and_return('10.15')
986
-
1024
+ it 'should flush the plist data to a temporary file' do
987
1025
  expect(provider).to receive(:write_and_import_shadow_hash_data)
988
1026
  provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
989
1027
  end
@@ -1033,13 +1071,6 @@ end
1033
1071
  end
1034
1072
  end
1035
1073
 
1036
- describe '#write_users_plist_to_disk' do
1037
- it 'should save the passed plist to disk and convert it to a binary plist' do
1038
- expect(Puppet::Util::Plist).to receive(:write_plist_file).with(user_plist_xml, "#{users_plist_dir}/nonexistent_user.plist", :binary)
1039
- provider.write_users_plist_to_disk(user_plist_xml)
1040
- end
1041
- end
1042
-
1043
1074
  describe '#write_and_import_shadow_hash_data' do
1044
1075
  it 'should save the passed plist to a temporary file and import it' do
1045
1076
  tmpfile = double('tempfile', :path => "/tmp/dsimport_#{username}", :flush => nil)
@@ -1111,7 +1142,7 @@ end
1111
1142
  provider.class.instance_variable_set(:@os_version, nil) if provider.class.instance_variable_defined? :@os_version
1112
1143
  end
1113
1144
 
1114
- it 'should call Facter.value(:macosx_productversion_major) ONLY ONCE no matter how ' +
1145
+ it 'should call Puppet.runtime[:facter].value(:macosx_productversion_major) ONLY ONCE no matter how ' +
1115
1146
  'many times get_os_version() is called' do
1116
1147
  expect(Facter).to receive(:value).with(:macosx_productversion_major).once.and_return('10.8')
1117
1148
  expect(provider.class.get_os_version).to eq('10.8')
@@ -1203,6 +1234,7 @@ end
1203
1234
  before :each do
1204
1235
  allow(provider.class).to receive(:get_all_users).and_return(all_users_hash)
1205
1236
  allow(provider.class).to receive(:get_list_of_groups).and_return(group_plist_hash_guid)
1237
+ allow(provider).to receive(:merge_attribute_with_dscl).with('Users', username, 'AuthenticationAuthority', any_args)
1206
1238
  provider.class.prefetch({})
1207
1239
  end
1208
1240
 
@@ -13,6 +13,7 @@ describe Puppet::Type.type(:user).provider(:useradd) do
13
13
  allow(described_class).to receive(:command).with(:localmodify).and_return('/usr/sbin/lusermod')
14
14
  allow(described_class).to receive(:command).with(:delete).and_return('/usr/sbin/userdel')
15
15
  allow(described_class).to receive(:command).with(:localdelete).and_return('/usr/sbin/luserdel')
16
+ allow(described_class).to receive(:command).with(:chpasswd).and_return('/usr/sbin/chpasswd')
16
17
  end
17
18
 
18
19
  let(:resource) do
@@ -62,7 +63,7 @@ describe Puppet::Type.type(:user).provider(:useradd) do
62
63
  :provider => provider,
63
64
  )
64
65
  resource2[:ensure] = :present
65
- expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
66
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true)).twice
66
67
  provider.create
67
68
  end
68
69
 
@@ -208,7 +209,7 @@ describe Puppet::Type.type(:user).provider(:useradd) do
208
209
  end
209
210
 
210
211
  it "should call execute with sensitive if sensitive data is changed" do
211
- expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
212
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true)).and_return('')
212
213
  provider.password = 'bird bird bird'
213
214
  end
214
215
  end
@@ -351,6 +352,46 @@ describe Puppet::Type.type(:user).provider(:useradd) do
351
352
  end
352
353
  end
353
354
 
355
+ describe "#shell" do
356
+ before { described_class.has_feature :manages_local_users_and_groups }
357
+
358
+ let(:content) { "myuser:x:x:x:x:x:/bin/local_shell" }
359
+
360
+ it "should return the local shell string when forcelocal is true" do
361
+ resource[:forcelocal] = true
362
+ allow(Puppet::FileSystem).to receive(:exist?).with('/etc/passwd').and_return(true)
363
+ allow(Puppet::FileSystem).to receive(:each_line).with('/etc/passwd').and_yield(content)
364
+ expect(provider.shell).to eq('/bin/local_shell')
365
+ end
366
+
367
+ it "should fall back to nameservice shell string when forcelocal is false" do
368
+ resource[:forcelocal] = false
369
+ allow(provider).to receive(:get).with(:shell).and_return('/bin/remote_shell')
370
+ expect(provider).not_to receive(:localshell)
371
+ expect(provider.shell).to eq('/bin/remote_shell')
372
+ end
373
+ end
374
+
375
+ describe "#home" do
376
+ before { described_class.has_feature :manages_local_users_and_groups }
377
+
378
+ let(:content) { "myuser:x:x:x:x:/opt/local_home:x" }
379
+
380
+ it "should return the local home string when forcelocal is true" do
381
+ resource[:forcelocal] = true
382
+ allow(Puppet::FileSystem).to receive(:exist?).with('/etc/passwd').and_return(true)
383
+ allow(Puppet::FileSystem).to receive(:each_line).with('/etc/passwd').and_yield(content)
384
+ expect(provider.home).to eq('/opt/local_home')
385
+ end
386
+
387
+ it "should fall back to nameservice home string when forcelocal is false" do
388
+ resource[:forcelocal] = false
389
+ allow(provider).to receive(:get).with(:home).and_return('/opt/remote_home')
390
+ expect(provider).not_to receive(:localhome)
391
+ expect(provider.home).to eq('/opt/remote_home')
392
+ end
393
+ end
394
+
354
395
  describe "#gid" do
355
396
  before { described_class.has_feature :manages_local_users_and_groups }
356
397
 
@@ -375,21 +416,36 @@ describe Puppet::Type.type(:user).provider(:useradd) do
375
416
  before { described_class.has_feature :manages_local_users_and_groups }
376
417
 
377
418
  let(:content) do
378
- <<~EOF
419
+ StringIO.new(<<~EOF)
379
420
  group1:x:0:myuser
380
421
  group2:x:999:
381
422
  group3:x:998:myuser
382
423
  EOF
383
424
  end
384
425
 
426
+ let(:content_with_empty_line) do
427
+ StringIO.new(<<~EOF)
428
+ group1:x:0:myuser
429
+ group2:x:999:
430
+ group3:x:998:myuser
431
+
432
+ EOF
433
+ end
434
+
385
435
  it "should return the local groups string when forcelocal is true" do
386
436
  resource[:forcelocal] = true
387
- group1, group2, group3 = content.split
388
437
  allow(Puppet::FileSystem).to receive(:exist?).with('/etc/group').and_return(true)
389
- allow(Puppet::FileSystem).to receive(:each_line).with('/etc/group').and_yield(group1).and_yield(group2).and_yield(group3)
438
+ allow(File).to receive(:open).with(Pathname.new('/etc/group')).and_yield(content)
390
439
  expect(provider.groups).to eq(['group1', 'group3'])
391
440
  end
392
441
 
442
+ it "does not raise when parsing empty lines in /etc/group" do
443
+ resource[:forcelocal] = true
444
+ allow(Puppet::FileSystem).to receive(:exist?).with('/etc/group').and_return(true)
445
+ allow(File).to receive(:open).with(Pathname.new('/etc/group')).and_yield(content_with_empty_line)
446
+ expect { provider.groups }.not_to raise_error
447
+ end
448
+
393
449
  it "should fall back to nameservice groups when forcelocal is false" do
394
450
  resource[:forcelocal] = false
395
451
  allow(Puppet::Util::POSIX).to receive(:groups_of).with('myuser').and_return(['remote groups'])