RubyGems - puppet - Versions diffs - 6.21.1 → 6.25.0 - Mend

puppet 6.21.1 → 6.25.0

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (427) hide show

checksums.yaml +4 -4
data/CONTRIBUTING.md +5 -5
data/Gemfile +3 -3
data/Gemfile.lock +34 -28
data/README.md +4 -4
data/{ext → examples/enc}/regexp_nodes/classes/databases +0 -0
data/{ext → examples/enc}/regexp_nodes/classes/webservers +0 -0
data/{ext → examples/enc}/regexp_nodes/environment/development +0 -0
data/{ext → examples/enc}/regexp_nodes/parameters/service/prod +0 -0
data/{ext → examples/enc}/regexp_nodes/parameters/service/qa +0 -0
data/{ext → examples/enc}/regexp_nodes/parameters/service/sandbox +0 -0
data/{ext → examples/enc}/regexp_nodes/regexp_nodes.rb +0 -0
data/{ext → examples}/nagios/check_puppet.rb +2 -2
data/ext/README.md +13 -0
data/ext/osx/puppet.plist +2 -0
data/ext/project_data.yaml +3 -2
data/lib/puppet/application/agent.rb +16 -5
data/lib/puppet/application/apply.rb +22 -3
data/lib/puppet/application/device.rb +2 -1
data/lib/puppet/application/filebucket.rb +1 -0
data/lib/puppet/application/resource.rb +32 -16
data/lib/puppet/application/script.rb +2 -1
data/lib/puppet/application/ssl.rb +12 -0
data/lib/puppet/concurrent/thread_local_singleton.rb +1 -0
data/lib/puppet/configurer/downloader.rb +2 -1
data/lib/puppet/configurer.rb +85 -57
data/lib/puppet/confine/variable.rb +1 -1
data/lib/puppet/defaults.rb +63 -35
data/lib/puppet/environments.rb +91 -26
data/lib/puppet/face/facts.rb +129 -31
data/lib/puppet/face/help/action.erb +1 -0
data/lib/puppet/face/help/face.erb +1 -0
data/lib/puppet/face/node/clean.rb +11 -0
data/lib/puppet/facter_impl.rb +96 -0
data/lib/puppet/file_serving/configuration/parser.rb +2 -0
data/lib/puppet/file_serving/configuration.rb +3 -0
data/lib/puppet/file_serving/fileset.rb +14 -2
data/lib/puppet/file_serving/mount/file.rb +4 -4
data/lib/puppet/file_serving/mount/scripts.rb +24 -0
data/lib/puppet/file_system/file_impl.rb +3 -1
data/lib/puppet/file_system/memory_file.rb +8 -1
data/lib/puppet/file_system/windows.rb +4 -2
data/lib/puppet/forge.rb +4 -4
data/lib/puppet/functions/all.rb +1 -1
data/lib/puppet/functions/camelcase.rb +1 -1
data/lib/puppet/functions/capitalize.rb +2 -2
data/lib/puppet/functions/downcase.rb +2 -2
data/lib/puppet/functions/empty.rb +8 -0
data/lib/puppet/functions/find_template.rb +2 -2
data/lib/puppet/functions/get.rb +5 -5
data/lib/puppet/functions/group_by.rb +13 -5
data/lib/puppet/functions/lest.rb +1 -1
data/lib/puppet/functions/new.rb +100 -100
data/lib/puppet/functions/partition.rb +12 -4
data/lib/puppet/functions/require.rb +5 -5
data/lib/puppet/functions/sort.rb +3 -3
data/lib/puppet/functions/strftime.rb +1 -0
data/lib/puppet/functions/tree_each.rb +7 -9
data/lib/puppet/functions/type.rb +4 -4
data/lib/puppet/functions/unwrap.rb +17 -2
data/lib/puppet/functions/upcase.rb +2 -2
data/lib/puppet/http/resolver/server_list.rb +15 -4
data/lib/puppet/http/service/compiler.rb +75 -1
data/lib/puppet/http/service/file_server.rb +2 -1
data/lib/puppet/indirector/catalog/compiler.rb +25 -6
data/lib/puppet/indirector/catalog/rest.rb +1 -0
data/lib/puppet/indirector/facts/facter.rb +28 -7
data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
data/lib/puppet/indirector/indirection.rb +1 -1
data/lib/puppet/indirector/resource/ral.rb +6 -1
data/lib/puppet/indirector/terminus.rb +4 -0
data/lib/puppet/interface/documentation.rb +1 -0
data/lib/puppet/module/plan.rb +0 -1
data/lib/puppet/module/task.rb +1 -1
data/lib/puppet/module.rb +1 -0
data/lib/puppet/module_tool/applications/installer.rb +12 -4
data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
data/lib/puppet/module_tool/errors/shared.rb +17 -0
data/lib/puppet/network/formats.rb +67 -0
data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
data/lib/puppet/network/http/factory.rb +4 -0
data/lib/puppet/node/environment.rb +10 -11
data/lib/puppet/pal/pal_impl.rb +1 -1
data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
data/lib/puppet/parser/scope.rb +1 -0
data/lib/puppet/parser/templatewrapper.rb +1 -0
data/lib/puppet/pops/lookup/lookup_adapter.rb +3 -2
data/lib/puppet/pops/model/ast.rb +1 -0
data/lib/puppet/pops/model/factory.rb +2 -1
data/lib/puppet/pops/parser/eparser.rb +201 -201
data/lib/puppet/pops/parser/lexer2.rb +92 -91
data/lib/puppet/pops/parser/slurp_support.rb +1 -0
data/lib/puppet/pops/serialization/to_data_converter.rb +18 -6
data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
data/lib/puppet/pops/types/type_formatter.rb +4 -3
data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
data/lib/puppet/pops/types/types.rb +1 -1
data/lib/puppet/provider/aix_object.rb +1 -1
data/lib/puppet/provider/exec/posix.rb +16 -4
data/lib/puppet/provider/group/groupadd.rb +5 -2
data/lib/puppet/provider/package/dnfmodule.rb +1 -1
data/lib/puppet/provider/package/nim.rb +11 -6
data/lib/puppet/provider/package/pip.rb +15 -3
data/lib/puppet/provider/package/pkg.rb +19 -2
data/lib/puppet/provider/package/puppetserver_gem.rb +1 -1
data/lib/puppet/provider/package/yum.rb +1 -1
data/lib/puppet/provider/parsedfile.rb +3 -0
data/lib/puppet/provider/service/base.rb +1 -1
data/lib/puppet/provider/service/init.rb +5 -5
data/lib/puppet/provider/service/launchd.rb +2 -2
data/lib/puppet/provider/service/redhat.rb +1 -1
data/lib/puppet/provider/service/smf.rb +3 -3
data/lib/puppet/provider/service/systemd.rb +16 -6
data/lib/puppet/provider/service/upstart.rb +5 -5
data/lib/puppet/provider/service/windows.rb +38 -0
data/lib/puppet/provider/user/aix.rb +44 -1
data/lib/puppet/provider/user/directoryservice.rb +26 -13
data/lib/puppet/provider/user/useradd.rb +73 -17
data/lib/puppet/provider.rb +1 -1
data/lib/puppet/reference/configuration.rb +1 -1
data/lib/puppet/reference/providers.rb +2 -2
data/lib/puppet/resource/type_collection.rb +1 -0
data/lib/puppet/runtime.rb +11 -1
data/lib/puppet/settings/environment_conf.rb +1 -0
data/lib/puppet/settings.rb +32 -9
data/lib/puppet/test/test_helper.rb +4 -1
data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
data/lib/puppet/transaction/persistence.rb +11 -1
data/lib/puppet/transaction/report.rb +15 -1
data/lib/puppet/type/exec.rb +35 -5
data/lib/puppet/type/file/mode.rb +6 -0
data/lib/puppet/type/file/selcontext.rb +1 -1
data/lib/puppet/type/file.rb +25 -7
data/lib/puppet/type/filebucket.rb +3 -3
data/lib/puppet/type/group.rb +0 -1
data/lib/puppet/type/resources.rb +1 -1
data/lib/puppet/type/service.rb +26 -41
data/lib/puppet/type/tidy.rb +22 -3
data/lib/puppet/type/user.rb +38 -21
data/lib/puppet/type.rb +1 -1
data/lib/puppet/util/command_line.rb +1 -1
data/lib/puppet/util/fact_dif.rb +36 -17
data/lib/puppet/util/filetype.rb +2 -2
data/lib/puppet/util/json.rb +3 -0
data/lib/puppet/util/log.rb +1 -2
data/lib/puppet/util/logging.rb +1 -25
data/lib/puppet/util/monkey_patches.rb +7 -0
data/lib/puppet/util/pidlock.rb +1 -1
data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
data/lib/puppet/util/selinux.rb +30 -4
data/lib/puppet/util/suidmanager.rb +1 -2
data/lib/puppet/util/symbolic_file_mode.rb +29 -17
data/lib/puppet/util/tagging.rb +1 -0
data/lib/puppet/util/windows/adsi.rb +46 -0
data/lib/puppet/util/windows/api_types.rb +1 -1
data/lib/puppet/util/windows/principal.rb +9 -2
data/lib/puppet/util/windows/sid.rb +6 -2
data/lib/puppet/util/windows/user.rb +0 -2
data/lib/puppet/util.rb +4 -3
data/lib/puppet/version.rb +1 -1
data/lib/puppet.rb +5 -9
data/locales/puppet.pot +506 -410
data/man/man5/puppet.conf.5 +310 -274
data/man/man8/puppet-agent.8 +4 -1
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-catalog.8 +9 -9
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +1 -1
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +65 -7
data/man/man8/puppet-filebucket.8 +1 -1
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-key.8 +7 -7
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +3 -3
data/man/man8/puppet-node.8 +5 -5
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +5 -5
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +5 -1
data/man/man8/puppet-status.8 +4 -4
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +3 -0
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +4 -0
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +3 -0
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +8 -0
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +25 -0
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +19 -0
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +20 -0
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +8 -0
data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
data/spec/fixtures/ssl/ca.pem +57 -35
data/spec/fixtures/ssl/crl.pem +28 -18
data/spec/fixtures/ssl/ec-key.pem +11 -11
data/spec/fixtures/ssl/ec.pem +33 -24
data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
data/spec/fixtures/ssl/encrypted-key.pem +108 -58
data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
data/spec/fixtures/ssl/intermediate.pem +57 -36
data/spec/fixtures/ssl/oid-key.pem +117 -0
data/spec/fixtures/ssl/oid.pem +69 -0
data/spec/fixtures/ssl/pluto-key.pem +107 -57
data/spec/fixtures/ssl/pluto.pem +52 -30
data/spec/fixtures/ssl/request-key.pem +107 -57
data/spec/fixtures/ssl/request.pem +47 -26
data/spec/fixtures/ssl/revoked-key.pem +107 -57
data/spec/fixtures/ssl/revoked.pem +52 -30
data/spec/fixtures/ssl/signed-key.pem +107 -57
data/spec/fixtures/ssl/signed.pem +52 -30
data/spec/fixtures/ssl/tampered-cert.pem +52 -30
data/spec/fixtures/ssl/tampered-csr.pem +47 -26
data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
data/spec/fixtures/ssl/unknown-ca.pem +55 -33
data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
data/spec/integration/application/agent_spec.rb +113 -37
data/spec/integration/application/filebucket_spec.rb +16 -0
data/spec/integration/application/module_spec.rb +21 -0
data/spec/integration/application/plugin_spec.rb +1 -1
data/spec/integration/application/resource_spec.rb +64 -0
data/spec/integration/application/ssl_spec.rb +20 -0
data/spec/integration/configurer_spec.rb +18 -2
data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
data/spec/integration/http/client_spec.rb +12 -0
data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
data/spec/integration/indirector/facts/facter_spec.rb +93 -39
data/spec/integration/l10n/compiler_spec.rb +37 -0
data/spec/integration/transaction/report_spec.rb +1 -1
data/spec/integration/type/exec_spec.rb +70 -45
data/spec/integration/type/file_spec.rb +2 -2
data/spec/integration/type/package_spec.rb +6 -6
data/spec/integration/util/rdoc/parser_spec.rb +1 -1
data/spec/integration/util/windows/adsi_spec.rb +18 -0
data/spec/integration/util/windows/principal_spec.rb +21 -0
data/spec/integration/util/windows/process_spec.rb +1 -9
data/spec/integration/util/windows/registry_spec.rb +6 -0
data/spec/lib/puppet/test_ca.rb +7 -2
data/spec/lib/puppet_spec/modules.rb +13 -2
data/spec/lib/puppet_spec/puppetserver.rb +15 -0
data/spec/lib/puppet_spec/settings.rb +1 -0
data/spec/shared_behaviours/documentation_on_faces.rb +0 -2
data/spec/shared_contexts/l10n.rb +27 -0
data/spec/spec_helper.rb +12 -11
data/spec/unit/application/agent_spec.rb +7 -2
data/spec/unit/application/apply_spec.rb +76 -56
data/spec/unit/application/facts_spec.rb +482 -3
data/spec/unit/application/resource_spec.rb +29 -0
data/spec/unit/application/ssl_spec.rb +23 -0
data/spec/unit/configurer/downloader_spec.rb +6 -0
data/spec/unit/configurer_spec.rb +194 -56
data/spec/unit/defaults_spec.rb +17 -0
data/spec/unit/environments_spec.rb +348 -88
data/spec/unit/face/facts_spec.rb +4 -0
data/spec/unit/facter_impl_spec.rb +31 -0
data/spec/unit/file_bucket/dipper_spec.rb +2 -2
data/spec/unit/file_serving/configuration/parser_spec.rb +23 -0
data/spec/unit/file_serving/configuration_spec.rb +14 -4
data/spec/unit/file_serving/fileset_spec.rb +60 -0
data/spec/unit/file_serving/mount/scripts_spec.rb +69 -0
data/spec/unit/file_system_spec.rb +22 -0
data/spec/unit/functions/assert_type_spec.rb +1 -1
data/spec/unit/functions/empty_spec.rb +10 -0
data/spec/unit/functions/logging_spec.rb +1 -0
data/spec/unit/functions/lookup_spec.rb +64 -0
data/spec/unit/functions/unwrap_spec.rb +8 -0
data/spec/unit/functions4_spec.rb +2 -2
data/spec/unit/gettext/config_spec.rb +12 -0
data/spec/unit/http/service/compiler_spec.rb +131 -0
data/spec/unit/indirector/catalog/compiler_spec.rb +101 -10
data/spec/unit/indirector/catalog/rest_spec.rb +8 -0
data/spec/unit/indirector/facts/facter_spec.rb +95 -0
data/spec/unit/indirector/indirection_spec.rb +10 -3
data/spec/unit/indirector/resource/ral_spec.rb +40 -75
data/spec/unit/interface/action_spec.rb +0 -9
data/spec/unit/module_spec.rb +15 -1
data/spec/unit/module_tool/applications/installer_spec.rb +51 -12
data/spec/unit/network/authstore_spec.rb +0 -15
data/spec/unit/network/formats_spec.rb +47 -0
data/spec/unit/network/http/factory_spec.rb +19 -0
data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
data/spec/unit/parser/templatewrapper_spec.rb +12 -2
data/spec/unit/pops/parser/parse_containers_spec.rb +0 -11
data/spec/unit/pops/serialization/to_from_hr_spec.rb +58 -0
data/spec/unit/pops/serialization/to_stringified_spec.rb +5 -0
data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
data/spec/unit/pops/types/type_calculator_spec.rb +6 -0
data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
data/spec/unit/provider/package/gem_spec.rb +1 -1
data/spec/unit/provider/package/nim_spec.rb +42 -0
data/spec/unit/provider/package/pip2_spec.rb +1 -1
data/spec/unit/provider/package/pip3_spec.rb +1 -1
data/spec/unit/provider/package/pip_spec.rb +38 -1
data/spec/unit/provider/package/pkg_spec.rb +29 -4
data/spec/unit/provider/package/puppet_gem_spec.rb +1 -1
data/spec/unit/provider/package/puppetserver_gem_spec.rb +1 -1
data/spec/unit/provider/parsedfile_spec.rb +10 -0
data/spec/unit/provider/service/init_spec.rb +1 -0
data/spec/unit/provider/service/launchd_spec.rb +11 -0
data/spec/unit/provider/service/openwrt_spec.rb +3 -1
data/spec/unit/provider/service/systemd_spec.rb +54 -9
data/spec/unit/provider/service/windows_spec.rb +202 -0
data/spec/unit/provider/user/aix_spec.rb +100 -0
data/spec/unit/provider/user/directoryservice_spec.rb +68 -36
data/spec/unit/provider/user/useradd_spec.rb +61 -5
data/spec/unit/provider_spec.rb +4 -4
data/spec/unit/puppet_spec.rb +12 -4
data/spec/unit/resource/catalog_spec.rb +1 -1
data/spec/unit/settings_spec.rb +97 -56
data/spec/unit/ssl/certificate_request_spec.rb +8 -14
data/spec/unit/ssl/state_machine_spec.rb +19 -5
data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
data/spec/unit/transaction_spec.rb +18 -20
data/spec/unit/type/exec_spec.rb +76 -29
data/spec/unit/type/file/selinux_spec.rb +3 -3
data/spec/unit/type/file/source_spec.rb +4 -4
data/spec/unit/type/service_spec.rb +86 -188
data/spec/unit/type/tidy_spec.rb +24 -7
data/spec/unit/type/user_spec.rb +45 -0
data/spec/unit/type_spec.rb +2 -2
data/spec/unit/util/logging_spec.rb +2 -0
data/spec/unit/util/selinux_spec.rb +87 -16
data/spec/unit/util/windows/sid_spec.rb +41 -0
data/tasks/generate_cert_fixtures.rake +12 -3
data/tasks/parallel.rake +3 -3
metadata +51 -99
data/ext/README.environment +0 -8
data/ext/dbfix.sql +0 -132
data/ext/debian/README.Debian +0 -8
data/ext/debian/README.source +0 -2
data/ext/debian/TODO.Debian +0 -1
data/ext/debian/changelog.erb +0 -1122
data/ext/debian/compat +0 -1
data/ext/debian/control +0 -144
data/ext/debian/copyright +0 -339
data/ext/debian/docs +0 -1
data/ext/debian/fileserver.conf +0 -41
data/ext/debian/puppet-common.dirs +0 -13
data/ext/debian/puppet-common.install +0 -3
data/ext/debian/puppet-common.lintian-overrides +0 -5
data/ext/debian/puppet-common.manpages +0 -28
data/ext/debian/puppet-common.postinst +0 -35
data/ext/debian/puppet-common.postrm +0 -33
data/ext/debian/puppet-el.dirs +0 -1
data/ext/debian/puppet-el.emacsen-install +0 -25
data/ext/debian/puppet-el.emacsen-remove +0 -11
data/ext/debian/puppet-el.emacsen-startup +0 -9
data/ext/debian/puppet-el.install +0 -1
data/ext/debian/puppet-testsuite.install +0 -2
data/ext/debian/puppet-testsuite.lintian-overrides +0 -4
data/ext/debian/puppet.lintian-overrides +0 -3
data/ext/debian/puppet.logrotate +0 -20
data/ext/debian/puppet.postinst +0 -20
data/ext/debian/puppet.postrm +0 -20
data/ext/debian/puppet.preinst +0 -20
data/ext/debian/puppetmaster-common.install +0 -2
data/ext/debian/puppetmaster-common.manpages +0 -2
data/ext/debian/puppetmaster-common.postinst +0 -6
data/ext/debian/puppetmaster-passenger.dirs +0 -4
data/ext/debian/puppetmaster-passenger.postinst +0 -162
data/ext/debian/puppetmaster-passenger.postrm +0 -61
data/ext/debian/puppetmaster.README.debian +0 -17
data/ext/debian/puppetmaster.default +0 -14
data/ext/debian/puppetmaster.init +0 -137
data/ext/debian/puppetmaster.lintian-overrides +0 -3
data/ext/debian/puppetmaster.postinst +0 -20
data/ext/debian/puppetmaster.postrm +0 -5
data/ext/debian/puppetmaster.preinst +0 -22
data/ext/debian/rules +0 -132
data/ext/debian/source/format +0 -1
data/ext/debian/source/options +0 -1
data/ext/debian/vim-puppet.README.Debian +0 -13
data/ext/debian/vim-puppet.dirs +0 -5
data/ext/debian/vim-puppet.yaml +0 -7
data/ext/debian/watch +0 -2
data/ext/freebsd/puppetd +0 -26
data/ext/freebsd/puppetmasterd +0 -26
data/ext/gentoo/conf.d/puppet +0 -5
data/ext/gentoo/conf.d/puppetmaster +0 -12
data/ext/gentoo/init.d/puppet +0 -38
data/ext/gentoo/init.d/puppetmaster +0 -51
data/ext/gentoo/puppet/fileserver.conf +0 -41
data/ext/ips/puppet-agent +0 -44
data/ext/ips/puppet-master +0 -44
data/ext/ips/puppet.p5m.erb +0 -12
data/ext/ips/puppetagent.xml +0 -42
data/ext/ips/puppetmaster.xml +0 -42
data/ext/ips/rules +0 -19
data/ext/ips/transforms +0 -34
data/ext/ldap/puppet.schema +0 -24
data/ext/logcheck/puppet +0 -23
data/ext/osx/file_mapping.yaml +0 -33
data/ext/osx/postflight.erb +0 -109
data/ext/osx/preflight.erb +0 -52
data/ext/osx/prototype.plist.erb +0 -38
data/ext/redhat/fileserver.conf +0 -41
data/ext/redhat/logrotate +0 -21
data/ext/redhat/puppet.spec.erb +0 -842
data/ext/redhat/server.init +0 -128
data/ext/redhat/server.sysconfig +0 -13
data/ext/solaris/pkginfo +0 -6
data/ext/solaris/smf/puppetd.xml +0 -77
data/ext/solaris/smf/puppetmasterd.xml +0 -77
data/ext/solaris/smf/svc-puppetd +0 -71
data/ext/solaris/smf/svc-puppetmasterd +0 -67
data/ext/suse/puppet.spec +0 -310
data/ext/suse/server.init +0 -173
data/ext/yaml_nodes.rb +0 -105
data/spec/lib/matchers/include.rb +0 -27
data/spec/lib/matchers/include_spec.rb +0 -32
data/spec/unit/indirector/store_configs_spec.rb +0 -7

data/spec/unit/provider/service/systemd_spec.rb CHANGED Viewed

@@ -34,7 +34,7 @@ describe 'Puppet::Type::Service::Provider::Systemd',
     end
   end
-  [7, 8].each do |ver|
+  [7, 8, 9].each do |ver|
     it "should be the default provider on rhel#{ver}" do
       allow(Facter).to receive(:value).with(:osfamily).and_return(:redhat)
       allow(Facter).to receive(:value).with(:operatingsystem).and_return(:redhat)
@@ -200,6 +200,17 @@ describe 'Puppet::Type::Service::Provider::Systemd',
       })
     end
+    it "correctly parses services when list-unit-files has an additional column" do
+      expect(provider_class).to receive(:systemctl).with('list-unit-files', '--type', 'service', '--full', '--all', '--no-pager').and_return(File.read(my_fixture('list_unit_files_services_vendor_preset')))
+      expect(provider_class.instances.map(&:name)).to match_array(%w{
+        arp-ethers.service
+        auditd.service
+        dbus.service
+        umountnfs.service
+        urandom.service
+      })
+    end
     it "should print a debug message when a service with the state `bad` is found" do
       expect(provider_class).to receive(:systemctl).with('list-unit-files', '--type', 'service', '--full', '--all', '--no-pager').and_return(File.read(my_fixture('list_unit_files_services')))
       expect(Puppet).to receive(:debug).with("apparmor.service marked as bad by `systemctl`. It is recommended to be further checked.")
@@ -346,6 +357,9 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
   describe "#mask" do
     it "should run systemctl to disable and mask a service" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
+      expect(provider).to receive(:execute).
+                            with(['/bin/systemctl','cat', '--', 'sshd.service'], :failonfail => false).
+                            and_return(Puppet::Util::Execution::ProcessOutput.new("# /lib/systemd/system/sshd.service\n...", 0))
       # :disable is the only call in the provider that uses a symbol instead of
       # a string.
       # This should be made consistent in the future and all tests updated.
@@ -353,6 +367,15 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
       expect(provider).to receive(:systemctl).with(:mask, '--', 'sshd.service')
       provider.mask
     end
+    it "masks a service that doesn't exist" do
+      provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'doesnotexist.service'))
+      expect(provider).to receive(:execute).
+                            with(['/bin/systemctl','cat', '--', 'doesnotexist.service'], :failonfail => false).
+                            and_return(Puppet::Util::Execution::ProcessOutput.new("No files found for doesnotexist.service.\n", 1))
+      expect(provider).to receive(:systemctl).with(:mask, '--', 'doesnotexist.service')
+      provider.mask
+    end
   end
   # Note: systemd provider does not care about hasstatus or a custom status
@@ -456,17 +479,39 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
     context 'when service state is static' do
       let(:service_state) { 'static' }
-      it 'is always enabled_insync even if current value is the same as expected' do
-        expect(provider).to be_enabled_insync(:false)
-      end
+      context 'when enable is not mask' do
+        it 'is always enabled_insync even if current value is the same as expected' do
+          expect(provider).to be_enabled_insync(:false)
+        end
-      it 'is always enabled_insync even if current value is not the same as expected' do
-        expect(provider).to be_enabled_insync(:true)
+        it 'is always enabled_insync even if current value is not the same as expected' do
+          expect(provider).to be_enabled_insync(:true)
+        end
+        it 'logs a debug messsage' do
+          expect(Puppet).to receive(:debug).with("Unable to enable or disable static service sshd.service")
+          provider.enabled_insync?(:true)
+        end
       end
-      it 'logs a debug messsage' do
-        expect(Puppet).to receive(:debug).with("Unable to enable or disable static service sshd.service")
-        provider.enabled_insync?(:true)
+      context 'when enable is mask' do
+        let(:provider) do
+          provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service',
+                                                             :enable => 'mask'))
+        end
+        it 'is enabled_insync if current value is the same as expected' do
+          expect(provider).to be_enabled_insync(:mask)
+        end
+        it 'is not enabled_insync if current value is not the same as expected' do
+          expect(provider).not_to be_enabled_insync(:true)
+        end
+        it 'logs no debug messsage' do
+          expect(Puppet).not_to receive(:debug)
+          provider.enabled_insync?(:true)
+        end
       end
     end

data/spec/unit/provider/service/windows_spec.rb CHANGED Viewed

@@ -271,4 +271,206 @@ describe 'Puppet::Type::Service::Provider::Windows',
       }.to raise_error(Puppet::Error, /Cannot enable #{name}/)
     end
   end
+  describe "when managing logon credentials" do
+    before do
+      allow(Puppet::Util::Windows::ADSI).to receive(:computer_name).and_return(computer_name)
+      allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(principal)
+      allow(Puppet::Util::Windows::Service).to receive(:set_startup_configuration).and_return(nil)
+    end
+    let(:computer_name) { 'myPC' }
+    describe "#logonaccount=" do
+      before do
+        allow(Puppet::Util::Windows::User).to receive(:password_is?).and_return(true)
+        resource[:logonaccount] = user_input
+        provider.logonaccount_insync?(user_input)
+      end
+      let(:user_input) { principal.account }
+      let(:principal) do
+        Puppet::Util::Windows::SID::Principal.new("myUser", nil, nil, computer_name, :SidTypeUser)
+      end
+      context "when given user is 'myUser'" do
+        it "should fail when the `Log On As A Service` right is missing from given user" do
+          allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("")
+          expect { provider.logonaccount=(user_input) }.to raise_error(Puppet::Error, /".\\#{principal.account}" is missing the 'Log On As A Service' right./)
+        end
+        it "should fail when the `Log On As A Service` right is set to denied for given user" do
+          allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("SeDenyServiceLogonRight")
+          expect { provider.logonaccount=(user_input) }.to raise_error(Puppet::Error, /".\\#{principal.account}" has the 'Log On As A Service' right set to denied./)
+        end
+        it "should not fail when given user has the `Log On As A Service` right" do
+          allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("SeServiceLogonRight")
+          expect { provider.logonaccount=(user_input) }.not_to raise_error
+        end
+        ['myUser', 'myPC\\myUser', ".\\myUser", "MYPC\\mYuseR"].each do |user_input_variant|
+          let(:user_input) { user_input_variant }
+          it "should succesfully munge #{user_input_variant} to '.\\myUser'" do
+            allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("SeServiceLogonRight")
+            expect { provider.logonaccount=(user_input) }.not_to raise_error
+            expect(resource[:logonaccount]).to eq(".\\myUser")
+          end
+        end
+      end
+      context "when given user is a system account" do
+        before do
+          allow(Puppet::Util::Windows::User).to receive(:default_system_account?).and_return(true)
+        end
+        let(:user_input) { principal.account }
+        let(:principal) do
+          Puppet::Util::Windows::SID::Principal.new("LOCAL SERVICE", nil, nil, "NT AUTHORITY", :SidTypeUser)
+        end
+        it "should not fail when given user is a default system account even if the `Log On As A Service` right is missing" do
+          expect(Puppet::Util::Windows::User).not_to receive(:get_rights)
+          expect { provider.logonaccount=(user_input) }.not_to raise_error
+        end
+        ['LocalSystem', '.\LocalSystem', 'myPC\LocalSystem', 'lOcALsysTem'].each do |user_input_variant|
+          let(:user_input) { user_input_variant }
+          it "should succesfully munge #{user_input_variant} to 'LocalSystem'" do
+            expect { provider.logonaccount=(user_input) }.not_to raise_error
+            expect(resource[:logonaccount]).to eq('LocalSystem')
+          end
+        end
+      end
+      context "when domain is different from computer name" do
+        before do
+          allow(Puppet::Util::Windows::User).to receive(:get_rights).and_return("SeServiceLogonRight")
+        end
+        context "when given user is from AD" do
+          let(:user_input) { 'myRemoteUser' }
+          let(:principal) do
+            Puppet::Util::Windows::SID::Principal.new("myRemoteUser", nil, nil, "AD", :SidTypeUser)
+          end
+          it "should not raise any error" do
+            expect { provider.logonaccount=(user_input) }.not_to raise_error
+          end
+          it "should succesfully be munged" do
+            expect { provider.logonaccount=(user_input) }.not_to raise_error
+            expect(resource[:logonaccount]).to eq('AD\myRemoteUser')
+          end
+        end
+        context "when given user is LocalService" do
+          let(:user_input) { 'LocalService' }
+          let(:principal) do
+            Puppet::Util::Windows::SID::Principal.new("LOCAL SERVICE", nil, nil, "NT AUTHORITY", :SidTypeWellKnownGroup)
+          end
+          it "should succesfully munge well known user" do
+            expect { provider.logonaccount=(user_input) }.not_to raise_error
+            expect(resource[:logonaccount]).to eq('NT AUTHORITY\LOCAL SERVICE')
+          end
+        end
+        context "when given user is in SID form" do
+          let(:user_input) { 'S-1-5-20' }
+          let(:principal) do
+            Puppet::Util::Windows::SID::Principal.new("NETWORK SERVICE", nil, nil, "NT AUTHORITY", :SidTypeUser)
+          end
+          it "should succesfully munge" do
+            expect { provider.logonaccount=(user_input) }.not_to raise_error
+            expect(resource[:logonaccount]).to eq('NT AUTHORITY\NETWORK SERVICE')
+          end
+        end
+        context "when given user is actually a group" do
+          let(:principal) do
+            Puppet::Util::Windows::SID::Principal.new("Administrators", nil, nil, "BUILTIN", :SidTypeAlias)
+          end
+          let(:user_input) { 'Administrators' }
+          it "should fail when sid type is not user or well known user" do
+            expect { provider.logonaccount=(user_input) }.to raise_error(Puppet::Error, /"BUILTIN\\#{user_input}" is not a valid account/)
+          end
+        end
+      end
+    end
+    describe "#logonpassword=" do
+      before do
+        allow(Puppet::Util::Windows::User).to receive(:get_rights).and_return('SeServiceLogonRight')
+        resource[:logonaccount] = account
+        resource[:logonpassword] = user_input
+        provider.logonaccount_insync?(account)
+      end
+      let(:account) { 'LocalSystem' }
+      describe "when given logonaccount is a predefined_local_account" do
+        let(:user_input) { 'pass' }
+        let(:principal) { nil }
+        it "should pass validation when given account is 'LocalSystem'" do
+          allow(Puppet::Util::Windows::User).to receive(:localsystem?).with('LocalSystem').and_return(true)
+          allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with('LocalSystem').and_return(true)
+          expect(Puppet::Util::Windows::User).not_to receive(:password_is?)
+          expect { provider.logonpassword=(user_input) }.not_to raise_error
+        end
+        ['LOCAL SERVICE', 'NETWORK SERVICE', 'SYSTEM'].each do |predefined_local_account|
+          describe "when given account is #{predefined_local_account}" do
+            let(:account) { 'predefined_local_account' }
+            let(:principal) do
+              Puppet::Util::Windows::SID::Principal.new(account, nil, nil, "NT AUTHORITY", :SidTypeUser)
+            end
+            it "should pass validation" do
+              allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(principal.account).and_return(false)
+              allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(principal.domain_account).and_return(false)
+              expect(Puppet::Util::Windows::User).to receive(:default_system_account?).with(principal.domain_account).and_return(true).twice
+              expect(Puppet::Util::Windows::User).not_to receive(:password_is?)
+              expect { provider.logonpassword=(user_input) }.not_to raise_error
+            end
+          end
+        end
+      end
+      describe "when given logonaccount is not a predefined local account" do
+        before do
+          allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(".\\#{principal.account}").and_return(false)
+          allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with(".\\#{principal.account}").and_return(false)
+        end
+        let(:account) { 'myUser' }
+        let(:principal) do
+          Puppet::Util::Windows::SID::Principal.new(account, nil, nil, computer_name, :SidTypeUser)
+        end
+        describe "when password is proven correct" do
+          let(:user_input) { 'myPass' }
+          it "should pass validation" do
+            allow(Puppet::Util::Windows::User).to receive(:password_is?).with('myUser', 'myPass', '.').and_return(true)
+            expect { provider.logonpassword=(user_input) }.not_to raise_error
+          end
+        end
+        describe "when password is not proven correct" do
+          let(:user_input) { 'myWrongPass' }
+          it "should not pass validation" do
+            allow(Puppet::Util::Windows::User).to receive(:password_is?).with('myUser', 'myWrongPass', '.').and_return(false)
+            expect { provider.logonpassword=(user_input) }.to raise_error(Puppet::Error, /The given password is invalid for user '.\\myUser'/)
+          end
+        end
+      end
+    end
+  end
 end

data/spec/unit/provider/user/aix_spec.rb CHANGED Viewed

@@ -217,4 +217,104 @@ describe 'Puppet::Type::User::Provider::Aix' do
       provider.create
     end
   end
+  describe '#list_all_homes' do
+    it "should return empty array and output debug on failure" do
+      allow(Puppet::Util::Execution).to receive(:execute).and_raise(Puppet::ExecutionFailure, 'Execution failed')
+      expect(Puppet).to receive(:debug).with('Could not list home of all users: Execution failed')
+      expect(provider.list_all_homes).to eql({})
+    end
+  end
+  describe '#delete' do
+    before(:each) do
+      allow(File).to receive(:realpath).and_call_original
+      allow(FileUtils).to receive(:remove_entry_secure).and_call_original
+      allow(provider.resource).to receive(:should).with(anything).and_return(nil)
+      allow(provider).to receive(:home).and_return(Dir.tmpdir)
+      allow(provider).to receive(:execute).and_return(nil)
+      allow(provider).to receive(:object_info).and_return(nil)
+      allow(FileUtils).to receive(:remove_entry_secure).with(Dir.tmpdir, true).and_return(nil)
+    end
+    context 'with managehome true' do
+      before(:each) do
+        allow(provider.resource).to receive(:managehome?).and_return(true)
+        allow(provider).to receive(:list_all_homes).and_return([])
+      end
+      it 'should delete the user without error' do
+        expect{ provider.delete }.not_to raise_error
+      end
+      it "should not remove home when relative" do
+        allow(provider).to receive(:home).and_return('relative_path')
+        expect(Puppet).to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
+        provider.delete
+      end
+      it "should not remove home when '/'" do
+        allow(provider).to receive(:home).and_return('/')
+        expect(Puppet).to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
+        provider.delete
+      end
+      it "should not remove home when symlink" do
+        allow(Puppet::FileSystem).to receive(:symlink?).with(Dir.tmpdir).and_return(true)
+        expect(Puppet).to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
+        provider.delete
+      end
+      it "should not remove home when other users would be affected" do
+        allow(provider).to receive(:home).and_return('/special')
+        allow(File).to receive(:realpath).with('/special').and_return('/special')
+        allow(Puppet::Util).to receive(:absolute_path?).with('/special').and_return(true)
+        allow(provider).to receive(:list_all_homes).and_return([{:name => 'other_user', :home => '/special/other_user'}])
+        expect(Puppet).to receive(:debug).with(/it would remove the home directory '\/special\/other_user' of user 'other_user' also./)
+        provider.delete
+      end
+      it 'should remove homedir' do
+        expect(FileUtils).to receive(:remove_entry_secure).with(Dir.tmpdir, true)
+        provider.delete
+      end
+    end
+    context 'with managehome false' do
+      before(:each) do
+        allow(provider.resource).to receive(:managehome?).and_return(false)
+      end
+      it 'should delete the user without error' do
+        expect{ provider.delete }.not_to raise_error
+      end
+      it 'should not remove homedir' do
+        expect(FileUtils).not_to receive(:remove_entry_secure).with(Dir.tmpdir, true)
+      end
+      it 'should not print manage home debug messages' do
+        expect(Puppet).not_to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
+        expect(Puppet).not_to receive(:debug).with(/it would remove the home directory '\/special\/other_user' of user 'other_user' also./)
+        provider.delete
+      end
+    end
+  end
+  describe '#deletecmd' do
+    it 'uses the -p flag when removing the user' do
+      allow(provider.class).to receive(:command).with(:delete).and_return('delete')
+      allow(provider).to receive(:ia_module_args).and_return(['ia_module_args'])
+      expect(provider.deletecmd).to eql(
+        ['delete', '-p', 'ia_module_args', provider.resource.name]
+      )
+    end
+  end
 end

data/spec/unit/provider/user/directoryservice_spec.rb CHANGED Viewed

@@ -925,28 +925,75 @@ end
       }
     end
-    it 'should call set_salted_sha512 on 10.7 when given a salted-SHA512 password hash' do
-      expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
-      expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(sha512_shadowhashdata)
-      expect(provider.class).to receive(:get_os_version).and_return('10.7')
-      expect(provider).to receive(:set_salted_sha512).with(sample_users_plist, sha512_shadowhashdata, sha512_password_hash)
-      provider.write_password_to_users_plist(sha512_password_hash)
+    before do
+      allow(provider).to receive(:merge_attribute_with_dscl).with('Users', username, 'AuthenticationAuthority', any_args)
     end
-    it 'should call set_salted_pbkdf2 on 10.8 when given a PBKDF2 password hash' do
-      expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
-      expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
-      expect(provider.class).to receive(:get_os_version).and_return('10.8')
-      expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
-      provider.write_password_to_users_plist(pbkdf2_password_hash)
+    describe 'when on macOS 11 (Big Sur) or greater' do
+      before do
+        allow(provider.class).to receive(:get_os_version).and_return('11.0.0')
+      end
+      it 'should add salted_sha512_pbkdf2 AuthenticationAuthority key if missing' do
+        expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
+        expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
+        expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
+        expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(true)
+        expect(Puppet).to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
+        provider.write_password_to_users_plist(pbkdf2_password_hash)
+      end
+      it 'should not add salted_sha512_pbkdf2 AuthenticationAuthority key if not missing' do
+        expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
+        expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
+        expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
+        expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
+        expect(Puppet).not_to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
+        provider.write_password_to_users_plist(pbkdf2_password_hash)
+      end
     end
-    it "should delete the SALTED-SHA512 key in the shadow_hash_data hash if it exists on a 10.8 system and write_password_to_users_plist has been called to set the user's password" do
-      expect(provider).to receive(:get_users_plist).and_return('users_plist')
-      expect(provider).to receive(:get_shadow_hash_data).with('users_plist').and_return(sha512_shadowhashdata)
-      expect(provider.class).to receive(:get_os_version).and_return('10.8')
-      expect(provider).to receive(:set_salted_pbkdf2).with('users_plist', {}, 'entropy', pbkdf2_password_hash)
-      provider.write_password_to_users_plist(pbkdf2_password_hash)
+    describe 'when on macOS version lower than 11' do
+      before do
+        allow(provider.class).to receive(:get_os_version)
+        allow(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
+      end
+      it 'should not add salted_sha512_pbkdf2 AuthenticationAuthority' do
+        expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
+        expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
+        expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
+        expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
+        expect(Puppet).not_to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
+        provider.write_password_to_users_plist(pbkdf2_password_hash)
+      end
+      it 'should call set_salted_sha512 on 10.7 when given a salted-SHA512 password hash' do
+        expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
+        expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(sha512_shadowhashdata)
+        expect(provider.class).to receive(:get_os_version).and_return('10.7')
+        expect(provider).to receive(:set_salted_sha512).with(sample_users_plist, sha512_shadowhashdata, sha512_password_hash)
+        provider.write_password_to_users_plist(sha512_password_hash)
+      end
+      it 'should call set_salted_pbkdf2 on 10.8 when given a PBKDF2 password hash' do
+        expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
+        expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
+        expect(provider.class).to receive(:get_os_version).and_return('10.8')
+        expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
+        provider.write_password_to_users_plist(pbkdf2_password_hash)
+      end
+      it "should delete the SALTED-SHA512 key in the shadow_hash_data hash if it exists on a 10.8 system and write_password_to_users_plist has been called to set the user's password" do
+        expect(provider).to receive(:get_users_plist).and_return('users_plist')
+        expect(provider).to receive(:get_shadow_hash_data).with('users_plist').and_return(sha512_shadowhashdata)
+        expect(provider.class).to receive(:get_os_version).and_return('10.8')
+        expect(provider).to receive(:set_salted_pbkdf2).with('users_plist', {}, 'entropy', pbkdf2_password_hash)
+        provider.write_password_to_users_plist(pbkdf2_password_hash)
+      end
     end
   end
@@ -974,16 +1021,7 @@ end
   describe '#set_shadow_hash_data' do
     let(:users_plist) { {'ShadowHashData' => ['string_data'] } }
-    it 'should flush the plist data to disk on OS X < 10.15' do
-      allow(provider.class).to receive(:get_os_version).and_return('10.12')
-      expect(provider).to receive(:write_users_plist_to_disk)
-      provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
-    end
-    it 'should flush the plist data a temporary file on OS X >= 10.15' do
-      allow(provider.class).to receive(:get_os_version).and_return('10.15')
+    it 'should flush the plist data to a temporary file' do
       expect(provider).to receive(:write_and_import_shadow_hash_data)
       provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
     end
@@ -1033,13 +1071,6 @@ end
     end
   end
-  describe '#write_users_plist_to_disk' do
-    it 'should save the passed plist to disk and convert it to a binary plist' do
-      expect(Puppet::Util::Plist).to receive(:write_plist_file).with(user_plist_xml, "#{users_plist_dir}/nonexistent_user.plist", :binary)
-      provider.write_users_plist_to_disk(user_plist_xml)
-    end
-  end
   describe '#write_and_import_shadow_hash_data' do
     it 'should save the passed plist to a temporary file and import it' do
       tmpfile = double('tempfile', :path => "/tmp/dsimport_#{username}", :flush => nil)
@@ -1111,7 +1142,7 @@ end
       provider.class.instance_variable_set(:@os_version, nil) if provider.class.instance_variable_defined? :@os_version
     end
-    it 'should call Facter.value(:macosx_productversion_major) ONLY ONCE no matter how ' +
+    it 'should call Puppet.runtime[:facter].value(:macosx_productversion_major) ONLY ONCE no matter how ' +
        'many times get_os_version() is called' do
       expect(Facter).to receive(:value).with(:macosx_productversion_major).once.and_return('10.8')
       expect(provider.class.get_os_version).to eq('10.8')
@@ -1203,6 +1234,7 @@ end
     before :each do
       allow(provider.class).to receive(:get_all_users).and_return(all_users_hash)
       allow(provider.class).to receive(:get_list_of_groups).and_return(group_plist_hash_guid)
+      allow(provider).to receive(:merge_attribute_with_dscl).with('Users', username, 'AuthenticationAuthority', any_args)
       provider.class.prefetch({})
     end

data/spec/unit/provider/user/useradd_spec.rb CHANGED Viewed

@@ -13,6 +13,7 @@ describe Puppet::Type.type(:user).provider(:useradd) do
     allow(described_class).to receive(:command).with(:localmodify).and_return('/usr/sbin/lusermod')
     allow(described_class).to receive(:command).with(:delete).and_return('/usr/sbin/userdel')
     allow(described_class).to receive(:command).with(:localdelete).and_return('/usr/sbin/luserdel')
+    allow(described_class).to receive(:command).with(:chpasswd).and_return('/usr/sbin/chpasswd')
   end
   let(:resource) do
@@ -62,7 +63,7 @@ describe Puppet::Type.type(:user).provider(:useradd) do
         :provider   => provider,
       )
       resource2[:ensure] = :present
-      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true)).twice
       provider.create
     end
@@ -208,7 +209,7 @@ describe Puppet::Type.type(:user).provider(:useradd) do
     end
     it "should call execute with sensitive if sensitive data is changed" do
-      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true)).and_return('')
       provider.password = 'bird bird bird'
     end
   end
@@ -351,6 +352,46 @@ describe Puppet::Type.type(:user).provider(:useradd) do
     end
   end
+  describe "#shell" do
+    before { described_class.has_feature :manages_local_users_and_groups }
+    let(:content) { "myuser:x:x:x:x:x:/bin/local_shell" }
+    it "should return the local shell string when forcelocal is true" do
+      resource[:forcelocal] = true
+      allow(Puppet::FileSystem).to receive(:exist?).with('/etc/passwd').and_return(true)
+      allow(Puppet::FileSystem).to receive(:each_line).with('/etc/passwd').and_yield(content)
+      expect(provider.shell).to eq('/bin/local_shell')
+    end
+    it "should fall back to nameservice shell string when forcelocal is false" do
+      resource[:forcelocal] = false
+      allow(provider).to receive(:get).with(:shell).and_return('/bin/remote_shell')
+      expect(provider).not_to receive(:localshell)
+      expect(provider.shell).to eq('/bin/remote_shell')
+    end
+  end
+  describe "#home" do
+    before { described_class.has_feature :manages_local_users_and_groups }
+    let(:content) { "myuser:x:x:x:x:/opt/local_home:x" }
+    it "should return the local home string when forcelocal is true" do
+      resource[:forcelocal] = true
+      allow(Puppet::FileSystem).to receive(:exist?).with('/etc/passwd').and_return(true)
+      allow(Puppet::FileSystem).to receive(:each_line).with('/etc/passwd').and_yield(content)
+      expect(provider.home).to eq('/opt/local_home')
+    end
+    it "should fall back to nameservice home string when forcelocal is false" do
+      resource[:forcelocal] = false
+      allow(provider).to receive(:get).with(:home).and_return('/opt/remote_home')
+      expect(provider).not_to receive(:localhome)
+      expect(provider.home).to eq('/opt/remote_home')
+    end
+  end
   describe "#gid" do
     before { described_class.has_feature :manages_local_users_and_groups }
@@ -375,21 +416,36 @@ describe Puppet::Type.type(:user).provider(:useradd) do
     before { described_class.has_feature :manages_local_users_and_groups }
     let(:content) do
-      <<~EOF
+      StringIO.new(<<~EOF)
       group1:x:0:myuser
       group2:x:999:
       group3:x:998:myuser
       EOF
     end
+    let(:content_with_empty_line) do
+      StringIO.new(<<~EOF)
+      group1:x:0:myuser
+      group2:x:999:
+      group3:x:998:myuser
+      EOF
+    end
     it "should return the local groups string when forcelocal is true" do
       resource[:forcelocal] = true
-      group1, group2, group3 = content.split
       allow(Puppet::FileSystem).to receive(:exist?).with('/etc/group').and_return(true)
-      allow(Puppet::FileSystem).to receive(:each_line).with('/etc/group').and_yield(group1).and_yield(group2).and_yield(group3)
+      allow(File).to receive(:open).with(Pathname.new('/etc/group')).and_yield(content)
       expect(provider.groups).to eq(['group1', 'group3'])
     end
+    it "does not raise when parsing empty lines in /etc/group" do
+      resource[:forcelocal] = true
+      allow(Puppet::FileSystem).to receive(:exist?).with('/etc/group').and_return(true)
+      allow(File).to receive(:open).with(Pathname.new('/etc/group')).and_yield(content_with_empty_line)
+      expect { provider.groups }.not_to raise_error
+    end
     it "should fall back to nameservice groups when forcelocal is false" do
       resource[:forcelocal] = false
       allow(Puppet::Util::POSIX).to receive(:groups_of).with('myuser').and_return(['remote groups'])