puppet 6.21.1 → 7.4.1

data/spec/unit/indirector/ssl_file_spec.rb

@@ -1,305 +0,0 @@
-require 'spec_helper'
-
-require 'puppet/indirector/ssl_file'
-
-describe Puppet::Indirector::SslFile do
-  include PuppetSpec::Files
-
-  before(:all) do
-    class Puppet::SslTestModel
-      extend Puppet::Indirector
-      indirects :ssl_test_model
-    end
-
-    class Puppet::SslTestModel::SslFile < Puppet::Indirector::SslFile
-    end
-
-    Puppet::SslTestModel.indirection.terminus_class = :ssl_file
-  end
-
-  after(:all) do
-    Puppet::SslTestModel.indirection.delete
-    Puppet.send(:remove_const, :SslTestModel)
-  end
-
-  let(:terminus_class) { Puppet::SslTestModel::SslFile }
-  let(:model) { Puppet::SslTestModel }
-
-  before :each do
-    @setting = :certdir
-    terminus_class.store_in @setting
-    terminus_class.store_at nil
-    @path = make_absolute("/thisdoesntexist/my_directory")
-    Puppet[:noop] = false
-    Puppet[@setting] = @path
-    Puppet[:trace] = false
-  end
-
-  after :each do
-    terminus_class.store_in nil
-    terminus_class.store_at nil
-  end
-
-  it "should use :main and :ssl upon initialization" do
-    expect(Puppet.settings).to receive(:use).with(:main, :ssl)
-    terminus_class.new
-  end
-
-  it "should return a nil collection directory if no directory setting has been provided" do
-    terminus_class.store_in nil
-    expect(terminus_class.collection_directory).to be_nil
-  end
-
-  it "should return a nil file location if no location has been provided" do
-    terminus_class.store_at nil
-    expect(terminus_class.file_location).to be_nil
-  end
-
-  it "should fail if no store directory or file location has been set" do
-    expect(Puppet.settings).to receive(:use).with(:main, :ssl)
-    terminus_class.store_in nil
-    terminus_class.store_at nil
-    expect {
-      terminus_class.new
-    }.to raise_error(Puppet::DevError, /No file or directory setting provided/)
-  end
-
-  describe "when managing ssl files" do
-    before do
-      allow(Puppet.settings).to receive(:use)
-      @searcher = terminus_class.new
-
-      @cert = double('certificate', :name => "myname")
-      @certpath = File.join(@path, "myname.pem")
-
-      @request = double('request', :key => @cert.name, :instance => @cert)
-    end
-
-    describe "when choosing the location for certificates" do
-      it "should set them at the file location if a file setting is available" do
-        terminus_class.store_in nil
-        terminus_class.store_at :hostcrl
-
-        Puppet[:hostcrl] = File.expand_path("/some/file")
-
-        expect(@searcher.path(@cert.name)).to eq(Puppet[:hostcrl])
-      end
-
-      it "should set them in the setting directory, with the certificate name plus '.pem', if a directory setting is available" do
-        expect(@searcher.path(@cert.name)).to eq(@certpath)
-      end
-
-      ['../foo', '..\\foo', './../foo', '.\\..\\foo',
-       '/foo', '//foo', '\\foo', '\\\\goo',
-       "test\0/../bar", "test\0\\..\\bar",
-       "..\\/bar", "/tmp/bar", "/tmp\\bar", "tmp\\bar",
-       " / bar", " /../ bar", " \\..\\ bar",
-       "c:\\foo", "c:/foo", "\\\\?\\UNC\\bar", "\\\\foo\\bar",
-       "\\\\?\\c:\\foo", "//?/UNC/bar", "//foo/bar",
-       "//?/c:/foo",
-      ].each do |input|
-        it "should resist directory traversal attacks (#{input.inspect})" do
-          expect { @searcher.path(input) }.to raise_error(ArgumentError, /invalid key/)
-        end
-      end
-
-      # REVISIT: Should probably test MS-DOS reserved names here, too, since
-      # they would represent a vulnerability on a Win32 system, should we ever
-      # support that path.  Don't forget that 'CON.foo' == 'CON'
-      # --daniel 2011-09-24
-    end
-
-    describe "when finding certificates on disk" do
-      describe "and no certificate is present" do
-        it "should return nil" do
-          expect(Puppet::FileSystem).to receive(:exist?).with(@path).and_return(true)
-          expect(Dir).to receive(:entries).with(@path).and_return([])
-          expect(Puppet::FileSystem).to receive(:exist?).with(@certpath).and_return(false)
-
-          expect(@searcher.find(@request)).to be_nil
-        end
-      end
-
-      describe "and a certificate is present" do
-        let(:cert) { double('cert') }
-        let(:model) { double('model') }
-
-        before(:each) do
-          allow(terminus_class).to receive(:model).and_return(model)
-        end
-
-        context "is readable" do
-          it "should return an instance of the model, which it should use to read the certificate" do
-            expect(Puppet::FileSystem).to receive(:exist?).with(@certpath).and_return(true)
-
-            expect(model).to receive(:new).with("myname").and_return(cert)
-            expect(cert).to receive(:read).with(@certpath)
-
-            expect(@searcher.find(@request)).to equal(cert)
-          end
-        end
-
-        context "is unreadable" do
-          it "should raise an exception" do
-            expect(Puppet::FileSystem).to receive(:exist?).with(@certpath).and_return(true)
-
-            expect(model).to receive(:new).with("myname").and_return(cert)
-            expect(cert).to receive(:read).with(@certpath).and_raise(Errno::EACCES)
-
-            expect {
-              @searcher.find(@request)
-            }.to raise_error(Errno::EACCES)
-          end
-        end
-      end
-
-      describe "and a certificate is present but has uppercase letters" do
-        before do
-          @request = double('request', :key => "myhost")
-        end
-
-        # This is kind of more an integration test; it's for #1382, until
-        # the support for upper-case certs can be removed around mid-2009.
-        it "should rename the existing file to the lower-case path" do
-          @path = @searcher.path("myhost")
-          expect(Puppet::FileSystem).to receive(:exist?).with(@path).and_return(false)
-          dir, file = File.split(@path)
-          expect(Puppet::FileSystem).to receive(:exist?).with(dir).and_return(true)
-          expect(Dir).to receive(:entries).with(dir).and_return([".", "..", "something.pem", file.upcase])
-
-          expect(File).to receive(:rename).with(File.join(dir, file.upcase), @path)
-
-          cert = double('cert')
-          model = double('model')
-          allow(@searcher).to receive(:model).and_return(model)
-          expect(@searcher.model).to receive(:new).with("myhost").and_return(cert)
-          expect(cert).to receive(:read).with(@path)
-
-          @searcher.find(@request)
-        end
-      end
-    end
-
-    describe "when saving certificates to disk" do
-      before do
-        allow(FileTest).to receive(:directory?).and_return(true)
-        allow(FileTest).to receive(:writable?).and_return(true)
-      end
-
-      it "should fail if the directory is absent" do
-        expect(FileTest).to receive(:directory?).with(File.dirname(@certpath)).and_return(false)
-        expect { @searcher.save(@request) }.to raise_error(Puppet::Error)
-      end
-
-      it "should fail if the directory is not writeable" do
-        allow(FileTest).to receive(:directory?).and_return(true)
-        expect(FileTest).to receive(:writable?).with(File.dirname(@certpath)).and_return(false)
-        expect { @searcher.save(@request) }.to raise_error(Puppet::Error)
-      end
-
-      it "should save to the path the output of converting the certificate to a string" do
-        fh = double('filehandle')
-        expect(fh).to receive(:print).with("mycert")
-
-        allow(@searcher).to receive(:write).and_yield(fh)
-        expect(@cert).to receive(:to_s).and_return("mycert")
-
-        @searcher.save(@request)
-      end
-
-      describe "and a directory setting is set" do
-        it "should use the Settings class to write the file" do
-          @searcher.class.store_in @setting
-          fh = double('filehandle')
-          allow(fh).to receive(:print)
-          expect(Puppet.settings.setting(@setting)).to receive(:open_file).with(@certpath, 'w:ASCII').and_yield(fh)
-
-          @searcher.save(@request)
-        end
-      end
-
-      describe "and a file location is set" do
-        it "should use the filehandle provided by the Settings" do
-          @searcher.class.store_at @setting
-
-          fh = double('filehandle')
-          allow(fh).to receive(:print)
-          expect(Puppet.settings.setting(@setting)).to receive(:open).with('w:ASCII').and_yield(fh)
-          @searcher.save(@request)
-        end
-      end
-    end
-
-    describe "when destroying certificates" do
-      describe "that do not exist" do
-        before do
-          expect(Puppet::FileSystem).to receive(:exist?).with(Puppet::FileSystem.pathname(@certpath)).and_return(false)
-        end
-
-        it "should return false" do
-          expect(@searcher.destroy(@request)).to be_falsey
-        end
-      end
-
-      describe "that exist" do
-        it "should unlink the certificate file" do
-          path = Puppet::FileSystem.pathname(@certpath)
-          expect(Puppet::FileSystem).to receive(:exist?).with(path).and_return(true)
-          expect(Puppet::FileSystem).to receive(:unlink).with(path)
-          @searcher.destroy(@request)
-        end
-
-        it "should log that is removing the file" do
-          allow(Puppet::FileSystem).to receive(:exist?).and_return(true)
-          allow(Puppet::FileSystem).to receive(:unlink)
-          expect(Puppet).to receive(:notice)
-          @searcher.destroy(@request)
-        end
-      end
-    end
-
-    describe "when searching for certificates" do
-      let(:one) { double('one') }
-      let(:two) { double('two') }
-      let(:one_path) { File.join(@path, 'one.pem') }
-      let(:two_path) { File.join(@path, 'two.pem') }
-      let(:model) { double('model') }
-
-      before :each do
-        allow(terminus_class).to receive(:model).and_return(model)
-      end
-
-      it "should return a certificate instance for all files that exist" do
-        expect(Dir).to receive(:entries).with(@path).and_return(%w{. .. one.pem two.pem})
-
-        expect(model).to receive(:new).with("one").and_return(one)
-        expect(one).to receive(:read).with(one_path)
-        expect(model).to receive(:new).with("two").and_return(two)
-        expect(two).to receive(:read).with(two_path)
-
-        expect(@searcher.search(@request)).to eq([one, two])
-      end
-
-      it "should raise an exception if any file is unreadable" do
-        expect(Dir).to receive(:entries).with(@path).and_return(%w{. .. one.pem two.pem})
-
-        expect(model).to receive(:new).with("one").and_return(one)
-        expect(one).to receive(:read).with(one_path)
-        expect(model).to receive(:new).with("two").and_return(two)
-        expect(two).to receive(:read).and_raise(Errno::EACCES)
-
-        expect {
-          @searcher.search(@request)
-        }.to raise_error(Errno::EACCES)
-      end
-
-      it "should skip any files that do not match /\.pem$/" do
-        expect(Dir).to receive(:entries).with(@path).and_return(%w{. .. one two.notpem})
-
-        expect(model).not_to receive(:new)
-
-        expect(@searcher.search(@request)).to eq([])
-      end
-    end
-  end
-end

data/spec/unit/indirector/status/local_spec.rb

@@ -1,10 +0,0 @@
-require 'spec_helper'
-
-require 'puppet/indirector/status/local'
-
-describe Puppet::Indirector::Status::Local do
-  it "should set the puppet version" do
-    Puppet::Status.indirection.terminus_class = :local
-    expect(Puppet::Status.indirection.find('*').version).to eq(Puppet.version)
-  end
-end

data/spec/unit/indirector/status/rest_spec.rb

@@ -1,50 +0,0 @@
-require 'spec_helper'
-
-require 'puppet/indirector/status/rest'
-
-describe Puppet::Indirector::Status::Rest do
-  let(:certname) { 'ziggy' }
-  let(:uri) { %r{/puppet/v3/status/ziggy} }
-  let(:formatter) { Puppet::Network::FormatHandler.format(:json) }
-
-  before :each do
-    Puppet[:server] = 'compiler.example.com'
-    Puppet[:serverport] = 8140
-
-    described_class.indirection.terminus_class = :rest
-  end
-
-  def status_response(node)
-    { body: formatter.render(node), headers: {'Content-Type' => formatter.mime } }
-  end
-
-  it 'finds server status' do
-    node = Puppet::Status.new(certname)
-
-    stub_request(:get, uri).to_return(**status_response(node))
-
-    expect(described_class.indirection.find(certname)).to be_a(Puppet::Status)
-  end
-
-  it 'returns nil if the node does not exist' do
-    stub_request(:get, uri).to_return(status: 404, headers: { 'Content-Type' => 'application/json' }, body: "{}")
-
-    expect(described_class.indirection.find(certname)).to be_nil
-  end
-
-  it 'raises if fail_on_404 is specified' do
-    stub_request(:get, uri).to_return(status: 404, headers: { 'Content-Type' => 'application/json' }, body: "{}")
-
-    expect{
-      described_class.indirection.find(certname, fail_on_404: true)
-    }.to raise_error(Puppet::Error, %r{Find /puppet/v3/status/ziggy resulted in 404 with the message: {}})
-  end
-
-  it 'raises Net::HTTPError on 500' do
-    stub_request(:get, uri).to_return(status: 500)
-
-    expect{
-      described_class.indirection.find(certname)
-    }.to raise_error(Net::HTTPError, %r{Error 500 on SERVER: })
-  end
-end

data/spec/unit/module_tool/applications/searcher_spec.rb

@@ -1,38 +0,0 @@
-require 'spec_helper'
-require 'puppet/module_tool/applications'
-require 'puppet_spec/modules'
-
-describe Puppet::ModuleTool::Applications::Searcher do
-  include PuppetSpec::Files
-
-  describe "when searching" do
-    let(:forge) { double('forge', :host => 'http://nowhe.re') }
-    let(:searcher) do
-      described_class.new('search_term', forge)
-    end
-
-    it "should return results from a forge query when successful" do
-      results = 'mock results'
-      expect(forge).to receive(:search).with('search_term').and_return(results)
-
-      search_result = searcher.run
-      expect(search_result).to eq({
-        :result => :success,
-        :answers => results,
-      })
-    end
-
-    it "should return an error when the forge query throws an exception" do
-      expect(forge).to receive(:search).with('search_term').and_raise(Puppet::Forge::Errors::ForgeError.new("something went wrong"))
-
-      search_result = searcher.run
-      expect(search_result).to eq({
-        :result => :failure,
-        :error => {
-          :oneline   => 'something went wrong',
-          :multiline => 'something went wrong',
-        },
-      })
-    end
-  end
-end

data/spec/unit/network/auth_config_parser_spec.rb

@@ -1,115 +0,0 @@
-require 'spec_helper'
-require 'puppet/network/auth_config_parser'
-require 'puppet/network/authconfig'
-
-describe Puppet::Network::AuthConfigParser do
-  include PuppetSpec::Files
-
-  let(:fake_authconfig) do
-    "path ~ ^/catalog/([^/])\nmethod find\nallow *\n"
-  end
-
-  describe "Basic Parser" do
-    it "should accept a string by default" do
-      expect(described_class.new(fake_authconfig).parse).to be_a_kind_of Puppet::Network::AuthConfig
-    end
-  end
-
-  describe "when parsing rights" do
-    it "skips comments" do
-      expect(described_class.new('  # comment\n').parse_rights).to be_empty
-    end
-
-    it "increments line number even on commented lines" do
-      expect(described_class.new("  # comment\npath /").parse_rights['/'].line).to eq(2)
-    end
-
-    it "skips blank lines" do
-      expect(described_class.new('  ').parse_rights).to be_empty
-    end
-
-    it "increments line number even on blank lines" do
-      expect(described_class.new("  \npath /").parse_rights['/'].line).to eq(2)
-    end
-
-    it "does not throw an error if the same path appears twice" do
-      expect {
-        described_class.new("path /hello\npath /hello").parse_rights
-      }.to_not raise_error
-    end
-
-    it "should create a new right for each found path line" do
-      expect(described_class.new('path /certificates').parse_rights['/certificates']).to be
-    end
-
-    it "should create a new right for each found regex line" do
-      expect(described_class.new('path ~ .rb$').parse_rights['.rb$']).to be
-    end
-
-    it "should strip whitespace around ACE" do
-      expect_any_instance_of(Puppet::Network::Rights::Right).to receive(:allow).with('127.0.0.1')
-      expect_any_instance_of(Puppet::Network::Rights::Right).to receive(:allow).with('172.16.10.0')
-
-      described_class.new("path /\n allow 127.0.0.1 , 172.16.10.0  ").parse_rights
-    end
-
-    it "should allow ACE inline comments" do
-      expect_any_instance_of(Puppet::Network::Rights::Right).to receive(:allow).with('127.0.0.1')
-
-      described_class.new("path /\n allow 127.0.0.1 # will it work?").parse_rights
-    end
-
-    it "should create an allow ACE on each subsequent allow" do
-      expect_any_instance_of(Puppet::Network::Rights::Right).to receive(:allow).with('127.0.0.1')
-
-      described_class.new("path /\nallow 127.0.0.1").parse_rights
-    end
-
-    it "should create a deny ACE on each subsequent deny" do
-      expect_any_instance_of(Puppet::Network::Rights::Right).to receive(:deny).with('127.0.0.1')
-
-      described_class.new("path /\ndeny 127.0.0.1").parse_rights
-    end
-
-    it "should inform the current ACL if we get the 'method' directive" do
-      expect_any_instance_of(Puppet::Network::Rights::Right).to receive(:restrict_method).with('search')
-      expect_any_instance_of(Puppet::Network::Rights::Right).to receive(:restrict_method).with('find')
-
-      described_class.new("path /certificates\nmethod search,find").parse_rights
-    end
-
-    it "should inform the current ACL if we get the 'environment' directive" do
-      expect_any_instance_of(Puppet::Network::Rights::Right).to receive(:restrict_environment).with('production')
-      expect_any_instance_of(Puppet::Network::Rights::Right).to receive(:restrict_environment).with('development')
-
-      described_class.new("path /certificates\nenvironment production,development").parse_rights
-    end
-
-    it "should inform the current ACL if we get the 'auth' directive" do
-      expect_any_instance_of(Puppet::Network::Rights::Right).to receive(:restrict_authenticated).with('yes')
-
-      described_class.new("path /certificates\nauth yes").parse_rights
-    end
-
-    it "should also allow the long form 'authenticated' directive" do
-      expect_any_instance_of(Puppet::Network::Rights::Right).to receive(:restrict_authenticated).with('yes')
-
-      described_class.new("path /certificates\nauthenticated yes").parse_rights
-    end
-  end
-
-  describe "when parsing rights from files" do
-    it "can read UTF-8" do
-      rune_path = "/\u16A0\u16C7\u16BB" # ᚠᛇᚻ
-      config = tmpfile('config')
-
-      File.open(config, 'w', :encoding => 'utf-8') do |file|
-        file.puts <<-EOF
-path #{rune_path}
-      EOF
-    end
-
-      expect(described_class.new_from_file(config).parse_rights[rune_path]).to be
-    end
-  end
-end