puppet 6.22.1-universal-darwin → 6.25.1-universal-darwin
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +5 -5
- data/Gemfile +2 -2
- data/Gemfile.lock +20 -20
- data/README.md +4 -4
- data/{ext → examples/enc}/regexp_nodes/classes/databases +0 -0
- data/{ext → examples/enc}/regexp_nodes/classes/webservers +0 -0
- data/{ext → examples/enc}/regexp_nodes/environment/development +0 -0
- data/{ext → examples/enc}/regexp_nodes/parameters/service/prod +0 -0
- data/{ext → examples/enc}/regexp_nodes/parameters/service/qa +0 -0
- data/{ext → examples/enc}/regexp_nodes/parameters/service/sandbox +0 -0
- data/{ext → examples/enc}/regexp_nodes/regexp_nodes.rb +0 -0
- data/{ext → examples}/nagios/check_puppet.rb +2 -2
- data/ext/README.md +13 -0
- data/ext/osx/puppet.plist +2 -0
- data/ext/project_data.yaml +1 -0
- data/lib/puppet/application/agent.rb +16 -5
- data/lib/puppet/application/apply.rb +22 -3
- data/lib/puppet/application/device.rb +2 -1
- data/lib/puppet/application/filebucket.rb +1 -0
- data/lib/puppet/application/resource.rb +32 -16
- data/lib/puppet/application/script.rb +2 -1
- data/lib/puppet/application/ssl.rb +1 -0
- data/lib/puppet/concurrent/thread_local_singleton.rb +1 -0
- data/lib/puppet/configurer/downloader.rb +2 -1
- data/lib/puppet/configurer.rb +144 -56
- data/lib/puppet/confine/variable.rb +1 -1
- data/lib/puppet/defaults.rb +47 -33
- data/lib/puppet/environments.rb +75 -25
- data/lib/puppet/face/facts.rb +1 -1
- data/lib/puppet/face/help/action.erb +1 -0
- data/lib/puppet/face/help/face.erb +1 -0
- data/lib/puppet/face/node/clean.rb +11 -0
- data/lib/puppet/facter_impl.rb +96 -0
- data/lib/puppet/file_serving/configuration/parser.rb +2 -0
- data/lib/puppet/file_serving/configuration.rb +3 -0
- data/lib/puppet/file_serving/fileset.rb +14 -2
- data/lib/puppet/file_serving/mount/file.rb +4 -4
- data/lib/puppet/file_serving/mount/scripts.rb +24 -0
- data/lib/puppet/file_system/file_impl.rb +3 -1
- data/lib/puppet/file_system/windows.rb +2 -2
- data/lib/puppet/forge.rb +4 -4
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/empty.rb +8 -0
- data/lib/puppet/functions/find_template.rb +2 -2
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +13 -5
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/partition.rb +4 -4
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/strftime.rb +1 -0
- data/lib/puppet/functions/tree_each.rb +7 -9
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/unwrap.rb +17 -2
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/http/client.rb +1 -1
- data/lib/puppet/http/redirector.rb +5 -0
- data/lib/puppet/http/resolver/server_list.rb +15 -4
- data/lib/puppet/http/service/compiler.rb +75 -1
- data/lib/puppet/http/service/file_server.rb +2 -1
- data/lib/puppet/indirector/catalog/compiler.rb +25 -6
- data/lib/puppet/indirector/catalog/rest.rb +1 -0
- data/lib/puppet/indirector/facts/facter.rb +6 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/resource/ral.rb +6 -1
- data/lib/puppet/indirector/terminus.rb +4 -0
- data/lib/puppet/interface/documentation.rb +1 -0
- data/lib/puppet/module/plan.rb +0 -1
- data/lib/puppet/module/task.rb +1 -1
- data/lib/puppet/module.rb +1 -0
- data/lib/puppet/module_tool/applications/installer.rb +12 -4
- data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
- data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
- data/lib/puppet/module_tool/errors/shared.rb +17 -0
- data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
- data/lib/puppet/node/environment.rb +10 -11
- data/lib/puppet/pal/pal_impl.rb +1 -1
- data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
- data/lib/puppet/parser/resource.rb +1 -1
- data/lib/puppet/parser/scope.rb +1 -0
- data/lib/puppet/parser/templatewrapper.rb +1 -0
- data/lib/puppet/pops/evaluator/closure.rb +7 -5
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +1 -0
- data/lib/puppet/pops/lookup/lookup_adapter.rb +3 -2
- data/lib/puppet/pops/model/ast.rb +1 -0
- data/lib/puppet/pops/model/factory.rb +2 -1
- data/lib/puppet/pops/parser/eparser.rb +201 -201
- data/lib/puppet/pops/parser/lexer2.rb +92 -91
- data/lib/puppet/pops/parser/slurp_support.rb +1 -0
- data/lib/puppet/pops/serialization/to_data_converter.rb +18 -6
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
- data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
- data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
- data/lib/puppet/pops/types/type_formatter.rb +4 -3
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/pops/types/types.rb +1 -1
- data/lib/puppet/provider/aix_object.rb +1 -1
- data/lib/puppet/provider/exec/posix.rb +16 -4
- data/lib/puppet/provider/group/groupadd.rb +5 -2
- data/lib/puppet/provider/package/nim.rb +11 -6
- data/lib/puppet/provider/package/pip.rb +15 -3
- data/lib/puppet/provider/package/pkg.rb +19 -2
- data/lib/puppet/provider/package/puppetserver_gem.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/parsedfile.rb +3 -0
- data/lib/puppet/provider/service/base.rb +1 -1
- data/lib/puppet/provider/service/init.rb +5 -5
- data/lib/puppet/provider/service/launchd.rb +2 -2
- data/lib/puppet/provider/service/redhat.rb +1 -1
- data/lib/puppet/provider/service/smf.rb +3 -3
- data/lib/puppet/provider/service/systemd.rb +15 -5
- data/lib/puppet/provider/service/upstart.rb +5 -5
- data/lib/puppet/provider/service/windows.rb +38 -0
- data/lib/puppet/provider/user/aix.rb +44 -1
- data/lib/puppet/provider/user/directoryservice.rb +26 -13
- data/lib/puppet/provider/user/useradd.rb +72 -16
- data/lib/puppet/provider.rb +1 -1
- data/lib/puppet/reference/configuration.rb +1 -1
- data/lib/puppet/reference/providers.rb +2 -2
- data/lib/puppet/resource/catalog.rb +1 -1
- data/lib/puppet/resource/type_collection.rb +1 -0
- data/lib/puppet/resource.rb +38 -5
- data/lib/puppet/runtime.rb +11 -1
- data/lib/puppet/settings.rb +32 -9
- data/lib/puppet/test/test_helper.rb +4 -1
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/transaction/persistence.rb +11 -1
- data/lib/puppet/transaction/report.rb +15 -1
- data/lib/puppet/type/exec.rb +35 -5
- data/lib/puppet/type/file/mode.rb +6 -0
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/file.rb +25 -7
- data/lib/puppet/type/filebucket.rb +3 -3
- data/lib/puppet/type/group.rb +0 -1
- data/lib/puppet/type/resources.rb +1 -1
- data/lib/puppet/type/service.rb +26 -41
- data/lib/puppet/type/tidy.rb +22 -3
- data/lib/puppet/type/user.rb +38 -21
- data/lib/puppet/type.rb +1 -1
- data/lib/puppet/util/command_line.rb +1 -1
- data/lib/puppet/util/filetype.rb +2 -2
- data/lib/puppet/util/json.rb +3 -0
- data/lib/puppet/util/log.rb +1 -2
- data/lib/puppet/util/logging.rb +1 -25
- data/lib/puppet/util/pidlock.rb +1 -1
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
- data/lib/puppet/util/selinux.rb +30 -4
- data/lib/puppet/util/suidmanager.rb +1 -2
- data/lib/puppet/util/symbolic_file_mode.rb +29 -17
- data/lib/puppet/util/tagging.rb +1 -0
- data/lib/puppet/util/windows/service.rb +0 -5
- data/lib/puppet/util/windows/sid.rb +3 -1
- data/lib/puppet/util/windows/user.rb +0 -2
- data/lib/puppet/util/windows.rb +3 -0
- data/lib/puppet/util.rb +4 -3
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet.rb +5 -9
- data/locales/puppet.pot +408 -364
- data/man/man5/puppet.conf.5 +303 -275
- data/man/man8/puppet-agent.8 +4 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +8 -8
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +7 -7
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +3 -3
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +4 -4
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +2 -1
- data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +3 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +4 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +3 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +8 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +25 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +19 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +20 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +8 -0
- data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
- data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/ca.pem +57 -35
- data/spec/fixtures/ssl/crl.pem +28 -18
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +33 -24
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +108 -58
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
- data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
- data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
- data/spec/fixtures/ssl/intermediate.pem +57 -36
- data/spec/fixtures/ssl/oid-key.pem +117 -0
- data/spec/fixtures/ssl/oid.pem +69 -0
- data/spec/fixtures/ssl/pluto-key.pem +107 -57
- data/spec/fixtures/ssl/pluto.pem +52 -30
- data/spec/fixtures/ssl/request-key.pem +107 -57
- data/spec/fixtures/ssl/request.pem +47 -26
- data/spec/fixtures/ssl/revoked-key.pem +107 -57
- data/spec/fixtures/ssl/revoked.pem +52 -30
- data/spec/fixtures/ssl/signed-key.pem +107 -57
- data/spec/fixtures/ssl/signed.pem +52 -30
- data/spec/fixtures/ssl/tampered-cert.pem +52 -30
- data/spec/fixtures/ssl/tampered-csr.pem +47 -26
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
- data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-ca.pem +55 -33
- data/spec/integration/application/agent_spec.rb +141 -37
- data/spec/integration/application/filebucket_spec.rb +16 -0
- data/spec/integration/application/module_spec.rb +21 -0
- data/spec/integration/application/resource_spec.rb +64 -0
- data/spec/integration/application/ssl_spec.rb +20 -0
- data/spec/integration/configurer_spec.rb +18 -2
- data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
- data/spec/integration/indirector/facts/facter_spec.rb +93 -39
- data/spec/integration/l10n/compiler_spec.rb +37 -0
- data/spec/integration/parser/pcore_resource_spec.rb +10 -0
- data/spec/integration/transaction/report_spec.rb +1 -1
- data/spec/integration/type/exec_spec.rb +70 -45
- data/spec/integration/type/file_spec.rb +2 -2
- data/spec/integration/type/package_spec.rb +6 -6
- data/spec/integration/util/rdoc/parser_spec.rb +1 -1
- data/spec/integration/util/windows/process_spec.rb +1 -9
- data/spec/lib/puppet/test_ca.rb +7 -2
- data/spec/lib/puppet_spec/modules.rb +13 -2
- data/spec/lib/puppet_spec/puppetserver.rb +15 -0
- data/spec/lib/puppet_spec/settings.rb +1 -0
- data/spec/shared_behaviours/documentation_on_faces.rb +0 -2
- data/spec/shared_contexts/l10n.rb +27 -0
- data/spec/spec_helper.rb +1 -10
- data/spec/unit/application/agent_spec.rb +7 -2
- data/spec/unit/application/apply_spec.rb +76 -56
- data/spec/unit/application/resource_spec.rb +29 -0
- data/spec/unit/configurer/downloader_spec.rb +6 -0
- data/spec/unit/configurer_spec.rb +256 -57
- data/spec/unit/defaults_spec.rb +1 -0
- data/spec/unit/environments_spec.rb +184 -0
- data/spec/unit/facter_impl_spec.rb +31 -0
- data/spec/unit/file_bucket/dipper_spec.rb +2 -2
- data/spec/unit/file_serving/configuration/parser_spec.rb +23 -0
- data/spec/unit/file_serving/configuration_spec.rb +14 -4
- data/spec/unit/file_serving/fileset_spec.rb +60 -0
- data/spec/unit/file_serving/mount/scripts_spec.rb +69 -0
- data/spec/unit/file_system_spec.rb +13 -0
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +10 -0
- data/spec/unit/functions/logging_spec.rb +1 -0
- data/spec/unit/functions/lookup_spec.rb +64 -0
- data/spec/unit/functions/unwrap_spec.rb +8 -0
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/gettext/config_spec.rb +12 -0
- data/spec/unit/http/client_spec.rb +58 -1
- data/spec/unit/http/service/compiler_spec.rb +131 -0
- data/spec/unit/indirector/catalog/compiler_spec.rb +101 -10
- data/spec/unit/indirector/catalog/rest_spec.rb +8 -0
- data/spec/unit/indirector/indirection_spec.rb +10 -3
- data/spec/unit/indirector/resource/ral_spec.rb +40 -75
- data/spec/unit/interface/action_spec.rb +0 -9
- data/spec/unit/module_spec.rb +15 -1
- data/spec/unit/module_tool/applications/installer_spec.rb +51 -12
- data/spec/unit/network/authstore_spec.rb +0 -15
- data/spec/unit/network/formats_spec.rb +6 -0
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
- data/spec/unit/parser/templatewrapper_spec.rb +12 -2
- data/spec/unit/pops/parser/parse_containers_spec.rb +0 -11
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +58 -0
- data/spec/unit/pops/serialization/to_stringified_spec.rb +5 -0
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -0
- data/spec/unit/provider/package/gem_spec.rb +1 -1
- data/spec/unit/provider/package/nim_spec.rb +42 -0
- data/spec/unit/provider/package/pip2_spec.rb +1 -1
- data/spec/unit/provider/package/pip3_spec.rb +1 -1
- data/spec/unit/provider/package/pip_spec.rb +38 -1
- data/spec/unit/provider/package/pkg_spec.rb +29 -4
- data/spec/unit/provider/package/puppet_gem_spec.rb +1 -1
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +1 -1
- data/spec/unit/provider/parsedfile_spec.rb +10 -0
- data/spec/unit/provider/service/init_spec.rb +1 -0
- data/spec/unit/provider/service/launchd_spec.rb +11 -0
- data/spec/unit/provider/service/openwrt_spec.rb +3 -1
- data/spec/unit/provider/service/systemd_spec.rb +43 -9
- data/spec/unit/provider/service/windows_spec.rb +202 -0
- data/spec/unit/provider/user/aix_spec.rb +100 -0
- data/spec/unit/provider/user/directoryservice_spec.rb +68 -36
- data/spec/unit/provider/user/useradd_spec.rb +43 -2
- data/spec/unit/provider_spec.rb +4 -4
- data/spec/unit/puppet_spec.rb +12 -4
- data/spec/unit/resource/catalog_spec.rb +14 -1
- data/spec/unit/resource_spec.rb +58 -2
- data/spec/unit/settings_spec.rb +97 -56
- data/spec/unit/ssl/certificate_request_spec.rb +8 -14
- data/spec/unit/ssl/state_machine_spec.rb +19 -5
- data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
- data/spec/unit/transaction_spec.rb +18 -20
- data/spec/unit/type/exec_spec.rb +76 -29
- data/spec/unit/type/file/selinux_spec.rb +3 -3
- data/spec/unit/type/file/source_spec.rb +4 -4
- data/spec/unit/type/service_spec.rb +86 -188
- data/spec/unit/type/tidy_spec.rb +24 -7
- data/spec/unit/type/user_spec.rb +45 -0
- data/spec/unit/type_spec.rb +2 -2
- data/spec/unit/util/logging_spec.rb +2 -0
- data/spec/unit/util/selinux_spec.rb +87 -16
- data/spec/unit/util/windows/sid_spec.rb +39 -4
- data/tasks/generate_cert_fixtures.rake +12 -3
- data/tasks/parallel.rake +3 -3
- metadata +49 -95
- data/ext/README.environment +0 -8
- data/ext/dbfix.sql +0 -132
- data/ext/debian/README.Debian +0 -8
- data/ext/debian/README.source +0 -2
- data/ext/debian/TODO.Debian +0 -1
- data/ext/debian/changelog.erb +0 -1122
- data/ext/debian/compat +0 -1
- data/ext/debian/control +0 -144
- data/ext/debian/copyright +0 -339
- data/ext/debian/docs +0 -1
- data/ext/debian/fileserver.conf +0 -41
- data/ext/debian/puppet-common.dirs +0 -13
- data/ext/debian/puppet-common.install +0 -3
- data/ext/debian/puppet-common.lintian-overrides +0 -5
- data/ext/debian/puppet-common.manpages +0 -28
- data/ext/debian/puppet-common.postinst +0 -35
- data/ext/debian/puppet-common.postrm +0 -33
- data/ext/debian/puppet-el.dirs +0 -1
- data/ext/debian/puppet-el.emacsen-install +0 -25
- data/ext/debian/puppet-el.emacsen-remove +0 -11
- data/ext/debian/puppet-el.emacsen-startup +0 -9
- data/ext/debian/puppet-el.install +0 -1
- data/ext/debian/puppet-testsuite.install +0 -2
- data/ext/debian/puppet-testsuite.lintian-overrides +0 -4
- data/ext/debian/puppet.lintian-overrides +0 -3
- data/ext/debian/puppet.logrotate +0 -20
- data/ext/debian/puppet.postinst +0 -20
- data/ext/debian/puppet.postrm +0 -20
- data/ext/debian/puppet.preinst +0 -20
- data/ext/debian/puppetmaster-common.install +0 -2
- data/ext/debian/puppetmaster-common.manpages +0 -2
- data/ext/debian/puppetmaster-common.postinst +0 -6
- data/ext/debian/puppetmaster-passenger.dirs +0 -4
- data/ext/debian/puppetmaster-passenger.postinst +0 -162
- data/ext/debian/puppetmaster-passenger.postrm +0 -61
- data/ext/debian/puppetmaster.README.debian +0 -17
- data/ext/debian/puppetmaster.default +0 -14
- data/ext/debian/puppetmaster.init +0 -137
- data/ext/debian/puppetmaster.lintian-overrides +0 -3
- data/ext/debian/puppetmaster.postinst +0 -20
- data/ext/debian/puppetmaster.postrm +0 -5
- data/ext/debian/puppetmaster.preinst +0 -22
- data/ext/debian/rules +0 -132
- data/ext/debian/source/format +0 -1
- data/ext/debian/source/options +0 -1
- data/ext/debian/vim-puppet.README.Debian +0 -13
- data/ext/debian/vim-puppet.dirs +0 -5
- data/ext/debian/vim-puppet.yaml +0 -7
- data/ext/debian/watch +0 -2
- data/ext/freebsd/puppetd +0 -26
- data/ext/freebsd/puppetmasterd +0 -26
- data/ext/gentoo/conf.d/puppet +0 -5
- data/ext/gentoo/conf.d/puppetmaster +0 -12
- data/ext/gentoo/init.d/puppet +0 -38
- data/ext/gentoo/init.d/puppetmaster +0 -51
- data/ext/gentoo/puppet/fileserver.conf +0 -41
- data/ext/ips/puppet-agent +0 -44
- data/ext/ips/puppet-master +0 -44
- data/ext/ips/puppet.p5m.erb +0 -12
- data/ext/ips/puppetagent.xml +0 -42
- data/ext/ips/puppetmaster.xml +0 -42
- data/ext/ips/rules +0 -19
- data/ext/ips/transforms +0 -34
- data/ext/ldap/puppet.schema +0 -24
- data/ext/logcheck/puppet +0 -23
- data/ext/osx/file_mapping.yaml +0 -33
- data/ext/osx/postflight.erb +0 -109
- data/ext/osx/preflight.erb +0 -52
- data/ext/osx/prototype.plist.erb +0 -38
- data/ext/redhat/fileserver.conf +0 -41
- data/ext/redhat/logrotate +0 -21
- data/ext/redhat/puppet.spec.erb +0 -842
- data/ext/redhat/server.init +0 -128
- data/ext/redhat/server.sysconfig +0 -13
- data/ext/solaris/pkginfo +0 -6
- data/ext/solaris/smf/puppetd.xml +0 -77
- data/ext/solaris/smf/puppetmasterd.xml +0 -77
- data/ext/solaris/smf/svc-puppetd +0 -71
- data/ext/solaris/smf/svc-puppetmasterd +0 -67
- data/ext/suse/puppet.spec +0 -310
- data/ext/suse/server.init +0 -173
- data/ext/yaml_nodes.rb +0 -105
- data/spec/unit/indirector/store_configs_spec.rb +0 -7
@@ -34,7 +34,7 @@ describe 'Puppet::Type::Service::Provider::Systemd',
|
|
34
34
|
end
|
35
35
|
end
|
36
36
|
|
37
|
-
[7, 8].each do |ver|
|
37
|
+
[7, 8, 9].each do |ver|
|
38
38
|
it "should be the default provider on rhel#{ver}" do
|
39
39
|
allow(Facter).to receive(:value).with(:osfamily).and_return(:redhat)
|
40
40
|
allow(Facter).to receive(:value).with(:operatingsystem).and_return(:redhat)
|
@@ -357,6 +357,9 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
|
|
357
357
|
describe "#mask" do
|
358
358
|
it "should run systemctl to disable and mask a service" do
|
359
359
|
provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
|
360
|
+
expect(provider).to receive(:execute).
|
361
|
+
with(['/bin/systemctl','cat', '--', 'sshd.service'], :failonfail => false).
|
362
|
+
and_return(Puppet::Util::Execution::ProcessOutput.new("# /lib/systemd/system/sshd.service\n...", 0))
|
360
363
|
# :disable is the only call in the provider that uses a symbol instead of
|
361
364
|
# a string.
|
362
365
|
# This should be made consistent in the future and all tests updated.
|
@@ -364,6 +367,15 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
|
|
364
367
|
expect(provider).to receive(:systemctl).with(:mask, '--', 'sshd.service')
|
365
368
|
provider.mask
|
366
369
|
end
|
370
|
+
|
371
|
+
it "masks a service that doesn't exist" do
|
372
|
+
provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'doesnotexist.service'))
|
373
|
+
expect(provider).to receive(:execute).
|
374
|
+
with(['/bin/systemctl','cat', '--', 'doesnotexist.service'], :failonfail => false).
|
375
|
+
and_return(Puppet::Util::Execution::ProcessOutput.new("No files found for doesnotexist.service.\n", 1))
|
376
|
+
expect(provider).to receive(:systemctl).with(:mask, '--', 'doesnotexist.service')
|
377
|
+
provider.mask
|
378
|
+
end
|
367
379
|
end
|
368
380
|
|
369
381
|
# Note: systemd provider does not care about hasstatus or a custom status
|
@@ -467,17 +479,39 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
|
|
467
479
|
context 'when service state is static' do
|
468
480
|
let(:service_state) { 'static' }
|
469
481
|
|
470
|
-
|
471
|
-
|
472
|
-
|
482
|
+
context 'when enable is not mask' do
|
483
|
+
it 'is always enabled_insync even if current value is the same as expected' do
|
484
|
+
expect(provider).to be_enabled_insync(:false)
|
485
|
+
end
|
473
486
|
|
474
|
-
|
475
|
-
|
487
|
+
it 'is always enabled_insync even if current value is not the same as expected' do
|
488
|
+
expect(provider).to be_enabled_insync(:true)
|
489
|
+
end
|
490
|
+
|
491
|
+
it 'logs a debug messsage' do
|
492
|
+
expect(Puppet).to receive(:debug).with("Unable to enable or disable static service sshd.service")
|
493
|
+
provider.enabled_insync?(:true)
|
494
|
+
end
|
476
495
|
end
|
477
496
|
|
478
|
-
|
479
|
-
|
480
|
-
|
497
|
+
context 'when enable is mask' do
|
498
|
+
let(:provider) do
|
499
|
+
provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service',
|
500
|
+
:enable => 'mask'))
|
501
|
+
end
|
502
|
+
|
503
|
+
it 'is enabled_insync if current value is the same as expected' do
|
504
|
+
expect(provider).to be_enabled_insync(:mask)
|
505
|
+
end
|
506
|
+
|
507
|
+
it 'is not enabled_insync if current value is not the same as expected' do
|
508
|
+
expect(provider).not_to be_enabled_insync(:true)
|
509
|
+
end
|
510
|
+
|
511
|
+
it 'logs no debug messsage' do
|
512
|
+
expect(Puppet).not_to receive(:debug)
|
513
|
+
provider.enabled_insync?(:true)
|
514
|
+
end
|
481
515
|
end
|
482
516
|
end
|
483
517
|
|
@@ -271,4 +271,206 @@ describe 'Puppet::Type::Service::Provider::Windows',
|
|
271
271
|
}.to raise_error(Puppet::Error, /Cannot enable #{name}/)
|
272
272
|
end
|
273
273
|
end
|
274
|
+
|
275
|
+
describe "when managing logon credentials" do
|
276
|
+
before do
|
277
|
+
allow(Puppet::Util::Windows::ADSI).to receive(:computer_name).and_return(computer_name)
|
278
|
+
allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(principal)
|
279
|
+
allow(Puppet::Util::Windows::Service).to receive(:set_startup_configuration).and_return(nil)
|
280
|
+
end
|
281
|
+
|
282
|
+
let(:computer_name) { 'myPC' }
|
283
|
+
|
284
|
+
describe "#logonaccount=" do
|
285
|
+
before do
|
286
|
+
allow(Puppet::Util::Windows::User).to receive(:password_is?).and_return(true)
|
287
|
+
resource[:logonaccount] = user_input
|
288
|
+
provider.logonaccount_insync?(user_input)
|
289
|
+
end
|
290
|
+
|
291
|
+
let(:user_input) { principal.account }
|
292
|
+
let(:principal) do
|
293
|
+
Puppet::Util::Windows::SID::Principal.new("myUser", nil, nil, computer_name, :SidTypeUser)
|
294
|
+
end
|
295
|
+
|
296
|
+
context "when given user is 'myUser'" do
|
297
|
+
it "should fail when the `Log On As A Service` right is missing from given user" do
|
298
|
+
allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("")
|
299
|
+
expect { provider.logonaccount=(user_input) }.to raise_error(Puppet::Error, /".\\#{principal.account}" is missing the 'Log On As A Service' right./)
|
300
|
+
end
|
301
|
+
|
302
|
+
it "should fail when the `Log On As A Service` right is set to denied for given user" do
|
303
|
+
allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("SeDenyServiceLogonRight")
|
304
|
+
expect { provider.logonaccount=(user_input) }.to raise_error(Puppet::Error, /".\\#{principal.account}" has the 'Log On As A Service' right set to denied./)
|
305
|
+
end
|
306
|
+
|
307
|
+
it "should not fail when given user has the `Log On As A Service` right" do
|
308
|
+
allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("SeServiceLogonRight")
|
309
|
+
expect { provider.logonaccount=(user_input) }.not_to raise_error
|
310
|
+
end
|
311
|
+
|
312
|
+
['myUser', 'myPC\\myUser', ".\\myUser", "MYPC\\mYuseR"].each do |user_input_variant|
|
313
|
+
let(:user_input) { user_input_variant }
|
314
|
+
|
315
|
+
it "should succesfully munge #{user_input_variant} to '.\\myUser'" do
|
316
|
+
allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("SeServiceLogonRight")
|
317
|
+
expect { provider.logonaccount=(user_input) }.not_to raise_error
|
318
|
+
expect(resource[:logonaccount]).to eq(".\\myUser")
|
319
|
+
end
|
320
|
+
end
|
321
|
+
end
|
322
|
+
|
323
|
+
context "when given user is a system account" do
|
324
|
+
before do
|
325
|
+
allow(Puppet::Util::Windows::User).to receive(:default_system_account?).and_return(true)
|
326
|
+
end
|
327
|
+
|
328
|
+
let(:user_input) { principal.account }
|
329
|
+
let(:principal) do
|
330
|
+
Puppet::Util::Windows::SID::Principal.new("LOCAL SERVICE", nil, nil, "NT AUTHORITY", :SidTypeUser)
|
331
|
+
end
|
332
|
+
|
333
|
+
it "should not fail when given user is a default system account even if the `Log On As A Service` right is missing" do
|
334
|
+
expect(Puppet::Util::Windows::User).not_to receive(:get_rights)
|
335
|
+
expect { provider.logonaccount=(user_input) }.not_to raise_error
|
336
|
+
end
|
337
|
+
|
338
|
+
['LocalSystem', '.\LocalSystem', 'myPC\LocalSystem', 'lOcALsysTem'].each do |user_input_variant|
|
339
|
+
let(:user_input) { user_input_variant }
|
340
|
+
|
341
|
+
it "should succesfully munge #{user_input_variant} to 'LocalSystem'" do
|
342
|
+
expect { provider.logonaccount=(user_input) }.not_to raise_error
|
343
|
+
expect(resource[:logonaccount]).to eq('LocalSystem')
|
344
|
+
end
|
345
|
+
end
|
346
|
+
end
|
347
|
+
|
348
|
+
context "when domain is different from computer name" do
|
349
|
+
before do
|
350
|
+
allow(Puppet::Util::Windows::User).to receive(:get_rights).and_return("SeServiceLogonRight")
|
351
|
+
end
|
352
|
+
|
353
|
+
context "when given user is from AD" do
|
354
|
+
let(:user_input) { 'myRemoteUser' }
|
355
|
+
let(:principal) do
|
356
|
+
Puppet::Util::Windows::SID::Principal.new("myRemoteUser", nil, nil, "AD", :SidTypeUser)
|
357
|
+
end
|
358
|
+
|
359
|
+
it "should not raise any error" do
|
360
|
+
expect { provider.logonaccount=(user_input) }.not_to raise_error
|
361
|
+
end
|
362
|
+
|
363
|
+
it "should succesfully be munged" do
|
364
|
+
expect { provider.logonaccount=(user_input) }.not_to raise_error
|
365
|
+
expect(resource[:logonaccount]).to eq('AD\myRemoteUser')
|
366
|
+
end
|
367
|
+
end
|
368
|
+
|
369
|
+
context "when given user is LocalService" do
|
370
|
+
let(:user_input) { 'LocalService' }
|
371
|
+
let(:principal) do
|
372
|
+
Puppet::Util::Windows::SID::Principal.new("LOCAL SERVICE", nil, nil, "NT AUTHORITY", :SidTypeWellKnownGroup)
|
373
|
+
end
|
374
|
+
|
375
|
+
it "should succesfully munge well known user" do
|
376
|
+
expect { provider.logonaccount=(user_input) }.not_to raise_error
|
377
|
+
expect(resource[:logonaccount]).to eq('NT AUTHORITY\LOCAL SERVICE')
|
378
|
+
end
|
379
|
+
end
|
380
|
+
|
381
|
+
context "when given user is in SID form" do
|
382
|
+
let(:user_input) { 'S-1-5-20' }
|
383
|
+
let(:principal) do
|
384
|
+
Puppet::Util::Windows::SID::Principal.new("NETWORK SERVICE", nil, nil, "NT AUTHORITY", :SidTypeUser)
|
385
|
+
end
|
386
|
+
|
387
|
+
it "should succesfully munge" do
|
388
|
+
expect { provider.logonaccount=(user_input) }.not_to raise_error
|
389
|
+
expect(resource[:logonaccount]).to eq('NT AUTHORITY\NETWORK SERVICE')
|
390
|
+
end
|
391
|
+
end
|
392
|
+
|
393
|
+
context "when given user is actually a group" do
|
394
|
+
let(:principal) do
|
395
|
+
Puppet::Util::Windows::SID::Principal.new("Administrators", nil, nil, "BUILTIN", :SidTypeAlias)
|
396
|
+
end
|
397
|
+
let(:user_input) { 'Administrators' }
|
398
|
+
|
399
|
+
it "should fail when sid type is not user or well known user" do
|
400
|
+
expect { provider.logonaccount=(user_input) }.to raise_error(Puppet::Error, /"BUILTIN\\#{user_input}" is not a valid account/)
|
401
|
+
end
|
402
|
+
end
|
403
|
+
end
|
404
|
+
end
|
405
|
+
|
406
|
+
describe "#logonpassword=" do
|
407
|
+
before do
|
408
|
+
allow(Puppet::Util::Windows::User).to receive(:get_rights).and_return('SeServiceLogonRight')
|
409
|
+
resource[:logonaccount] = account
|
410
|
+
resource[:logonpassword] = user_input
|
411
|
+
provider.logonaccount_insync?(account)
|
412
|
+
end
|
413
|
+
|
414
|
+
let(:account) { 'LocalSystem' }
|
415
|
+
|
416
|
+
describe "when given logonaccount is a predefined_local_account" do
|
417
|
+
let(:user_input) { 'pass' }
|
418
|
+
let(:principal) { nil }
|
419
|
+
|
420
|
+
it "should pass validation when given account is 'LocalSystem'" do
|
421
|
+
allow(Puppet::Util::Windows::User).to receive(:localsystem?).with('LocalSystem').and_return(true)
|
422
|
+
allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with('LocalSystem').and_return(true)
|
423
|
+
|
424
|
+
expect(Puppet::Util::Windows::User).not_to receive(:password_is?)
|
425
|
+
expect { provider.logonpassword=(user_input) }.not_to raise_error
|
426
|
+
end
|
427
|
+
|
428
|
+
['LOCAL SERVICE', 'NETWORK SERVICE', 'SYSTEM'].each do |predefined_local_account|
|
429
|
+
describe "when given account is #{predefined_local_account}" do
|
430
|
+
let(:account) { 'predefined_local_account' }
|
431
|
+
let(:principal) do
|
432
|
+
Puppet::Util::Windows::SID::Principal.new(account, nil, nil, "NT AUTHORITY", :SidTypeUser)
|
433
|
+
end
|
434
|
+
|
435
|
+
it "should pass validation" do
|
436
|
+
allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(principal.account).and_return(false)
|
437
|
+
allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(principal.domain_account).and_return(false)
|
438
|
+
expect(Puppet::Util::Windows::User).to receive(:default_system_account?).with(principal.domain_account).and_return(true).twice
|
439
|
+
|
440
|
+
expect(Puppet::Util::Windows::User).not_to receive(:password_is?)
|
441
|
+
expect { provider.logonpassword=(user_input) }.not_to raise_error
|
442
|
+
end
|
443
|
+
end
|
444
|
+
end
|
445
|
+
end
|
446
|
+
|
447
|
+
describe "when given logonaccount is not a predefined local account" do
|
448
|
+
before do
|
449
|
+
allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(".\\#{principal.account}").and_return(false)
|
450
|
+
allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with(".\\#{principal.account}").and_return(false)
|
451
|
+
end
|
452
|
+
|
453
|
+
let(:account) { 'myUser' }
|
454
|
+
let(:principal) do
|
455
|
+
Puppet::Util::Windows::SID::Principal.new(account, nil, nil, computer_name, :SidTypeUser)
|
456
|
+
end
|
457
|
+
|
458
|
+
describe "when password is proven correct" do
|
459
|
+
let(:user_input) { 'myPass' }
|
460
|
+
it "should pass validation" do
|
461
|
+
allow(Puppet::Util::Windows::User).to receive(:password_is?).with('myUser', 'myPass', '.').and_return(true)
|
462
|
+
expect { provider.logonpassword=(user_input) }.not_to raise_error
|
463
|
+
end
|
464
|
+
end
|
465
|
+
|
466
|
+
describe "when password is not proven correct" do
|
467
|
+
let(:user_input) { 'myWrongPass' }
|
468
|
+
it "should not pass validation" do
|
469
|
+
allow(Puppet::Util::Windows::User).to receive(:password_is?).with('myUser', 'myWrongPass', '.').and_return(false)
|
470
|
+
expect { provider.logonpassword=(user_input) }.to raise_error(Puppet::Error, /The given password is invalid for user '.\\myUser'/)
|
471
|
+
end
|
472
|
+
end
|
473
|
+
end
|
474
|
+
end
|
475
|
+
end
|
274
476
|
end
|
@@ -217,4 +217,104 @@ describe 'Puppet::Type::User::Provider::Aix' do
|
|
217
217
|
provider.create
|
218
218
|
end
|
219
219
|
end
|
220
|
+
|
221
|
+
describe '#list_all_homes' do
|
222
|
+
it "should return empty array and output debug on failure" do
|
223
|
+
allow(Puppet::Util::Execution).to receive(:execute).and_raise(Puppet::ExecutionFailure, 'Execution failed')
|
224
|
+
expect(Puppet).to receive(:debug).with('Could not list home of all users: Execution failed')
|
225
|
+
expect(provider.list_all_homes).to eql({})
|
226
|
+
end
|
227
|
+
end
|
228
|
+
|
229
|
+
describe '#delete' do
|
230
|
+
before(:each) do
|
231
|
+
allow(File).to receive(:realpath).and_call_original
|
232
|
+
allow(FileUtils).to receive(:remove_entry_secure).and_call_original
|
233
|
+
|
234
|
+
allow(provider.resource).to receive(:should).with(anything).and_return(nil)
|
235
|
+
allow(provider).to receive(:home).and_return(Dir.tmpdir)
|
236
|
+
allow(provider).to receive(:execute).and_return(nil)
|
237
|
+
allow(provider).to receive(:object_info).and_return(nil)
|
238
|
+
allow(FileUtils).to receive(:remove_entry_secure).with(Dir.tmpdir, true).and_return(nil)
|
239
|
+
end
|
240
|
+
|
241
|
+
context 'with managehome true' do
|
242
|
+
before(:each) do
|
243
|
+
allow(provider.resource).to receive(:managehome?).and_return(true)
|
244
|
+
allow(provider).to receive(:list_all_homes).and_return([])
|
245
|
+
end
|
246
|
+
|
247
|
+
it 'should delete the user without error' do
|
248
|
+
expect{ provider.delete }.not_to raise_error
|
249
|
+
end
|
250
|
+
|
251
|
+
it "should not remove home when relative" do
|
252
|
+
allow(provider).to receive(:home).and_return('relative_path')
|
253
|
+
|
254
|
+
expect(Puppet).to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
|
255
|
+
provider.delete
|
256
|
+
end
|
257
|
+
|
258
|
+
it "should not remove home when '/'" do
|
259
|
+
allow(provider).to receive(:home).and_return('/')
|
260
|
+
|
261
|
+
expect(Puppet).to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
|
262
|
+
provider.delete
|
263
|
+
end
|
264
|
+
|
265
|
+
it "should not remove home when symlink" do
|
266
|
+
allow(Puppet::FileSystem).to receive(:symlink?).with(Dir.tmpdir).and_return(true)
|
267
|
+
|
268
|
+
expect(Puppet).to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
|
269
|
+
provider.delete
|
270
|
+
end
|
271
|
+
|
272
|
+
it "should not remove home when other users would be affected" do
|
273
|
+
allow(provider).to receive(:home).and_return('/special')
|
274
|
+
allow(File).to receive(:realpath).with('/special').and_return('/special')
|
275
|
+
allow(Puppet::Util).to receive(:absolute_path?).with('/special').and_return(true)
|
276
|
+
allow(provider).to receive(:list_all_homes).and_return([{:name => 'other_user', :home => '/special/other_user'}])
|
277
|
+
|
278
|
+
expect(Puppet).to receive(:debug).with(/it would remove the home directory '\/special\/other_user' of user 'other_user' also./)
|
279
|
+
provider.delete
|
280
|
+
end
|
281
|
+
|
282
|
+
it 'should remove homedir' do
|
283
|
+
expect(FileUtils).to receive(:remove_entry_secure).with(Dir.tmpdir, true)
|
284
|
+
provider.delete
|
285
|
+
end
|
286
|
+
end
|
287
|
+
|
288
|
+
context 'with managehome false' do
|
289
|
+
before(:each) do
|
290
|
+
allow(provider.resource).to receive(:managehome?).and_return(false)
|
291
|
+
end
|
292
|
+
|
293
|
+
it 'should delete the user without error' do
|
294
|
+
expect{ provider.delete }.not_to raise_error
|
295
|
+
end
|
296
|
+
|
297
|
+
it 'should not remove homedir' do
|
298
|
+
expect(FileUtils).not_to receive(:remove_entry_secure).with(Dir.tmpdir, true)
|
299
|
+
end
|
300
|
+
|
301
|
+
it 'should not print manage home debug messages' do
|
302
|
+
expect(Puppet).not_to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
|
303
|
+
expect(Puppet).not_to receive(:debug).with(/it would remove the home directory '\/special\/other_user' of user 'other_user' also./)
|
304
|
+
|
305
|
+
provider.delete
|
306
|
+
end
|
307
|
+
end
|
308
|
+
end
|
309
|
+
|
310
|
+
describe '#deletecmd' do
|
311
|
+
it 'uses the -p flag when removing the user' do
|
312
|
+
allow(provider.class).to receive(:command).with(:delete).and_return('delete')
|
313
|
+
allow(provider).to receive(:ia_module_args).and_return(['ia_module_args'])
|
314
|
+
|
315
|
+
expect(provider.deletecmd).to eql(
|
316
|
+
['delete', '-p', 'ia_module_args', provider.resource.name]
|
317
|
+
)
|
318
|
+
end
|
319
|
+
end
|
220
320
|
end
|
@@ -925,28 +925,75 @@ end
|
|
925
925
|
}
|
926
926
|
end
|
927
927
|
|
928
|
-
|
929
|
-
|
930
|
-
expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(sha512_shadowhashdata)
|
931
|
-
expect(provider.class).to receive(:get_os_version).and_return('10.7')
|
932
|
-
expect(provider).to receive(:set_salted_sha512).with(sample_users_plist, sha512_shadowhashdata, sha512_password_hash)
|
933
|
-
provider.write_password_to_users_plist(sha512_password_hash)
|
928
|
+
before do
|
929
|
+
allow(provider).to receive(:merge_attribute_with_dscl).with('Users', username, 'AuthenticationAuthority', any_args)
|
934
930
|
end
|
935
931
|
|
936
|
-
|
937
|
-
|
938
|
-
|
939
|
-
|
940
|
-
|
941
|
-
|
932
|
+
describe 'when on macOS 11 (Big Sur) or greater' do
|
933
|
+
before do
|
934
|
+
allow(provider.class).to receive(:get_os_version).and_return('11.0.0')
|
935
|
+
end
|
936
|
+
|
937
|
+
it 'should add salted_sha512_pbkdf2 AuthenticationAuthority key if missing' do
|
938
|
+
expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
|
939
|
+
expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
|
940
|
+
expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
|
941
|
+
expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(true)
|
942
|
+
|
943
|
+
expect(Puppet).to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
|
944
|
+
provider.write_password_to_users_plist(pbkdf2_password_hash)
|
945
|
+
end
|
946
|
+
|
947
|
+
it 'should not add salted_sha512_pbkdf2 AuthenticationAuthority key if not missing' do
|
948
|
+
expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
|
949
|
+
expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
|
950
|
+
expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
|
951
|
+
expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
|
952
|
+
|
953
|
+
expect(Puppet).not_to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
|
954
|
+
provider.write_password_to_users_plist(pbkdf2_password_hash)
|
955
|
+
end
|
942
956
|
end
|
943
957
|
|
944
|
-
|
945
|
-
|
946
|
-
|
947
|
-
|
948
|
-
|
949
|
-
|
958
|
+
describe 'when on macOS version lower than 11' do
|
959
|
+
before do
|
960
|
+
allow(provider.class).to receive(:get_os_version)
|
961
|
+
allow(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
|
962
|
+
end
|
963
|
+
|
964
|
+
it 'should not add salted_sha512_pbkdf2 AuthenticationAuthority' do
|
965
|
+
expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
|
966
|
+
expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
|
967
|
+
expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
|
968
|
+
expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
|
969
|
+
|
970
|
+
expect(Puppet).not_to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
|
971
|
+
provider.write_password_to_users_plist(pbkdf2_password_hash)
|
972
|
+
end
|
973
|
+
|
974
|
+
it 'should call set_salted_sha512 on 10.7 when given a salted-SHA512 password hash' do
|
975
|
+
expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
|
976
|
+
expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(sha512_shadowhashdata)
|
977
|
+
expect(provider.class).to receive(:get_os_version).and_return('10.7')
|
978
|
+
expect(provider).to receive(:set_salted_sha512).with(sample_users_plist, sha512_shadowhashdata, sha512_password_hash)
|
979
|
+
provider.write_password_to_users_plist(sha512_password_hash)
|
980
|
+
end
|
981
|
+
|
982
|
+
it 'should call set_salted_pbkdf2 on 10.8 when given a PBKDF2 password hash' do
|
983
|
+
expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
|
984
|
+
expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
|
985
|
+
expect(provider.class).to receive(:get_os_version).and_return('10.8')
|
986
|
+
expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
|
987
|
+
provider.write_password_to_users_plist(pbkdf2_password_hash)
|
988
|
+
end
|
989
|
+
|
990
|
+
it "should delete the SALTED-SHA512 key in the shadow_hash_data hash if it exists on a 10.8 system and write_password_to_users_plist has been called to set the user's password" do
|
991
|
+
expect(provider).to receive(:get_users_plist).and_return('users_plist')
|
992
|
+
expect(provider).to receive(:get_shadow_hash_data).with('users_plist').and_return(sha512_shadowhashdata)
|
993
|
+
expect(provider.class).to receive(:get_os_version).and_return('10.8')
|
994
|
+
expect(provider).to receive(:set_salted_pbkdf2).with('users_plist', {}, 'entropy', pbkdf2_password_hash)
|
995
|
+
provider.write_password_to_users_plist(pbkdf2_password_hash)
|
996
|
+
end
|
950
997
|
end
|
951
998
|
end
|
952
999
|
|
@@ -974,16 +1021,7 @@ end
|
|
974
1021
|
describe '#set_shadow_hash_data' do
|
975
1022
|
let(:users_plist) { {'ShadowHashData' => ['string_data'] } }
|
976
1023
|
|
977
|
-
it 'should flush the plist data to
|
978
|
-
allow(provider.class).to receive(:get_os_version).and_return('10.12')
|
979
|
-
|
980
|
-
expect(provider).to receive(:write_users_plist_to_disk)
|
981
|
-
provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
|
982
|
-
end
|
983
|
-
|
984
|
-
it 'should flush the plist data a temporary file on OS X >= 10.15' do
|
985
|
-
allow(provider.class).to receive(:get_os_version).and_return('10.15')
|
986
|
-
|
1024
|
+
it 'should flush the plist data to a temporary file' do
|
987
1025
|
expect(provider).to receive(:write_and_import_shadow_hash_data)
|
988
1026
|
provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
|
989
1027
|
end
|
@@ -1033,13 +1071,6 @@ end
|
|
1033
1071
|
end
|
1034
1072
|
end
|
1035
1073
|
|
1036
|
-
describe '#write_users_plist_to_disk' do
|
1037
|
-
it 'should save the passed plist to disk and convert it to a binary plist' do
|
1038
|
-
expect(Puppet::Util::Plist).to receive(:write_plist_file).with(user_plist_xml, "#{users_plist_dir}/nonexistent_user.plist", :binary)
|
1039
|
-
provider.write_users_plist_to_disk(user_plist_xml)
|
1040
|
-
end
|
1041
|
-
end
|
1042
|
-
|
1043
1074
|
describe '#write_and_import_shadow_hash_data' do
|
1044
1075
|
it 'should save the passed plist to a temporary file and import it' do
|
1045
1076
|
tmpfile = double('tempfile', :path => "/tmp/dsimport_#{username}", :flush => nil)
|
@@ -1111,7 +1142,7 @@ end
|
|
1111
1142
|
provider.class.instance_variable_set(:@os_version, nil) if provider.class.instance_variable_defined? :@os_version
|
1112
1143
|
end
|
1113
1144
|
|
1114
|
-
it 'should call
|
1145
|
+
it 'should call Puppet.runtime[:facter].value(:macosx_productversion_major) ONLY ONCE no matter how ' +
|
1115
1146
|
'many times get_os_version() is called' do
|
1116
1147
|
expect(Facter).to receive(:value).with(:macosx_productversion_major).once.and_return('10.8')
|
1117
1148
|
expect(provider.class.get_os_version).to eq('10.8')
|
@@ -1203,6 +1234,7 @@ end
|
|
1203
1234
|
before :each do
|
1204
1235
|
allow(provider.class).to receive(:get_all_users).and_return(all_users_hash)
|
1205
1236
|
allow(provider.class).to receive(:get_list_of_groups).and_return(group_plist_hash_guid)
|
1237
|
+
allow(provider).to receive(:merge_attribute_with_dscl).with('Users', username, 'AuthenticationAuthority', any_args)
|
1206
1238
|
provider.class.prefetch({})
|
1207
1239
|
end
|
1208
1240
|
|
@@ -13,6 +13,7 @@ describe Puppet::Type.type(:user).provider(:useradd) do
|
|
13
13
|
allow(described_class).to receive(:command).with(:localmodify).and_return('/usr/sbin/lusermod')
|
14
14
|
allow(described_class).to receive(:command).with(:delete).and_return('/usr/sbin/userdel')
|
15
15
|
allow(described_class).to receive(:command).with(:localdelete).and_return('/usr/sbin/luserdel')
|
16
|
+
allow(described_class).to receive(:command).with(:chpasswd).and_return('/usr/sbin/chpasswd')
|
16
17
|
end
|
17
18
|
|
18
19
|
let(:resource) do
|
@@ -62,7 +63,7 @@ describe Puppet::Type.type(:user).provider(:useradd) do
|
|
62
63
|
:provider => provider,
|
63
64
|
)
|
64
65
|
resource2[:ensure] = :present
|
65
|
-
expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
|
66
|
+
expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true)).twice
|
66
67
|
provider.create
|
67
68
|
end
|
68
69
|
|
@@ -208,7 +209,7 @@ describe Puppet::Type.type(:user).provider(:useradd) do
|
|
208
209
|
end
|
209
210
|
|
210
211
|
it "should call execute with sensitive if sensitive data is changed" do
|
211
|
-
expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
|
212
|
+
expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true)).and_return('')
|
212
213
|
provider.password = 'bird bird bird'
|
213
214
|
end
|
214
215
|
end
|
@@ -351,6 +352,46 @@ describe Puppet::Type.type(:user).provider(:useradd) do
|
|
351
352
|
end
|
352
353
|
end
|
353
354
|
|
355
|
+
describe "#shell" do
|
356
|
+
before { described_class.has_feature :manages_local_users_and_groups }
|
357
|
+
|
358
|
+
let(:content) { "myuser:x:x:x:x:x:/bin/local_shell" }
|
359
|
+
|
360
|
+
it "should return the local shell string when forcelocal is true" do
|
361
|
+
resource[:forcelocal] = true
|
362
|
+
allow(Puppet::FileSystem).to receive(:exist?).with('/etc/passwd').and_return(true)
|
363
|
+
allow(Puppet::FileSystem).to receive(:each_line).with('/etc/passwd').and_yield(content)
|
364
|
+
expect(provider.shell).to eq('/bin/local_shell')
|
365
|
+
end
|
366
|
+
|
367
|
+
it "should fall back to nameservice shell string when forcelocal is false" do
|
368
|
+
resource[:forcelocal] = false
|
369
|
+
allow(provider).to receive(:get).with(:shell).and_return('/bin/remote_shell')
|
370
|
+
expect(provider).not_to receive(:localshell)
|
371
|
+
expect(provider.shell).to eq('/bin/remote_shell')
|
372
|
+
end
|
373
|
+
end
|
374
|
+
|
375
|
+
describe "#home" do
|
376
|
+
before { described_class.has_feature :manages_local_users_and_groups }
|
377
|
+
|
378
|
+
let(:content) { "myuser:x:x:x:x:/opt/local_home:x" }
|
379
|
+
|
380
|
+
it "should return the local home string when forcelocal is true" do
|
381
|
+
resource[:forcelocal] = true
|
382
|
+
allow(Puppet::FileSystem).to receive(:exist?).with('/etc/passwd').and_return(true)
|
383
|
+
allow(Puppet::FileSystem).to receive(:each_line).with('/etc/passwd').and_yield(content)
|
384
|
+
expect(provider.home).to eq('/opt/local_home')
|
385
|
+
end
|
386
|
+
|
387
|
+
it "should fall back to nameservice home string when forcelocal is false" do
|
388
|
+
resource[:forcelocal] = false
|
389
|
+
allow(provider).to receive(:get).with(:home).and_return('/opt/remote_home')
|
390
|
+
expect(provider).not_to receive(:localhome)
|
391
|
+
expect(provider.home).to eq('/opt/remote_home')
|
392
|
+
end
|
393
|
+
end
|
394
|
+
|
354
395
|
describe "#gid" do
|
355
396
|
before { described_class.has_feature :manages_local_users_and_groups }
|
356
397
|
|
data/spec/unit/provider_spec.rb
CHANGED
@@ -222,18 +222,18 @@ describe Puppet::Provider do
|
|
222
222
|
{ :true => false } => false,
|
223
223
|
{ :false => false } => true,
|
224
224
|
{ :false => true } => false,
|
225
|
-
{ :operatingsystem =>
|
225
|
+
{ :operatingsystem => Puppet.runtime[:facter].value(:operatingsystem) } => true,
|
226
226
|
{ :operatingsystem => :yayness } => false,
|
227
227
|
{ :nothing => :yayness } => false,
|
228
228
|
{ :exists => Puppet::Util.which(existing_command) } => true,
|
229
229
|
{ :exists => "/this/file/does/not/exist" } => false,
|
230
230
|
{ :true => true, :exists => Puppet::Util.which(existing_command) } => true,
|
231
231
|
{ :true => true, :exists => "/this/file/does/not/exist" } => false,
|
232
|
-
{ :operatingsystem =>
|
232
|
+
{ :operatingsystem => Puppet.runtime[:facter].value(:operatingsystem),
|
233
233
|
:exists => Puppet::Util.which(existing_command) } => true,
|
234
234
|
{ :operatingsystem => :yayness,
|
235
235
|
:exists => Puppet::Util.which(existing_command) } => false,
|
236
|
-
{ :operatingsystem =>
|
236
|
+
{ :operatingsystem => Puppet.runtime[:facter].value(:operatingsystem),
|
237
237
|
:exists => "/this/file/does/not/exist" } => false,
|
238
238
|
{ :operatingsystem => :yayness,
|
239
239
|
:exists => "/this/file/does/not/exist" } => false,
|
@@ -269,7 +269,7 @@ describe Puppet::Provider do
|
|
269
269
|
end
|
270
270
|
|
271
271
|
context "default providers" do
|
272
|
-
let :os do
|
272
|
+
let :os do Puppet.runtime[:facter].value(:operatingsystem) end
|
273
273
|
|
274
274
|
it { is_expected.to respond_to :specificity }
|
275
275
|
|
data/spec/unit/puppet_spec.rb
CHANGED
@@ -91,12 +91,20 @@ describe Puppet do
|
|
91
91
|
expect(Puppet.runtime[:http]).to be_an_instance_of(Puppet::HTTP::Client)
|
92
92
|
end
|
93
93
|
|
94
|
-
it 'allows
|
95
|
-
|
96
|
-
Puppet.initialize_settings([], true, true, http:
|
94
|
+
it 'allows a http implementation to be registered' do
|
95
|
+
http_impl = double('http')
|
96
|
+
Puppet.initialize_settings([], true, true, http: http_impl)
|
97
97
|
|
98
98
|
|
99
|
-
expect(Puppet.runtime[:http]).to eq(
|
99
|
+
expect(Puppet.runtime[:http]).to eq(http_impl)
|
100
|
+
end
|
101
|
+
|
102
|
+
it 'allows a facter implementation to be registered' do
|
103
|
+
facter_impl = double('facter')
|
104
|
+
Puppet.initialize_settings([], true, true, facter: facter_impl)
|
105
|
+
|
106
|
+
|
107
|
+
expect(Puppet.runtime[:facter]).to eq(facter_impl)
|
100
108
|
end
|
101
109
|
end
|
102
110
|
|