puppet 6.22.1-universal-darwin → 6.25.1-universal-darwin

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (415) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +5 -5
  3. data/Gemfile +2 -2
  4. data/Gemfile.lock +20 -20
  5. data/README.md +4 -4
  6. data/{ext → examples/enc}/regexp_nodes/classes/databases +0 -0
  7. data/{ext → examples/enc}/regexp_nodes/classes/webservers +0 -0
  8. data/{ext → examples/enc}/regexp_nodes/environment/development +0 -0
  9. data/{ext → examples/enc}/regexp_nodes/parameters/service/prod +0 -0
  10. data/{ext → examples/enc}/regexp_nodes/parameters/service/qa +0 -0
  11. data/{ext → examples/enc}/regexp_nodes/parameters/service/sandbox +0 -0
  12. data/{ext → examples/enc}/regexp_nodes/regexp_nodes.rb +0 -0
  13. data/{ext → examples}/nagios/check_puppet.rb +2 -2
  14. data/ext/README.md +13 -0
  15. data/ext/osx/puppet.plist +2 -0
  16. data/ext/project_data.yaml +1 -0
  17. data/lib/puppet/application/agent.rb +16 -5
  18. data/lib/puppet/application/apply.rb +22 -3
  19. data/lib/puppet/application/device.rb +2 -1
  20. data/lib/puppet/application/filebucket.rb +1 -0
  21. data/lib/puppet/application/resource.rb +32 -16
  22. data/lib/puppet/application/script.rb +2 -1
  23. data/lib/puppet/application/ssl.rb +1 -0
  24. data/lib/puppet/concurrent/thread_local_singleton.rb +1 -0
  25. data/lib/puppet/configurer/downloader.rb +2 -1
  26. data/lib/puppet/configurer.rb +144 -56
  27. data/lib/puppet/confine/variable.rb +1 -1
  28. data/lib/puppet/defaults.rb +47 -33
  29. data/lib/puppet/environments.rb +75 -25
  30. data/lib/puppet/face/facts.rb +1 -1
  31. data/lib/puppet/face/help/action.erb +1 -0
  32. data/lib/puppet/face/help/face.erb +1 -0
  33. data/lib/puppet/face/node/clean.rb +11 -0
  34. data/lib/puppet/facter_impl.rb +96 -0
  35. data/lib/puppet/file_serving/configuration/parser.rb +2 -0
  36. data/lib/puppet/file_serving/configuration.rb +3 -0
  37. data/lib/puppet/file_serving/fileset.rb +14 -2
  38. data/lib/puppet/file_serving/mount/file.rb +4 -4
  39. data/lib/puppet/file_serving/mount/scripts.rb +24 -0
  40. data/lib/puppet/file_system/file_impl.rb +3 -1
  41. data/lib/puppet/file_system/windows.rb +2 -2
  42. data/lib/puppet/forge.rb +4 -4
  43. data/lib/puppet/functions/all.rb +1 -1
  44. data/lib/puppet/functions/camelcase.rb +1 -1
  45. data/lib/puppet/functions/capitalize.rb +2 -2
  46. data/lib/puppet/functions/downcase.rb +2 -2
  47. data/lib/puppet/functions/empty.rb +8 -0
  48. data/lib/puppet/functions/find_template.rb +2 -2
  49. data/lib/puppet/functions/get.rb +5 -5
  50. data/lib/puppet/functions/group_by.rb +13 -5
  51. data/lib/puppet/functions/lest.rb +1 -1
  52. data/lib/puppet/functions/new.rb +100 -100
  53. data/lib/puppet/functions/partition.rb +4 -4
  54. data/lib/puppet/functions/require.rb +5 -5
  55. data/lib/puppet/functions/sort.rb +3 -3
  56. data/lib/puppet/functions/strftime.rb +1 -0
  57. data/lib/puppet/functions/tree_each.rb +7 -9
  58. data/lib/puppet/functions/type.rb +4 -4
  59. data/lib/puppet/functions/unwrap.rb +17 -2
  60. data/lib/puppet/functions/upcase.rb +2 -2
  61. data/lib/puppet/http/client.rb +1 -1
  62. data/lib/puppet/http/redirector.rb +5 -0
  63. data/lib/puppet/http/resolver/server_list.rb +15 -4
  64. data/lib/puppet/http/service/compiler.rb +75 -1
  65. data/lib/puppet/http/service/file_server.rb +2 -1
  66. data/lib/puppet/indirector/catalog/compiler.rb +25 -6
  67. data/lib/puppet/indirector/catalog/rest.rb +1 -0
  68. data/lib/puppet/indirector/facts/facter.rb +6 -6
  69. data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
  70. data/lib/puppet/indirector/indirection.rb +1 -1
  71. data/lib/puppet/indirector/resource/ral.rb +6 -1
  72. data/lib/puppet/indirector/terminus.rb +4 -0
  73. data/lib/puppet/interface/documentation.rb +1 -0
  74. data/lib/puppet/module/plan.rb +0 -1
  75. data/lib/puppet/module/task.rb +1 -1
  76. data/lib/puppet/module.rb +1 -0
  77. data/lib/puppet/module_tool/applications/installer.rb +12 -4
  78. data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
  79. data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
  80. data/lib/puppet/module_tool/errors/shared.rb +17 -0
  81. data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
  82. data/lib/puppet/node/environment.rb +10 -11
  83. data/lib/puppet/pal/pal_impl.rb +1 -1
  84. data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
  85. data/lib/puppet/parser/resource.rb +1 -1
  86. data/lib/puppet/parser/scope.rb +1 -0
  87. data/lib/puppet/parser/templatewrapper.rb +1 -0
  88. data/lib/puppet/pops/evaluator/closure.rb +7 -5
  89. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +1 -0
  90. data/lib/puppet/pops/lookup/lookup_adapter.rb +3 -2
  91. data/lib/puppet/pops/model/ast.rb +1 -0
  92. data/lib/puppet/pops/model/factory.rb +2 -1
  93. data/lib/puppet/pops/parser/eparser.rb +201 -201
  94. data/lib/puppet/pops/parser/lexer2.rb +92 -91
  95. data/lib/puppet/pops/parser/slurp_support.rb +1 -0
  96. data/lib/puppet/pops/serialization/to_data_converter.rb +18 -6
  97. data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
  98. data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
  99. data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
  100. data/lib/puppet/pops/types/type_formatter.rb +4 -3
  101. data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
  102. data/lib/puppet/pops/types/types.rb +1 -1
  103. data/lib/puppet/provider/aix_object.rb +1 -1
  104. data/lib/puppet/provider/exec/posix.rb +16 -4
  105. data/lib/puppet/provider/group/groupadd.rb +5 -2
  106. data/lib/puppet/provider/package/nim.rb +11 -6
  107. data/lib/puppet/provider/package/pip.rb +15 -3
  108. data/lib/puppet/provider/package/pkg.rb +19 -2
  109. data/lib/puppet/provider/package/puppetserver_gem.rb +1 -1
  110. data/lib/puppet/provider/package/yum.rb +1 -1
  111. data/lib/puppet/provider/parsedfile.rb +3 -0
  112. data/lib/puppet/provider/service/base.rb +1 -1
  113. data/lib/puppet/provider/service/init.rb +5 -5
  114. data/lib/puppet/provider/service/launchd.rb +2 -2
  115. data/lib/puppet/provider/service/redhat.rb +1 -1
  116. data/lib/puppet/provider/service/smf.rb +3 -3
  117. data/lib/puppet/provider/service/systemd.rb +15 -5
  118. data/lib/puppet/provider/service/upstart.rb +5 -5
  119. data/lib/puppet/provider/service/windows.rb +38 -0
  120. data/lib/puppet/provider/user/aix.rb +44 -1
  121. data/lib/puppet/provider/user/directoryservice.rb +26 -13
  122. data/lib/puppet/provider/user/useradd.rb +72 -16
  123. data/lib/puppet/provider.rb +1 -1
  124. data/lib/puppet/reference/configuration.rb +1 -1
  125. data/lib/puppet/reference/providers.rb +2 -2
  126. data/lib/puppet/resource/catalog.rb +1 -1
  127. data/lib/puppet/resource/type_collection.rb +1 -0
  128. data/lib/puppet/resource.rb +38 -5
  129. data/lib/puppet/runtime.rb +11 -1
  130. data/lib/puppet/settings.rb +32 -9
  131. data/lib/puppet/test/test_helper.rb +4 -1
  132. data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
  133. data/lib/puppet/transaction/persistence.rb +11 -1
  134. data/lib/puppet/transaction/report.rb +15 -1
  135. data/lib/puppet/type/exec.rb +35 -5
  136. data/lib/puppet/type/file/mode.rb +6 -0
  137. data/lib/puppet/type/file/selcontext.rb +1 -1
  138. data/lib/puppet/type/file.rb +25 -7
  139. data/lib/puppet/type/filebucket.rb +3 -3
  140. data/lib/puppet/type/group.rb +0 -1
  141. data/lib/puppet/type/resources.rb +1 -1
  142. data/lib/puppet/type/service.rb +26 -41
  143. data/lib/puppet/type/tidy.rb +22 -3
  144. data/lib/puppet/type/user.rb +38 -21
  145. data/lib/puppet/type.rb +1 -1
  146. data/lib/puppet/util/command_line.rb +1 -1
  147. data/lib/puppet/util/filetype.rb +2 -2
  148. data/lib/puppet/util/json.rb +3 -0
  149. data/lib/puppet/util/log.rb +1 -2
  150. data/lib/puppet/util/logging.rb +1 -25
  151. data/lib/puppet/util/pidlock.rb +1 -1
  152. data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
  153. data/lib/puppet/util/selinux.rb +30 -4
  154. data/lib/puppet/util/suidmanager.rb +1 -2
  155. data/lib/puppet/util/symbolic_file_mode.rb +29 -17
  156. data/lib/puppet/util/tagging.rb +1 -0
  157. data/lib/puppet/util/windows/service.rb +0 -5
  158. data/lib/puppet/util/windows/sid.rb +3 -1
  159. data/lib/puppet/util/windows/user.rb +0 -2
  160. data/lib/puppet/util/windows.rb +3 -0
  161. data/lib/puppet/util.rb +4 -3
  162. data/lib/puppet/version.rb +1 -1
  163. data/lib/puppet.rb +5 -9
  164. data/locales/puppet.pot +408 -364
  165. data/man/man5/puppet.conf.5 +303 -275
  166. data/man/man8/puppet-agent.8 +4 -1
  167. data/man/man8/puppet-apply.8 +1 -1
  168. data/man/man8/puppet-catalog.8 +9 -9
  169. data/man/man8/puppet-config.8 +1 -1
  170. data/man/man8/puppet-describe.8 +1 -1
  171. data/man/man8/puppet-device.8 +1 -1
  172. data/man/man8/puppet-doc.8 +1 -1
  173. data/man/man8/puppet-epp.8 +1 -1
  174. data/man/man8/puppet-facts.8 +8 -8
  175. data/man/man8/puppet-filebucket.8 +1 -1
  176. data/man/man8/puppet-generate.8 +1 -1
  177. data/man/man8/puppet-help.8 +1 -1
  178. data/man/man8/puppet-key.8 +7 -7
  179. data/man/man8/puppet-lookup.8 +1 -1
  180. data/man/man8/puppet-man.8 +1 -1
  181. data/man/man8/puppet-module.8 +3 -3
  182. data/man/man8/puppet-node.8 +5 -5
  183. data/man/man8/puppet-parser.8 +1 -1
  184. data/man/man8/puppet-plugin.8 +1 -1
  185. data/man/man8/puppet-report.8 +5 -5
  186. data/man/man8/puppet-resource.8 +1 -1
  187. data/man/man8/puppet-script.8 +1 -1
  188. data/man/man8/puppet-ssl.8 +1 -1
  189. data/man/man8/puppet-status.8 +4 -4
  190. data/man/man8/puppet.8 +2 -2
  191. data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +2 -1
  192. data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +3 -0
  193. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +4 -0
  194. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +3 -0
  195. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +8 -0
  196. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +25 -0
  197. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +19 -0
  198. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +20 -0
  199. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +8 -0
  200. data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
  201. data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
  202. data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
  203. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
  204. data/spec/fixtures/ssl/ca.pem +57 -35
  205. data/spec/fixtures/ssl/crl.pem +28 -18
  206. data/spec/fixtures/ssl/ec-key.pem +11 -11
  207. data/spec/fixtures/ssl/ec.pem +33 -24
  208. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  209. data/spec/fixtures/ssl/encrypted-key.pem +108 -58
  210. data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
  211. data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
  212. data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
  213. data/spec/fixtures/ssl/intermediate.pem +57 -36
  214. data/spec/fixtures/ssl/oid-key.pem +117 -0
  215. data/spec/fixtures/ssl/oid.pem +69 -0
  216. data/spec/fixtures/ssl/pluto-key.pem +107 -57
  217. data/spec/fixtures/ssl/pluto.pem +52 -30
  218. data/spec/fixtures/ssl/request-key.pem +107 -57
  219. data/spec/fixtures/ssl/request.pem +47 -26
  220. data/spec/fixtures/ssl/revoked-key.pem +107 -57
  221. data/spec/fixtures/ssl/revoked.pem +52 -30
  222. data/spec/fixtures/ssl/signed-key.pem +107 -57
  223. data/spec/fixtures/ssl/signed.pem +52 -30
  224. data/spec/fixtures/ssl/tampered-cert.pem +52 -30
  225. data/spec/fixtures/ssl/tampered-csr.pem +47 -26
  226. data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
  227. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
  228. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
  229. data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
  230. data/spec/fixtures/ssl/unknown-ca.pem +55 -33
  231. data/spec/integration/application/agent_spec.rb +141 -37
  232. data/spec/integration/application/filebucket_spec.rb +16 -0
  233. data/spec/integration/application/module_spec.rb +21 -0
  234. data/spec/integration/application/resource_spec.rb +64 -0
  235. data/spec/integration/application/ssl_spec.rb +20 -0
  236. data/spec/integration/configurer_spec.rb +18 -2
  237. data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
  238. data/spec/integration/indirector/facts/facter_spec.rb +93 -39
  239. data/spec/integration/l10n/compiler_spec.rb +37 -0
  240. data/spec/integration/parser/pcore_resource_spec.rb +10 -0
  241. data/spec/integration/transaction/report_spec.rb +1 -1
  242. data/spec/integration/type/exec_spec.rb +70 -45
  243. data/spec/integration/type/file_spec.rb +2 -2
  244. data/spec/integration/type/package_spec.rb +6 -6
  245. data/spec/integration/util/rdoc/parser_spec.rb +1 -1
  246. data/spec/integration/util/windows/process_spec.rb +1 -9
  247. data/spec/lib/puppet/test_ca.rb +7 -2
  248. data/spec/lib/puppet_spec/modules.rb +13 -2
  249. data/spec/lib/puppet_spec/puppetserver.rb +15 -0
  250. data/spec/lib/puppet_spec/settings.rb +1 -0
  251. data/spec/shared_behaviours/documentation_on_faces.rb +0 -2
  252. data/spec/shared_contexts/l10n.rb +27 -0
  253. data/spec/spec_helper.rb +1 -10
  254. data/spec/unit/application/agent_spec.rb +7 -2
  255. data/spec/unit/application/apply_spec.rb +76 -56
  256. data/spec/unit/application/resource_spec.rb +29 -0
  257. data/spec/unit/configurer/downloader_spec.rb +6 -0
  258. data/spec/unit/configurer_spec.rb +256 -57
  259. data/spec/unit/defaults_spec.rb +1 -0
  260. data/spec/unit/environments_spec.rb +184 -0
  261. data/spec/unit/facter_impl_spec.rb +31 -0
  262. data/spec/unit/file_bucket/dipper_spec.rb +2 -2
  263. data/spec/unit/file_serving/configuration/parser_spec.rb +23 -0
  264. data/spec/unit/file_serving/configuration_spec.rb +14 -4
  265. data/spec/unit/file_serving/fileset_spec.rb +60 -0
  266. data/spec/unit/file_serving/mount/scripts_spec.rb +69 -0
  267. data/spec/unit/file_system_spec.rb +13 -0
  268. data/spec/unit/functions/assert_type_spec.rb +1 -1
  269. data/spec/unit/functions/empty_spec.rb +10 -0
  270. data/spec/unit/functions/logging_spec.rb +1 -0
  271. data/spec/unit/functions/lookup_spec.rb +64 -0
  272. data/spec/unit/functions/unwrap_spec.rb +8 -0
  273. data/spec/unit/functions4_spec.rb +2 -2
  274. data/spec/unit/gettext/config_spec.rb +12 -0
  275. data/spec/unit/http/client_spec.rb +58 -1
  276. data/spec/unit/http/service/compiler_spec.rb +131 -0
  277. data/spec/unit/indirector/catalog/compiler_spec.rb +101 -10
  278. data/spec/unit/indirector/catalog/rest_spec.rb +8 -0
  279. data/spec/unit/indirector/indirection_spec.rb +10 -3
  280. data/spec/unit/indirector/resource/ral_spec.rb +40 -75
  281. data/spec/unit/interface/action_spec.rb +0 -9
  282. data/spec/unit/module_spec.rb +15 -1
  283. data/spec/unit/module_tool/applications/installer_spec.rb +51 -12
  284. data/spec/unit/network/authstore_spec.rb +0 -15
  285. data/spec/unit/network/formats_spec.rb +6 -0
  286. data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
  287. data/spec/unit/parser/templatewrapper_spec.rb +12 -2
  288. data/spec/unit/pops/parser/parse_containers_spec.rb +0 -11
  289. data/spec/unit/pops/serialization/to_from_hr_spec.rb +58 -0
  290. data/spec/unit/pops/serialization/to_stringified_spec.rb +5 -0
  291. data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
  292. data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
  293. data/spec/unit/pops/types/type_calculator_spec.rb +6 -0
  294. data/spec/unit/provider/package/gem_spec.rb +1 -1
  295. data/spec/unit/provider/package/nim_spec.rb +42 -0
  296. data/spec/unit/provider/package/pip2_spec.rb +1 -1
  297. data/spec/unit/provider/package/pip3_spec.rb +1 -1
  298. data/spec/unit/provider/package/pip_spec.rb +38 -1
  299. data/spec/unit/provider/package/pkg_spec.rb +29 -4
  300. data/spec/unit/provider/package/puppet_gem_spec.rb +1 -1
  301. data/spec/unit/provider/package/puppetserver_gem_spec.rb +1 -1
  302. data/spec/unit/provider/parsedfile_spec.rb +10 -0
  303. data/spec/unit/provider/service/init_spec.rb +1 -0
  304. data/spec/unit/provider/service/launchd_spec.rb +11 -0
  305. data/spec/unit/provider/service/openwrt_spec.rb +3 -1
  306. data/spec/unit/provider/service/systemd_spec.rb +43 -9
  307. data/spec/unit/provider/service/windows_spec.rb +202 -0
  308. data/spec/unit/provider/user/aix_spec.rb +100 -0
  309. data/spec/unit/provider/user/directoryservice_spec.rb +68 -36
  310. data/spec/unit/provider/user/useradd_spec.rb +43 -2
  311. data/spec/unit/provider_spec.rb +4 -4
  312. data/spec/unit/puppet_spec.rb +12 -4
  313. data/spec/unit/resource/catalog_spec.rb +14 -1
  314. data/spec/unit/resource_spec.rb +58 -2
  315. data/spec/unit/settings_spec.rb +97 -56
  316. data/spec/unit/ssl/certificate_request_spec.rb +8 -14
  317. data/spec/unit/ssl/state_machine_spec.rb +19 -5
  318. data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
  319. data/spec/unit/transaction_spec.rb +18 -20
  320. data/spec/unit/type/exec_spec.rb +76 -29
  321. data/spec/unit/type/file/selinux_spec.rb +3 -3
  322. data/spec/unit/type/file/source_spec.rb +4 -4
  323. data/spec/unit/type/service_spec.rb +86 -188
  324. data/spec/unit/type/tidy_spec.rb +24 -7
  325. data/spec/unit/type/user_spec.rb +45 -0
  326. data/spec/unit/type_spec.rb +2 -2
  327. data/spec/unit/util/logging_spec.rb +2 -0
  328. data/spec/unit/util/selinux_spec.rb +87 -16
  329. data/spec/unit/util/windows/sid_spec.rb +39 -4
  330. data/tasks/generate_cert_fixtures.rake +12 -3
  331. data/tasks/parallel.rake +3 -3
  332. metadata +49 -95
  333. data/ext/README.environment +0 -8
  334. data/ext/dbfix.sql +0 -132
  335. data/ext/debian/README.Debian +0 -8
  336. data/ext/debian/README.source +0 -2
  337. data/ext/debian/TODO.Debian +0 -1
  338. data/ext/debian/changelog.erb +0 -1122
  339. data/ext/debian/compat +0 -1
  340. data/ext/debian/control +0 -144
  341. data/ext/debian/copyright +0 -339
  342. data/ext/debian/docs +0 -1
  343. data/ext/debian/fileserver.conf +0 -41
  344. data/ext/debian/puppet-common.dirs +0 -13
  345. data/ext/debian/puppet-common.install +0 -3
  346. data/ext/debian/puppet-common.lintian-overrides +0 -5
  347. data/ext/debian/puppet-common.manpages +0 -28
  348. data/ext/debian/puppet-common.postinst +0 -35
  349. data/ext/debian/puppet-common.postrm +0 -33
  350. data/ext/debian/puppet-el.dirs +0 -1
  351. data/ext/debian/puppet-el.emacsen-install +0 -25
  352. data/ext/debian/puppet-el.emacsen-remove +0 -11
  353. data/ext/debian/puppet-el.emacsen-startup +0 -9
  354. data/ext/debian/puppet-el.install +0 -1
  355. data/ext/debian/puppet-testsuite.install +0 -2
  356. data/ext/debian/puppet-testsuite.lintian-overrides +0 -4
  357. data/ext/debian/puppet.lintian-overrides +0 -3
  358. data/ext/debian/puppet.logrotate +0 -20
  359. data/ext/debian/puppet.postinst +0 -20
  360. data/ext/debian/puppet.postrm +0 -20
  361. data/ext/debian/puppet.preinst +0 -20
  362. data/ext/debian/puppetmaster-common.install +0 -2
  363. data/ext/debian/puppetmaster-common.manpages +0 -2
  364. data/ext/debian/puppetmaster-common.postinst +0 -6
  365. data/ext/debian/puppetmaster-passenger.dirs +0 -4
  366. data/ext/debian/puppetmaster-passenger.postinst +0 -162
  367. data/ext/debian/puppetmaster-passenger.postrm +0 -61
  368. data/ext/debian/puppetmaster.README.debian +0 -17
  369. data/ext/debian/puppetmaster.default +0 -14
  370. data/ext/debian/puppetmaster.init +0 -137
  371. data/ext/debian/puppetmaster.lintian-overrides +0 -3
  372. data/ext/debian/puppetmaster.postinst +0 -20
  373. data/ext/debian/puppetmaster.postrm +0 -5
  374. data/ext/debian/puppetmaster.preinst +0 -22
  375. data/ext/debian/rules +0 -132
  376. data/ext/debian/source/format +0 -1
  377. data/ext/debian/source/options +0 -1
  378. data/ext/debian/vim-puppet.README.Debian +0 -13
  379. data/ext/debian/vim-puppet.dirs +0 -5
  380. data/ext/debian/vim-puppet.yaml +0 -7
  381. data/ext/debian/watch +0 -2
  382. data/ext/freebsd/puppetd +0 -26
  383. data/ext/freebsd/puppetmasterd +0 -26
  384. data/ext/gentoo/conf.d/puppet +0 -5
  385. data/ext/gentoo/conf.d/puppetmaster +0 -12
  386. data/ext/gentoo/init.d/puppet +0 -38
  387. data/ext/gentoo/init.d/puppetmaster +0 -51
  388. data/ext/gentoo/puppet/fileserver.conf +0 -41
  389. data/ext/ips/puppet-agent +0 -44
  390. data/ext/ips/puppet-master +0 -44
  391. data/ext/ips/puppet.p5m.erb +0 -12
  392. data/ext/ips/puppetagent.xml +0 -42
  393. data/ext/ips/puppetmaster.xml +0 -42
  394. data/ext/ips/rules +0 -19
  395. data/ext/ips/transforms +0 -34
  396. data/ext/ldap/puppet.schema +0 -24
  397. data/ext/logcheck/puppet +0 -23
  398. data/ext/osx/file_mapping.yaml +0 -33
  399. data/ext/osx/postflight.erb +0 -109
  400. data/ext/osx/preflight.erb +0 -52
  401. data/ext/osx/prototype.plist.erb +0 -38
  402. data/ext/redhat/fileserver.conf +0 -41
  403. data/ext/redhat/logrotate +0 -21
  404. data/ext/redhat/puppet.spec.erb +0 -842
  405. data/ext/redhat/server.init +0 -128
  406. data/ext/redhat/server.sysconfig +0 -13
  407. data/ext/solaris/pkginfo +0 -6
  408. data/ext/solaris/smf/puppetd.xml +0 -77
  409. data/ext/solaris/smf/puppetmasterd.xml +0 -77
  410. data/ext/solaris/smf/svc-puppetd +0 -71
  411. data/ext/solaris/smf/svc-puppetmasterd +0 -67
  412. data/ext/suse/puppet.spec +0 -310
  413. data/ext/suse/server.init +0 -173
  414. data/ext/yaml_nodes.rb +0 -105
  415. data/spec/unit/indirector/store_configs_spec.rb +0 -7
@@ -34,7 +34,7 @@ describe 'Puppet::Type::Service::Provider::Systemd',
34
34
  end
35
35
  end
36
36
 
37
- [7, 8].each do |ver|
37
+ [7, 8, 9].each do |ver|
38
38
  it "should be the default provider on rhel#{ver}" do
39
39
  allow(Facter).to receive(:value).with(:osfamily).and_return(:redhat)
40
40
  allow(Facter).to receive(:value).with(:operatingsystem).and_return(:redhat)
@@ -357,6 +357,9 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
357
357
  describe "#mask" do
358
358
  it "should run systemctl to disable and mask a service" do
359
359
  provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
360
+ expect(provider).to receive(:execute).
361
+ with(['/bin/systemctl','cat', '--', 'sshd.service'], :failonfail => false).
362
+ and_return(Puppet::Util::Execution::ProcessOutput.new("# /lib/systemd/system/sshd.service\n...", 0))
360
363
  # :disable is the only call in the provider that uses a symbol instead of
361
364
  # a string.
362
365
  # This should be made consistent in the future and all tests updated.
@@ -364,6 +367,15 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
364
367
  expect(provider).to receive(:systemctl).with(:mask, '--', 'sshd.service')
365
368
  provider.mask
366
369
  end
370
+
371
+ it "masks a service that doesn't exist" do
372
+ provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'doesnotexist.service'))
373
+ expect(provider).to receive(:execute).
374
+ with(['/bin/systemctl','cat', '--', 'doesnotexist.service'], :failonfail => false).
375
+ and_return(Puppet::Util::Execution::ProcessOutput.new("No files found for doesnotexist.service.\n", 1))
376
+ expect(provider).to receive(:systemctl).with(:mask, '--', 'doesnotexist.service')
377
+ provider.mask
378
+ end
367
379
  end
368
380
 
369
381
  # Note: systemd provider does not care about hasstatus or a custom status
@@ -467,17 +479,39 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
467
479
  context 'when service state is static' do
468
480
  let(:service_state) { 'static' }
469
481
 
470
- it 'is always enabled_insync even if current value is the same as expected' do
471
- expect(provider).to be_enabled_insync(:false)
472
- end
482
+ context 'when enable is not mask' do
483
+ it 'is always enabled_insync even if current value is the same as expected' do
484
+ expect(provider).to be_enabled_insync(:false)
485
+ end
473
486
 
474
- it 'is always enabled_insync even if current value is not the same as expected' do
475
- expect(provider).to be_enabled_insync(:true)
487
+ it 'is always enabled_insync even if current value is not the same as expected' do
488
+ expect(provider).to be_enabled_insync(:true)
489
+ end
490
+
491
+ it 'logs a debug messsage' do
492
+ expect(Puppet).to receive(:debug).with("Unable to enable or disable static service sshd.service")
493
+ provider.enabled_insync?(:true)
494
+ end
476
495
  end
477
496
 
478
- it 'logs a debug messsage' do
479
- expect(Puppet).to receive(:debug).with("Unable to enable or disable static service sshd.service")
480
- provider.enabled_insync?(:true)
497
+ context 'when enable is mask' do
498
+ let(:provider) do
499
+ provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service',
500
+ :enable => 'mask'))
501
+ end
502
+
503
+ it 'is enabled_insync if current value is the same as expected' do
504
+ expect(provider).to be_enabled_insync(:mask)
505
+ end
506
+
507
+ it 'is not enabled_insync if current value is not the same as expected' do
508
+ expect(provider).not_to be_enabled_insync(:true)
509
+ end
510
+
511
+ it 'logs no debug messsage' do
512
+ expect(Puppet).not_to receive(:debug)
513
+ provider.enabled_insync?(:true)
514
+ end
481
515
  end
482
516
  end
483
517
 
@@ -271,4 +271,206 @@ describe 'Puppet::Type::Service::Provider::Windows',
271
271
  }.to raise_error(Puppet::Error, /Cannot enable #{name}/)
272
272
  end
273
273
  end
274
+
275
+ describe "when managing logon credentials" do
276
+ before do
277
+ allow(Puppet::Util::Windows::ADSI).to receive(:computer_name).and_return(computer_name)
278
+ allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(principal)
279
+ allow(Puppet::Util::Windows::Service).to receive(:set_startup_configuration).and_return(nil)
280
+ end
281
+
282
+ let(:computer_name) { 'myPC' }
283
+
284
+ describe "#logonaccount=" do
285
+ before do
286
+ allow(Puppet::Util::Windows::User).to receive(:password_is?).and_return(true)
287
+ resource[:logonaccount] = user_input
288
+ provider.logonaccount_insync?(user_input)
289
+ end
290
+
291
+ let(:user_input) { principal.account }
292
+ let(:principal) do
293
+ Puppet::Util::Windows::SID::Principal.new("myUser", nil, nil, computer_name, :SidTypeUser)
294
+ end
295
+
296
+ context "when given user is 'myUser'" do
297
+ it "should fail when the `Log On As A Service` right is missing from given user" do
298
+ allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("")
299
+ expect { provider.logonaccount=(user_input) }.to raise_error(Puppet::Error, /".\\#{principal.account}" is missing the 'Log On As A Service' right./)
300
+ end
301
+
302
+ it "should fail when the `Log On As A Service` right is set to denied for given user" do
303
+ allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("SeDenyServiceLogonRight")
304
+ expect { provider.logonaccount=(user_input) }.to raise_error(Puppet::Error, /".\\#{principal.account}" has the 'Log On As A Service' right set to denied./)
305
+ end
306
+
307
+ it "should not fail when given user has the `Log On As A Service` right" do
308
+ allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("SeServiceLogonRight")
309
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
310
+ end
311
+
312
+ ['myUser', 'myPC\\myUser', ".\\myUser", "MYPC\\mYuseR"].each do |user_input_variant|
313
+ let(:user_input) { user_input_variant }
314
+
315
+ it "should succesfully munge #{user_input_variant} to '.\\myUser'" do
316
+ allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("SeServiceLogonRight")
317
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
318
+ expect(resource[:logonaccount]).to eq(".\\myUser")
319
+ end
320
+ end
321
+ end
322
+
323
+ context "when given user is a system account" do
324
+ before do
325
+ allow(Puppet::Util::Windows::User).to receive(:default_system_account?).and_return(true)
326
+ end
327
+
328
+ let(:user_input) { principal.account }
329
+ let(:principal) do
330
+ Puppet::Util::Windows::SID::Principal.new("LOCAL SERVICE", nil, nil, "NT AUTHORITY", :SidTypeUser)
331
+ end
332
+
333
+ it "should not fail when given user is a default system account even if the `Log On As A Service` right is missing" do
334
+ expect(Puppet::Util::Windows::User).not_to receive(:get_rights)
335
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
336
+ end
337
+
338
+ ['LocalSystem', '.\LocalSystem', 'myPC\LocalSystem', 'lOcALsysTem'].each do |user_input_variant|
339
+ let(:user_input) { user_input_variant }
340
+
341
+ it "should succesfully munge #{user_input_variant} to 'LocalSystem'" do
342
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
343
+ expect(resource[:logonaccount]).to eq('LocalSystem')
344
+ end
345
+ end
346
+ end
347
+
348
+ context "when domain is different from computer name" do
349
+ before do
350
+ allow(Puppet::Util::Windows::User).to receive(:get_rights).and_return("SeServiceLogonRight")
351
+ end
352
+
353
+ context "when given user is from AD" do
354
+ let(:user_input) { 'myRemoteUser' }
355
+ let(:principal) do
356
+ Puppet::Util::Windows::SID::Principal.new("myRemoteUser", nil, nil, "AD", :SidTypeUser)
357
+ end
358
+
359
+ it "should not raise any error" do
360
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
361
+ end
362
+
363
+ it "should succesfully be munged" do
364
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
365
+ expect(resource[:logonaccount]).to eq('AD\myRemoteUser')
366
+ end
367
+ end
368
+
369
+ context "when given user is LocalService" do
370
+ let(:user_input) { 'LocalService' }
371
+ let(:principal) do
372
+ Puppet::Util::Windows::SID::Principal.new("LOCAL SERVICE", nil, nil, "NT AUTHORITY", :SidTypeWellKnownGroup)
373
+ end
374
+
375
+ it "should succesfully munge well known user" do
376
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
377
+ expect(resource[:logonaccount]).to eq('NT AUTHORITY\LOCAL SERVICE')
378
+ end
379
+ end
380
+
381
+ context "when given user is in SID form" do
382
+ let(:user_input) { 'S-1-5-20' }
383
+ let(:principal) do
384
+ Puppet::Util::Windows::SID::Principal.new("NETWORK SERVICE", nil, nil, "NT AUTHORITY", :SidTypeUser)
385
+ end
386
+
387
+ it "should succesfully munge" do
388
+ expect { provider.logonaccount=(user_input) }.not_to raise_error
389
+ expect(resource[:logonaccount]).to eq('NT AUTHORITY\NETWORK SERVICE')
390
+ end
391
+ end
392
+
393
+ context "when given user is actually a group" do
394
+ let(:principal) do
395
+ Puppet::Util::Windows::SID::Principal.new("Administrators", nil, nil, "BUILTIN", :SidTypeAlias)
396
+ end
397
+ let(:user_input) { 'Administrators' }
398
+
399
+ it "should fail when sid type is not user or well known user" do
400
+ expect { provider.logonaccount=(user_input) }.to raise_error(Puppet::Error, /"BUILTIN\\#{user_input}" is not a valid account/)
401
+ end
402
+ end
403
+ end
404
+ end
405
+
406
+ describe "#logonpassword=" do
407
+ before do
408
+ allow(Puppet::Util::Windows::User).to receive(:get_rights).and_return('SeServiceLogonRight')
409
+ resource[:logonaccount] = account
410
+ resource[:logonpassword] = user_input
411
+ provider.logonaccount_insync?(account)
412
+ end
413
+
414
+ let(:account) { 'LocalSystem' }
415
+
416
+ describe "when given logonaccount is a predefined_local_account" do
417
+ let(:user_input) { 'pass' }
418
+ let(:principal) { nil }
419
+
420
+ it "should pass validation when given account is 'LocalSystem'" do
421
+ allow(Puppet::Util::Windows::User).to receive(:localsystem?).with('LocalSystem').and_return(true)
422
+ allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with('LocalSystem').and_return(true)
423
+
424
+ expect(Puppet::Util::Windows::User).not_to receive(:password_is?)
425
+ expect { provider.logonpassword=(user_input) }.not_to raise_error
426
+ end
427
+
428
+ ['LOCAL SERVICE', 'NETWORK SERVICE', 'SYSTEM'].each do |predefined_local_account|
429
+ describe "when given account is #{predefined_local_account}" do
430
+ let(:account) { 'predefined_local_account' }
431
+ let(:principal) do
432
+ Puppet::Util::Windows::SID::Principal.new(account, nil, nil, "NT AUTHORITY", :SidTypeUser)
433
+ end
434
+
435
+ it "should pass validation" do
436
+ allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(principal.account).and_return(false)
437
+ allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(principal.domain_account).and_return(false)
438
+ expect(Puppet::Util::Windows::User).to receive(:default_system_account?).with(principal.domain_account).and_return(true).twice
439
+
440
+ expect(Puppet::Util::Windows::User).not_to receive(:password_is?)
441
+ expect { provider.logonpassword=(user_input) }.not_to raise_error
442
+ end
443
+ end
444
+ end
445
+ end
446
+
447
+ describe "when given logonaccount is not a predefined local account" do
448
+ before do
449
+ allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(".\\#{principal.account}").and_return(false)
450
+ allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with(".\\#{principal.account}").and_return(false)
451
+ end
452
+
453
+ let(:account) { 'myUser' }
454
+ let(:principal) do
455
+ Puppet::Util::Windows::SID::Principal.new(account, nil, nil, computer_name, :SidTypeUser)
456
+ end
457
+
458
+ describe "when password is proven correct" do
459
+ let(:user_input) { 'myPass' }
460
+ it "should pass validation" do
461
+ allow(Puppet::Util::Windows::User).to receive(:password_is?).with('myUser', 'myPass', '.').and_return(true)
462
+ expect { provider.logonpassword=(user_input) }.not_to raise_error
463
+ end
464
+ end
465
+
466
+ describe "when password is not proven correct" do
467
+ let(:user_input) { 'myWrongPass' }
468
+ it "should not pass validation" do
469
+ allow(Puppet::Util::Windows::User).to receive(:password_is?).with('myUser', 'myWrongPass', '.').and_return(false)
470
+ expect { provider.logonpassword=(user_input) }.to raise_error(Puppet::Error, /The given password is invalid for user '.\\myUser'/)
471
+ end
472
+ end
473
+ end
474
+ end
475
+ end
274
476
  end
@@ -217,4 +217,104 @@ describe 'Puppet::Type::User::Provider::Aix' do
217
217
  provider.create
218
218
  end
219
219
  end
220
+
221
+ describe '#list_all_homes' do
222
+ it "should return empty array and output debug on failure" do
223
+ allow(Puppet::Util::Execution).to receive(:execute).and_raise(Puppet::ExecutionFailure, 'Execution failed')
224
+ expect(Puppet).to receive(:debug).with('Could not list home of all users: Execution failed')
225
+ expect(provider.list_all_homes).to eql({})
226
+ end
227
+ end
228
+
229
+ describe '#delete' do
230
+ before(:each) do
231
+ allow(File).to receive(:realpath).and_call_original
232
+ allow(FileUtils).to receive(:remove_entry_secure).and_call_original
233
+
234
+ allow(provider.resource).to receive(:should).with(anything).and_return(nil)
235
+ allow(provider).to receive(:home).and_return(Dir.tmpdir)
236
+ allow(provider).to receive(:execute).and_return(nil)
237
+ allow(provider).to receive(:object_info).and_return(nil)
238
+ allow(FileUtils).to receive(:remove_entry_secure).with(Dir.tmpdir, true).and_return(nil)
239
+ end
240
+
241
+ context 'with managehome true' do
242
+ before(:each) do
243
+ allow(provider.resource).to receive(:managehome?).and_return(true)
244
+ allow(provider).to receive(:list_all_homes).and_return([])
245
+ end
246
+
247
+ it 'should delete the user without error' do
248
+ expect{ provider.delete }.not_to raise_error
249
+ end
250
+
251
+ it "should not remove home when relative" do
252
+ allow(provider).to receive(:home).and_return('relative_path')
253
+
254
+ expect(Puppet).to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
255
+ provider.delete
256
+ end
257
+
258
+ it "should not remove home when '/'" do
259
+ allow(provider).to receive(:home).and_return('/')
260
+
261
+ expect(Puppet).to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
262
+ provider.delete
263
+ end
264
+
265
+ it "should not remove home when symlink" do
266
+ allow(Puppet::FileSystem).to receive(:symlink?).with(Dir.tmpdir).and_return(true)
267
+
268
+ expect(Puppet).to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
269
+ provider.delete
270
+ end
271
+
272
+ it "should not remove home when other users would be affected" do
273
+ allow(provider).to receive(:home).and_return('/special')
274
+ allow(File).to receive(:realpath).with('/special').and_return('/special')
275
+ allow(Puppet::Util).to receive(:absolute_path?).with('/special').and_return(true)
276
+ allow(provider).to receive(:list_all_homes).and_return([{:name => 'other_user', :home => '/special/other_user'}])
277
+
278
+ expect(Puppet).to receive(:debug).with(/it would remove the home directory '\/special\/other_user' of user 'other_user' also./)
279
+ provider.delete
280
+ end
281
+
282
+ it 'should remove homedir' do
283
+ expect(FileUtils).to receive(:remove_entry_secure).with(Dir.tmpdir, true)
284
+ provider.delete
285
+ end
286
+ end
287
+
288
+ context 'with managehome false' do
289
+ before(:each) do
290
+ allow(provider.resource).to receive(:managehome?).and_return(false)
291
+ end
292
+
293
+ it 'should delete the user without error' do
294
+ expect{ provider.delete }.not_to raise_error
295
+ end
296
+
297
+ it 'should not remove homedir' do
298
+ expect(FileUtils).not_to receive(:remove_entry_secure).with(Dir.tmpdir, true)
299
+ end
300
+
301
+ it 'should not print manage home debug messages' do
302
+ expect(Puppet).not_to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
303
+ expect(Puppet).not_to receive(:debug).with(/it would remove the home directory '\/special\/other_user' of user 'other_user' also./)
304
+
305
+ provider.delete
306
+ end
307
+ end
308
+ end
309
+
310
+ describe '#deletecmd' do
311
+ it 'uses the -p flag when removing the user' do
312
+ allow(provider.class).to receive(:command).with(:delete).and_return('delete')
313
+ allow(provider).to receive(:ia_module_args).and_return(['ia_module_args'])
314
+
315
+ expect(provider.deletecmd).to eql(
316
+ ['delete', '-p', 'ia_module_args', provider.resource.name]
317
+ )
318
+ end
319
+ end
220
320
  end
@@ -925,28 +925,75 @@ end
925
925
  }
926
926
  end
927
927
 
928
- it 'should call set_salted_sha512 on 10.7 when given a salted-SHA512 password hash' do
929
- expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
930
- expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(sha512_shadowhashdata)
931
- expect(provider.class).to receive(:get_os_version).and_return('10.7')
932
- expect(provider).to receive(:set_salted_sha512).with(sample_users_plist, sha512_shadowhashdata, sha512_password_hash)
933
- provider.write_password_to_users_plist(sha512_password_hash)
928
+ before do
929
+ allow(provider).to receive(:merge_attribute_with_dscl).with('Users', username, 'AuthenticationAuthority', any_args)
934
930
  end
935
931
 
936
- it 'should call set_salted_pbkdf2 on 10.8 when given a PBKDF2 password hash' do
937
- expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
938
- expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
939
- expect(provider.class).to receive(:get_os_version).and_return('10.8')
940
- expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
941
- provider.write_password_to_users_plist(pbkdf2_password_hash)
932
+ describe 'when on macOS 11 (Big Sur) or greater' do
933
+ before do
934
+ allow(provider.class).to receive(:get_os_version).and_return('11.0.0')
935
+ end
936
+
937
+ it 'should add salted_sha512_pbkdf2 AuthenticationAuthority key if missing' do
938
+ expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
939
+ expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
940
+ expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
941
+ expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(true)
942
+
943
+ expect(Puppet).to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
944
+ provider.write_password_to_users_plist(pbkdf2_password_hash)
945
+ end
946
+
947
+ it 'should not add salted_sha512_pbkdf2 AuthenticationAuthority key if not missing' do
948
+ expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
949
+ expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
950
+ expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
951
+ expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
952
+
953
+ expect(Puppet).not_to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
954
+ provider.write_password_to_users_plist(pbkdf2_password_hash)
955
+ end
942
956
  end
943
957
 
944
- it "should delete the SALTED-SHA512 key in the shadow_hash_data hash if it exists on a 10.8 system and write_password_to_users_plist has been called to set the user's password" do
945
- expect(provider).to receive(:get_users_plist).and_return('users_plist')
946
- expect(provider).to receive(:get_shadow_hash_data).with('users_plist').and_return(sha512_shadowhashdata)
947
- expect(provider.class).to receive(:get_os_version).and_return('10.8')
948
- expect(provider).to receive(:set_salted_pbkdf2).with('users_plist', {}, 'entropy', pbkdf2_password_hash)
949
- provider.write_password_to_users_plist(pbkdf2_password_hash)
958
+ describe 'when on macOS version lower than 11' do
959
+ before do
960
+ allow(provider.class).to receive(:get_os_version)
961
+ allow(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
962
+ end
963
+
964
+ it 'should not add salted_sha512_pbkdf2 AuthenticationAuthority' do
965
+ expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
966
+ expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
967
+ expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
968
+ expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
969
+
970
+ expect(Puppet).not_to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
971
+ provider.write_password_to_users_plist(pbkdf2_password_hash)
972
+ end
973
+
974
+ it 'should call set_salted_sha512 on 10.7 when given a salted-SHA512 password hash' do
975
+ expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
976
+ expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(sha512_shadowhashdata)
977
+ expect(provider.class).to receive(:get_os_version).and_return('10.7')
978
+ expect(provider).to receive(:set_salted_sha512).with(sample_users_plist, sha512_shadowhashdata, sha512_password_hash)
979
+ provider.write_password_to_users_plist(sha512_password_hash)
980
+ end
981
+
982
+ it 'should call set_salted_pbkdf2 on 10.8 when given a PBKDF2 password hash' do
983
+ expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
984
+ expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
985
+ expect(provider.class).to receive(:get_os_version).and_return('10.8')
986
+ expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
987
+ provider.write_password_to_users_plist(pbkdf2_password_hash)
988
+ end
989
+
990
+ it "should delete the SALTED-SHA512 key in the shadow_hash_data hash if it exists on a 10.8 system and write_password_to_users_plist has been called to set the user's password" do
991
+ expect(provider).to receive(:get_users_plist).and_return('users_plist')
992
+ expect(provider).to receive(:get_shadow_hash_data).with('users_plist').and_return(sha512_shadowhashdata)
993
+ expect(provider.class).to receive(:get_os_version).and_return('10.8')
994
+ expect(provider).to receive(:set_salted_pbkdf2).with('users_plist', {}, 'entropy', pbkdf2_password_hash)
995
+ provider.write_password_to_users_plist(pbkdf2_password_hash)
996
+ end
950
997
  end
951
998
  end
952
999
 
@@ -974,16 +1021,7 @@ end
974
1021
  describe '#set_shadow_hash_data' do
975
1022
  let(:users_plist) { {'ShadowHashData' => ['string_data'] } }
976
1023
 
977
- it 'should flush the plist data to disk on OS X < 10.15' do
978
- allow(provider.class).to receive(:get_os_version).and_return('10.12')
979
-
980
- expect(provider).to receive(:write_users_plist_to_disk)
981
- provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
982
- end
983
-
984
- it 'should flush the plist data a temporary file on OS X >= 10.15' do
985
- allow(provider.class).to receive(:get_os_version).and_return('10.15')
986
-
1024
+ it 'should flush the plist data to a temporary file' do
987
1025
  expect(provider).to receive(:write_and_import_shadow_hash_data)
988
1026
  provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
989
1027
  end
@@ -1033,13 +1071,6 @@ end
1033
1071
  end
1034
1072
  end
1035
1073
 
1036
- describe '#write_users_plist_to_disk' do
1037
- it 'should save the passed plist to disk and convert it to a binary plist' do
1038
- expect(Puppet::Util::Plist).to receive(:write_plist_file).with(user_plist_xml, "#{users_plist_dir}/nonexistent_user.plist", :binary)
1039
- provider.write_users_plist_to_disk(user_plist_xml)
1040
- end
1041
- end
1042
-
1043
1074
  describe '#write_and_import_shadow_hash_data' do
1044
1075
  it 'should save the passed plist to a temporary file and import it' do
1045
1076
  tmpfile = double('tempfile', :path => "/tmp/dsimport_#{username}", :flush => nil)
@@ -1111,7 +1142,7 @@ end
1111
1142
  provider.class.instance_variable_set(:@os_version, nil) if provider.class.instance_variable_defined? :@os_version
1112
1143
  end
1113
1144
 
1114
- it 'should call Facter.value(:macosx_productversion_major) ONLY ONCE no matter how ' +
1145
+ it 'should call Puppet.runtime[:facter].value(:macosx_productversion_major) ONLY ONCE no matter how ' +
1115
1146
  'many times get_os_version() is called' do
1116
1147
  expect(Facter).to receive(:value).with(:macosx_productversion_major).once.and_return('10.8')
1117
1148
  expect(provider.class.get_os_version).to eq('10.8')
@@ -1203,6 +1234,7 @@ end
1203
1234
  before :each do
1204
1235
  allow(provider.class).to receive(:get_all_users).and_return(all_users_hash)
1205
1236
  allow(provider.class).to receive(:get_list_of_groups).and_return(group_plist_hash_guid)
1237
+ allow(provider).to receive(:merge_attribute_with_dscl).with('Users', username, 'AuthenticationAuthority', any_args)
1206
1238
  provider.class.prefetch({})
1207
1239
  end
1208
1240
 
@@ -13,6 +13,7 @@ describe Puppet::Type.type(:user).provider(:useradd) do
13
13
  allow(described_class).to receive(:command).with(:localmodify).and_return('/usr/sbin/lusermod')
14
14
  allow(described_class).to receive(:command).with(:delete).and_return('/usr/sbin/userdel')
15
15
  allow(described_class).to receive(:command).with(:localdelete).and_return('/usr/sbin/luserdel')
16
+ allow(described_class).to receive(:command).with(:chpasswd).and_return('/usr/sbin/chpasswd')
16
17
  end
17
18
 
18
19
  let(:resource) do
@@ -62,7 +63,7 @@ describe Puppet::Type.type(:user).provider(:useradd) do
62
63
  :provider => provider,
63
64
  )
64
65
  resource2[:ensure] = :present
65
- expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
66
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true)).twice
66
67
  provider.create
67
68
  end
68
69
 
@@ -208,7 +209,7 @@ describe Puppet::Type.type(:user).provider(:useradd) do
208
209
  end
209
210
 
210
211
  it "should call execute with sensitive if sensitive data is changed" do
211
- expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
212
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true)).and_return('')
212
213
  provider.password = 'bird bird bird'
213
214
  end
214
215
  end
@@ -351,6 +352,46 @@ describe Puppet::Type.type(:user).provider(:useradd) do
351
352
  end
352
353
  end
353
354
 
355
+ describe "#shell" do
356
+ before { described_class.has_feature :manages_local_users_and_groups }
357
+
358
+ let(:content) { "myuser:x:x:x:x:x:/bin/local_shell" }
359
+
360
+ it "should return the local shell string when forcelocal is true" do
361
+ resource[:forcelocal] = true
362
+ allow(Puppet::FileSystem).to receive(:exist?).with('/etc/passwd').and_return(true)
363
+ allow(Puppet::FileSystem).to receive(:each_line).with('/etc/passwd').and_yield(content)
364
+ expect(provider.shell).to eq('/bin/local_shell')
365
+ end
366
+
367
+ it "should fall back to nameservice shell string when forcelocal is false" do
368
+ resource[:forcelocal] = false
369
+ allow(provider).to receive(:get).with(:shell).and_return('/bin/remote_shell')
370
+ expect(provider).not_to receive(:localshell)
371
+ expect(provider.shell).to eq('/bin/remote_shell')
372
+ end
373
+ end
374
+
375
+ describe "#home" do
376
+ before { described_class.has_feature :manages_local_users_and_groups }
377
+
378
+ let(:content) { "myuser:x:x:x:x:/opt/local_home:x" }
379
+
380
+ it "should return the local home string when forcelocal is true" do
381
+ resource[:forcelocal] = true
382
+ allow(Puppet::FileSystem).to receive(:exist?).with('/etc/passwd').and_return(true)
383
+ allow(Puppet::FileSystem).to receive(:each_line).with('/etc/passwd').and_yield(content)
384
+ expect(provider.home).to eq('/opt/local_home')
385
+ end
386
+
387
+ it "should fall back to nameservice home string when forcelocal is false" do
388
+ resource[:forcelocal] = false
389
+ allow(provider).to receive(:get).with(:home).and_return('/opt/remote_home')
390
+ expect(provider).not_to receive(:localhome)
391
+ expect(provider.home).to eq('/opt/remote_home')
392
+ end
393
+ end
394
+
354
395
  describe "#gid" do
355
396
  before { described_class.has_feature :manages_local_users_and_groups }
356
397
 
@@ -222,18 +222,18 @@ describe Puppet::Provider do
222
222
  { :true => false } => false,
223
223
  { :false => false } => true,
224
224
  { :false => true } => false,
225
- { :operatingsystem => Facter.value(:operatingsystem) } => true,
225
+ { :operatingsystem => Puppet.runtime[:facter].value(:operatingsystem) } => true,
226
226
  { :operatingsystem => :yayness } => false,
227
227
  { :nothing => :yayness } => false,
228
228
  { :exists => Puppet::Util.which(existing_command) } => true,
229
229
  { :exists => "/this/file/does/not/exist" } => false,
230
230
  { :true => true, :exists => Puppet::Util.which(existing_command) } => true,
231
231
  { :true => true, :exists => "/this/file/does/not/exist" } => false,
232
- { :operatingsystem => Facter.value(:operatingsystem),
232
+ { :operatingsystem => Puppet.runtime[:facter].value(:operatingsystem),
233
233
  :exists => Puppet::Util.which(existing_command) } => true,
234
234
  { :operatingsystem => :yayness,
235
235
  :exists => Puppet::Util.which(existing_command) } => false,
236
- { :operatingsystem => Facter.value(:operatingsystem),
236
+ { :operatingsystem => Puppet.runtime[:facter].value(:operatingsystem),
237
237
  :exists => "/this/file/does/not/exist" } => false,
238
238
  { :operatingsystem => :yayness,
239
239
  :exists => "/this/file/does/not/exist" } => false,
@@ -269,7 +269,7 @@ describe Puppet::Provider do
269
269
  end
270
270
 
271
271
  context "default providers" do
272
- let :os do Facter.value(:operatingsystem) end
272
+ let :os do Puppet.runtime[:facter].value(:operatingsystem) end
273
273
 
274
274
  it { is_expected.to respond_to :specificity }
275
275
 
@@ -91,12 +91,20 @@ describe Puppet do
91
91
  expect(Puppet.runtime[:http]).to be_an_instance_of(Puppet::HTTP::Client)
92
92
  end
93
93
 
94
- it 'allows an implementation to be registered' do
95
- impl = double('http')
96
- Puppet.initialize_settings([], true, true, http: impl)
94
+ it 'allows a http implementation to be registered' do
95
+ http_impl = double('http')
96
+ Puppet.initialize_settings([], true, true, http: http_impl)
97
97
 
98
98
 
99
- expect(Puppet.runtime[:http]).to eq(impl)
99
+ expect(Puppet.runtime[:http]).to eq(http_impl)
100
+ end
101
+
102
+ it 'allows a facter implementation to be registered' do
103
+ facter_impl = double('facter')
104
+ Puppet.initialize_settings([], true, true, facter: facter_impl)
105
+
106
+
107
+ expect(Puppet.runtime[:facter]).to eq(facter_impl)
100
108
  end
101
109
  end
102
110