puppet 6.22.1-x64-mingw32 → 6.23.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile.lock +14 -14
- data/ext/osx/puppet.plist +2 -0
- data/lib/puppet/application/agent.rb +12 -5
- data/lib/puppet/application/apply.rb +2 -1
- data/lib/puppet/application/device.rb +2 -1
- data/lib/puppet/application/resource.rb +2 -1
- data/lib/puppet/application/script.rb +2 -1
- data/lib/puppet/configurer/downloader.rb +2 -1
- data/lib/puppet/defaults.rb +5 -3
- data/lib/puppet/file_serving/fileset.rb +14 -2
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +13 -5
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/partition.rb +4 -4
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/tree_each.rb +7 -9
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/http/resolver/server_list.rb +15 -4
- data/lib/puppet/http/service/compiler.rb +69 -0
- data/lib/puppet/http/service/file_server.rb +2 -1
- data/lib/puppet/indirector/catalog/compiler.rb +1 -0
- data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
- data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
- data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
- data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
- data/lib/puppet/provider/package/nim.rb +11 -6
- data/lib/puppet/provider/service/systemd.rb +13 -3
- data/lib/puppet/provider/service/windows.rb +38 -0
- data/lib/puppet/provider/user/directoryservice.rb +25 -12
- data/lib/puppet/reference/configuration.rb +1 -1
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/type/file.rb +19 -1
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/service.rb +18 -38
- data/lib/puppet/type/tidy.rb +21 -2
- data/lib/puppet/type/user.rb +38 -20
- data/lib/puppet/util/selinux.rb +30 -4
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +109 -101
- data/man/man5/puppet.conf.5 +272 -252
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
- data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/ca.pem +57 -35
- data/spec/fixtures/ssl/crl.pem +28 -18
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +33 -24
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +108 -58
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
- data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
- data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
- data/spec/fixtures/ssl/intermediate.pem +57 -36
- data/spec/fixtures/ssl/pluto-key.pem +107 -57
- data/spec/fixtures/ssl/pluto.pem +52 -30
- data/spec/fixtures/ssl/request-key.pem +107 -57
- data/spec/fixtures/ssl/request.pem +47 -26
- data/spec/fixtures/ssl/revoked-key.pem +107 -57
- data/spec/fixtures/ssl/revoked.pem +52 -30
- data/spec/fixtures/ssl/signed-key.pem +107 -57
- data/spec/fixtures/ssl/signed.pem +52 -30
- data/spec/fixtures/ssl/tampered-cert.pem +52 -30
- data/spec/fixtures/ssl/tampered-csr.pem +47 -26
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
- data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-ca.pem +55 -33
- data/spec/integration/application/resource_spec.rb +30 -0
- data/spec/lib/puppet/test_ca.rb +2 -2
- data/spec/unit/application/agent_spec.rb +7 -2
- data/spec/unit/configurer/downloader_spec.rb +6 -0
- data/spec/unit/configurer_spec.rb +23 -0
- data/spec/unit/file_serving/fileset_spec.rb +60 -0
- data/spec/unit/gettext/config_spec.rb +12 -0
- data/spec/unit/http/service/compiler_spec.rb +123 -0
- data/spec/unit/indirector/catalog/compiler_spec.rb +14 -10
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
- data/spec/unit/provider/package/nim_spec.rb +42 -0
- data/spec/unit/provider/service/init_spec.rb +1 -0
- data/spec/unit/provider/service/openwrt_spec.rb +3 -1
- data/spec/unit/provider/service/systemd_spec.rb +42 -8
- data/spec/unit/provider/service/windows_spec.rb +202 -0
- data/spec/unit/provider/user/directoryservice_spec.rb +67 -35
- data/spec/unit/ssl/state_machine_spec.rb +19 -5
- data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
- data/spec/unit/transaction_spec.rb +18 -20
- data/spec/unit/type/file/selinux_spec.rb +3 -3
- data/spec/unit/type/service_spec.rb +59 -188
- data/spec/unit/type/tidy_spec.rb +17 -7
- data/spec/unit/type/user_spec.rb +45 -0
- data/spec/unit/util/selinux_spec.rb +87 -16
- data/tasks/generate_cert_fixtures.rake +2 -2
- metadata +4 -2
@@ -5,13 +5,6 @@ require 'puppet_spec/compiler'
|
|
5
5
|
require 'puppet/transaction'
|
6
6
|
require 'fileutils'
|
7
7
|
|
8
|
-
Puppet::Type.newtype(:generator) do
|
9
|
-
newparam(:name) { isnamevar }
|
10
|
-
|
11
|
-
def generate
|
12
|
-
end
|
13
|
-
end
|
14
|
-
|
15
8
|
describe Puppet::Transaction do
|
16
9
|
include PuppetSpec::Files
|
17
10
|
include PuppetSpec::Compiler
|
@@ -27,6 +20,19 @@ describe Puppet::Transaction do
|
|
27
20
|
transaction
|
28
21
|
end
|
29
22
|
|
23
|
+
before(:all) do
|
24
|
+
Puppet::Type.newtype(:transaction_generator) do
|
25
|
+
newparam(:name) { isnamevar }
|
26
|
+
|
27
|
+
def generate
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
after(:all) do
|
33
|
+
Puppet::Type.rmtype(:transaction_generator)
|
34
|
+
end
|
35
|
+
|
30
36
|
before do
|
31
37
|
@basepath = make_absolute("/what/ever")
|
32
38
|
@transaction = Puppet::Transaction.new(Puppet::Resource::Catalog.new, nil, Puppet::Graph::SequentialPrioritizer.new)
|
@@ -330,9 +336,9 @@ describe Puppet::Transaction do
|
|
330
336
|
describe "when generating resources before traversal" do
|
331
337
|
let(:catalog) { Puppet::Resource::Catalog.new }
|
332
338
|
let(:transaction) { Puppet::Transaction.new(catalog, nil, Puppet::Graph::SequentialPrioritizer.new) }
|
333
|
-
let(:generator) { Puppet::Type.type(:
|
339
|
+
let(:generator) { Puppet::Type.type(:transaction_generator).new :title => "generator" }
|
334
340
|
let(:generated) do
|
335
|
-
%w[a b c].map { |name| Puppet::Type.type(:
|
341
|
+
%w[a b c].map { |name| Puppet::Type.type(:transaction_generator).new(:name => name) }
|
336
342
|
end
|
337
343
|
|
338
344
|
before :each do
|
@@ -673,7 +679,7 @@ describe Puppet::Transaction do
|
|
673
679
|
end
|
674
680
|
|
675
681
|
describe "and new resources are generated" do
|
676
|
-
let(:generator) { Puppet::Type.type(:
|
682
|
+
let(:generator) { Puppet::Type.type(:transaction_generator).new :title => "generator" }
|
677
683
|
let(:generated) do
|
678
684
|
%w[a b c].map { |name| Puppet::Type.type(:package).new :title => "foo", :name => name, :provider => :apt }
|
679
685
|
end
|
@@ -787,16 +793,8 @@ describe Puppet::Transaction do
|
|
787
793
|
end
|
788
794
|
|
789
795
|
it "should call Selinux.matchpathcon_fini in case Selinux is enabled ", :if => Puppet.features.posix? do
|
790
|
-
|
791
|
-
|
792
|
-
def self.is_selinux_enabled
|
793
|
-
true
|
794
|
-
end
|
795
|
-
|
796
|
-
def self.matchpathcon_fini
|
797
|
-
end
|
798
|
-
end
|
799
|
-
end
|
796
|
+
selinux = double('selinux', is_selinux_enabled: true, matchpathcon_fini: nil)
|
797
|
+
stub_const('Selinux', selinux)
|
800
798
|
|
801
799
|
resource = Puppet::Type.type(:file).new(:path => make_absolute("/tmp/foo"))
|
802
800
|
transaction = transaction_with_resource(resource)
|
@@ -7,7 +7,7 @@ require 'spec_helper'
|
|
7
7
|
|
8
8
|
before do
|
9
9
|
@path = make_absolute("/my/file")
|
10
|
-
@resource = Puppet::Type.type(:file).new
|
10
|
+
@resource = Puppet::Type.type(:file).new(:path => @path, :ensure => :file)
|
11
11
|
@sel = property.new :resource => @resource
|
12
12
|
end
|
13
13
|
|
@@ -50,13 +50,13 @@ require 'spec_helper'
|
|
50
50
|
end
|
51
51
|
|
52
52
|
it "should handle no default gracefully" do
|
53
|
-
expect(@sel).to receive(:get_selinux_default_context).with(@path).and_return(nil)
|
53
|
+
expect(@sel).to receive(:get_selinux_default_context).with(@path, :file).and_return(nil)
|
54
54
|
expect(@sel.default).to be_nil
|
55
55
|
end
|
56
56
|
|
57
57
|
it "should be able to detect matchpathcon defaults" do
|
58
58
|
allow(@sel).to receive(:debug)
|
59
|
-
expect(@sel).to receive(:get_selinux_default_context).with(@path).and_return("user_u:role_r:type_t:s0")
|
59
|
+
expect(@sel).to receive(:get_selinux_default_context).with(@path, :file).and_return("user_u:role_r:type_t:s0")
|
60
60
|
expectedresult = case param
|
61
61
|
when :seluser; "user_u"
|
62
62
|
when :selrole; "role_r"
|
@@ -72,50 +72,65 @@ describe test_title, "when validating attribute values" do
|
|
72
72
|
allow(@provider.class).to receive(:supports_parameter?).and_return(true)
|
73
73
|
end
|
74
74
|
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
75
|
+
describe "for value without required features" do
|
76
|
+
before :each do
|
77
|
+
allow(@provider).to receive(:satisfies?)
|
78
|
+
end
|
79
79
|
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
80
|
+
it "should not support :mask as a value" do
|
81
|
+
expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :mask) }.to raise_error(
|
82
|
+
Puppet::ResourceError,
|
83
|
+
/Provider .+ must have features 'maskable' to set 'enable' to 'mask'/
|
84
|
+
)
|
85
|
+
end
|
84
86
|
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
87
|
+
it "should not support :manual as a value" do
|
88
|
+
expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :manual) }.to raise_error(
|
89
|
+
Puppet::ResourceError,
|
90
|
+
/Provider .+ must have features 'manual_startable' to set 'enable' to 'manual'/
|
91
|
+
)
|
92
|
+
end
|
89
93
|
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
+
it "should not support :mask as a value" do
|
95
|
+
expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed) }.to raise_error(
|
96
|
+
Puppet::ResourceError,
|
97
|
+
/Provider .+ must have features 'delayed_startable' to set 'enable' to 'delayed'/
|
98
|
+
)
|
99
|
+
end
|
94
100
|
end
|
95
101
|
|
96
|
-
|
97
|
-
|
102
|
+
describe "for value with required features" do
|
103
|
+
before :each do
|
104
|
+
allow(@provider).to receive(:satisfies?).and_return(:true)
|
105
|
+
end
|
98
106
|
|
99
|
-
|
100
|
-
|
101
|
-
|
107
|
+
it "should support :true as a value" do
|
108
|
+
srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :true)
|
109
|
+
expect(srv.should(:enable)).to eq(:true)
|
110
|
+
end
|
102
111
|
|
103
|
-
|
104
|
-
|
112
|
+
it "should support :false as a value" do
|
113
|
+
srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :false)
|
114
|
+
expect(srv.should(:enable)).to eq(:false)
|
115
|
+
end
|
105
116
|
|
106
|
-
|
107
|
-
Puppet::
|
108
|
-
|
109
|
-
|
110
|
-
end
|
117
|
+
it "should support :mask as a value" do
|
118
|
+
srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :mask)
|
119
|
+
expect(srv.should(:enable)).to eq(:mask)
|
120
|
+
end
|
111
121
|
|
112
|
-
|
113
|
-
|
122
|
+
it "should support :manual as a value on Windows" do
|
123
|
+
allow(Puppet::Util::Platform).to receive(:windows?).and_return(true)
|
124
|
+
srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :manual)
|
125
|
+
expect(srv.should(:enable)).to eq(:manual)
|
126
|
+
end
|
114
127
|
|
115
|
-
|
116
|
-
Puppet::
|
117
|
-
|
118
|
-
|
128
|
+
it "should support :delayed as a value on Windows" do
|
129
|
+
allow(Puppet::Util::Platform).to receive(:windows?).and_return(true)
|
130
|
+
|
131
|
+
srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed)
|
132
|
+
expect(srv.should(:enable)).to eq(:delayed)
|
133
|
+
end
|
119
134
|
end
|
120
135
|
end
|
121
136
|
|
@@ -150,105 +165,24 @@ describe test_title, "when validating attribute values" do
|
|
150
165
|
provider_class_with_logon_credentials = Puppet::Type.type(:service).provide(:simple) do
|
151
166
|
has_features :manages_logon_credentials
|
152
167
|
def logonpassword=(value) end
|
168
|
+
def logonaccount_insync?(current) end
|
153
169
|
end
|
154
170
|
allow(Puppet::Type.type(:service)).to receive(:defaultprovider).and_return(provider_class_with_logon_credentials)
|
155
171
|
end
|
156
172
|
|
157
173
|
describe "the 'logonaccount' property" do
|
158
|
-
|
159
|
-
allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
|
160
|
-
service = Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'NonWindowsUser')
|
174
|
+
let(:service) {Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser')}
|
161
175
|
|
162
|
-
|
163
|
-
|
176
|
+
it "should let superclass implementation resolve insyncness when provider does not respond to the 'logonaccount_insync?' method" do
|
177
|
+
allow(service.provider).to receive(:respond_to?).with(:logonaccount_insync?).and_return(false)
|
178
|
+
expect(service.property(:logonaccount).insync?('myUser')).to eq(true)
|
164
179
|
end
|
165
180
|
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
end
|
172
|
-
|
173
|
-
it "should fail when the `Log On As A Service` right is missing from given user" do
|
174
|
-
allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("myUser", nil, nil, "myPC", :SidTypeUser))
|
175
|
-
allow(Puppet::Util::Windows::User).to receive(:get_rights).with('myPC\\myUser').and_return("")
|
176
|
-
|
177
|
-
expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser') }.to raise_error(Puppet::Error, /"myPC\\myUser" is missing the 'Log On As A Service' right./)
|
178
|
-
end
|
179
|
-
|
180
|
-
it "should fail when the `Log On As A Service` right is set to denied for given user" do
|
181
|
-
allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("myUser", nil, nil, "myPC", :SidTypeUser))
|
182
|
-
allow(Puppet::Util::Windows::User).to receive(:get_rights).with('myPC\\myUser').and_return("SeDenyServiceLogonRight")
|
183
|
-
|
184
|
-
expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser') }.to raise_error(Puppet::Error, /"myPC\\myUser" has the 'Log On As A Service' right set to denied./)
|
185
|
-
end
|
186
|
-
|
187
|
-
it "should not fail when given user has the `Log On As A Service` right" do
|
188
|
-
allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("myUser", nil, nil, "myPC", :SidTypeUser))
|
189
|
-
allow(Puppet::Util::Windows::User).to receive(:get_rights).with('myPC\\myUser').and_return("SeServiceLogonRight")
|
190
|
-
|
191
|
-
expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser') }.not_to raise_error
|
192
|
-
end
|
193
|
-
|
194
|
-
it "should not fail when given user is a default system account even if the `Log On As A Service` right is missing" do
|
195
|
-
allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("LOCAL SERVICE", nil, nil, "NT AUTHORITY", :SidTypeUser))
|
196
|
-
allow(Puppet::Util::Windows::User).to receive(:default_system_account?).and_return(true)
|
197
|
-
|
198
|
-
expect(Puppet::Util::Windows::User).not_to receive(:get_rights)
|
199
|
-
expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser') }.not_to raise_error
|
200
|
-
end
|
201
|
-
|
202
|
-
['LocalSystem', '.\LocalSystem', 'myPC\LocalSystem', 'lOcALsysTem'].each do |user_input|
|
203
|
-
it "should succesfully munge #{user_input} to 'LocalSystem'" do
|
204
|
-
service = Puppet::Type.type(:service).new(:name => "yay", :logonaccount => user_input)
|
205
|
-
|
206
|
-
expect { service }.not_to raise_error
|
207
|
-
expect(service[:logonaccount]).to eq('LocalSystem')
|
208
|
-
end
|
209
|
-
end
|
210
|
-
|
211
|
-
it "should succesfully munge local account" do
|
212
|
-
allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("myUser", nil, nil, "myPC", :SidTypeUser))
|
213
|
-
service = Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser')
|
214
|
-
|
215
|
-
expect { service }.not_to raise_error
|
216
|
-
expect(service[:logonaccount]).to eq('.\myUser')
|
217
|
-
end
|
218
|
-
|
219
|
-
it "should succesfully munge domain account" do
|
220
|
-
allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("DomainUser", nil, nil, "myDomain", :SidTypeUser))
|
221
|
-
service = Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'DomainUser')
|
222
|
-
|
223
|
-
expect { service }.not_to raise_error
|
224
|
-
expect(service[:logonaccount]).to eq('myDomain\DomainUser')
|
225
|
-
end
|
226
|
-
|
227
|
-
it "should succesfully munge well known user" do
|
228
|
-
allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("LOCAL SERVICE", nil, nil, "NT AUTHORITY", :SidTypeWellKnownGroup))
|
229
|
-
service = Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'LocalService')
|
230
|
-
|
231
|
-
expect { service }.not_to raise_error
|
232
|
-
expect(service[:logonaccount]).to eq('NT AUTHORITY\LOCAL SERVICE')
|
233
|
-
end
|
234
|
-
|
235
|
-
it "should succesfully munge a SID" do
|
236
|
-
allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("NETWORK SERVICE", nil, nil, "NT AUTHORITY", :SidTypeUser))
|
237
|
-
service = Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'S-1-5-20')
|
238
|
-
|
239
|
-
expect { service }.not_to raise_error
|
240
|
-
expect(service[:logonaccount]).to eq('NT AUTHORITY\NETWORK SERVICE')
|
241
|
-
end
|
242
|
-
|
243
|
-
it "should fail when account is invalid" do
|
244
|
-
allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(nil)
|
245
|
-
expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'InvalidUser') }.to raise_error(Puppet::Error, /"InvalidUser" is not a valid account/)
|
246
|
-
end
|
247
|
-
|
248
|
-
it "should fail when sid type is not user or well known user" do
|
249
|
-
allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(Puppet::Util::Windows::SID::Principal.new("Administrators", nil, nil, "BUILTIN", :SidTypeAlias))
|
250
|
-
expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'Administrators') }.to raise_error(Puppet::Error, /"Administrators" is not a valid account/)
|
251
|
-
end
|
181
|
+
it "should let provider resolve insyncness when provider responds to the 'logonaccount_insync?' method" do
|
182
|
+
allow(service.provider).to receive(:respond_to?).with(:logonaccount_insync?, any_args).and_return(true)
|
183
|
+
allow(service.provider).to receive(:logonaccount_insync?).and_return(false)
|
184
|
+
|
185
|
+
expect(service.property(:logonaccount).insync?('myUser')).to eq(false)
|
252
186
|
end
|
253
187
|
end
|
254
188
|
|
@@ -258,7 +192,6 @@ describe test_title, "when validating attribute values" do
|
|
258
192
|
end
|
259
193
|
|
260
194
|
it "should default to empty string when only logonaccount is being managed" do
|
261
|
-
allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
|
262
195
|
service = Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser')
|
263
196
|
|
264
197
|
expect { service }.not_to raise_error
|
@@ -271,70 +204,8 @@ describe test_title, "when validating attribute values" do
|
|
271
204
|
end
|
272
205
|
|
273
206
|
it "should fail when logonpassword includes the ':' character" do
|
274
|
-
allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
|
275
207
|
expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser', :logonpassword => 'my:Pass') }.to raise_error(Puppet::Error, /Passwords cannot include ':'/)
|
276
208
|
end
|
277
|
-
|
278
|
-
it "should not further check the password against given account when not on Windows" do
|
279
|
-
allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
|
280
|
-
expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser', :logonpassword => 'myPass') }.not_to raise_error
|
281
|
-
end
|
282
|
-
|
283
|
-
context "when on Windows", :if => Puppet::Util::Platform.windows? do
|
284
|
-
before do
|
285
|
-
allow(Puppet::Util::Windows::ADSI).to receive(:computer_name).and_return("myPC")
|
286
|
-
allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(name_to_principal_result)
|
287
|
-
allow(Puppet::Util::Windows::User).to receive(:get_rights).and_return('SeServiceLogonRight')
|
288
|
-
end
|
289
|
-
|
290
|
-
it "should pass validation when given account is 'LocalSystem'" do
|
291
|
-
allow(Puppet::Util::Windows::User).to receive(:localsystem?).with('LocalSystem').and_return(true)
|
292
|
-
allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with('LocalSystem').and_return(false)
|
293
|
-
|
294
|
-
expect(Puppet::Util::Windows::SID).not_to receive(:name_to_principal)
|
295
|
-
expect(Puppet::Util::Windows::User).not_to receive(:password_is?)
|
296
|
-
expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'LocalSystem') }.not_to raise_error
|
297
|
-
end
|
298
|
-
|
299
|
-
['LOCAL SERVICE', 'NETWORK SERVICE', 'SYSTEM'].each do |predefined_local_account|
|
300
|
-
describe "when given account is #{predefined_local_account}" do
|
301
|
-
let(:name_to_principal_result) do
|
302
|
-
Puppet::Util::Windows::SID::Principal.new(predefined_local_account, nil, nil, "NT AUTHORITY", :SidTypeUser)
|
303
|
-
end
|
304
|
-
|
305
|
-
it "should pass validation" do
|
306
|
-
allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(predefined_local_account).and_return(false)
|
307
|
-
expect(Puppet::Util::Windows::User).to receive(:default_system_account?).with(predefined_local_account).and_return(true)
|
308
|
-
expect(Puppet::Util::Windows::User).to receive(:default_system_account?).with("NT AUTHORITY\\#{predefined_local_account}").and_return(true)
|
309
|
-
|
310
|
-
expect(Puppet::Util::Windows::User).not_to receive(:password_is?)
|
311
|
-
expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => predefined_local_account) }.not_to raise_error
|
312
|
-
end
|
313
|
-
end
|
314
|
-
end
|
315
|
-
|
316
|
-
let(:name_to_principal_result) do
|
317
|
-
Puppet::Util::Windows::SID::Principal.new("myUser", nil, nil, "myPC", :SidTypeUser)
|
318
|
-
end
|
319
|
-
|
320
|
-
describe "when given logonaccount is not a predefined local account" do
|
321
|
-
before do
|
322
|
-
allow(Puppet::Util::Windows::User).to receive(:localsystem?).with('myUser').and_return(false)
|
323
|
-
allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with('myUser').and_return(false)
|
324
|
-
allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with('.\\myUser').and_return(false)
|
325
|
-
end
|
326
|
-
|
327
|
-
it "should pass validation if password is proven correct" do
|
328
|
-
allow(Puppet::Util::Windows::User).to receive(:password_is?).with('myUser', 'myPass', '.').and_return(true)
|
329
|
-
expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser', :logonpassword => 'myPass') }.not_to raise_error
|
330
|
-
end
|
331
|
-
|
332
|
-
it "should not pass validation if password check fails" do
|
333
|
-
allow(Puppet::Util::Windows::User).to receive(:password_is?).with('myUser', 'myWrongPass', '.').and_return(false)
|
334
|
-
expect { Puppet::Type.type(:service).new(:name => "yay", :logonaccount => 'myUser', :logonpassword => 'myWrongPass') }.to raise_error(Puppet::Error, /The given password is invalid for user '.\\myUser'/)
|
335
|
-
end
|
336
|
-
end
|
337
|
-
end
|
338
209
|
end
|
339
210
|
end
|
340
211
|
|
data/spec/unit/type/tidy_spec.rb
CHANGED
@@ -195,17 +195,27 @@ describe tidy do
|
|
195
195
|
allow(Puppet::FileServing::Fileset).to receive(:new).and_return(@fileset)
|
196
196
|
end
|
197
197
|
|
198
|
-
it "should use a Fileset for infinite recursion" do
|
199
|
-
expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true).and_return(@fileset)
|
198
|
+
it "should use a Fileset with default max_files for infinite recursion" do
|
199
|
+
expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true, :max_files=>0).and_return(@fileset)
|
200
200
|
expect(@fileset).to receive(:files).and_return(%w{. one two})
|
201
201
|
allow(@tidy).to receive(:tidy?).and_return(false)
|
202
202
|
|
203
203
|
@tidy.generate
|
204
204
|
end
|
205
205
|
|
206
|
-
it "should use a Fileset for limited recursion" do
|
206
|
+
it "should use a Fileset with default max_files for limited recursion" do
|
207
207
|
@tidy[:recurse] = 42
|
208
|
-
expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true, :recurselimit => 42).and_return(@fileset)
|
208
|
+
expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true, :recurselimit => 42, :max_files=>0).and_return(@fileset)
|
209
|
+
expect(@fileset).to receive(:files).and_return(%w{. one two})
|
210
|
+
allow(@tidy).to receive(:tidy?).and_return(false)
|
211
|
+
|
212
|
+
@tidy.generate
|
213
|
+
end
|
214
|
+
|
215
|
+
it "should use a Fileset with max_files for limited recursion" do
|
216
|
+
@tidy[:recurse] = 42
|
217
|
+
@tidy[:max_files] = 9876
|
218
|
+
expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true, :recurselimit => 42, :max_files=>9876).and_return(@fileset)
|
209
219
|
expect(@fileset).to receive(:files).and_return(%w{. one two})
|
210
220
|
allow(@tidy).to receive(:tidy?).and_return(false)
|
211
221
|
|
@@ -411,7 +421,7 @@ describe tidy do
|
|
411
421
|
@tidy[:recurse] = true
|
412
422
|
@tidy[:rmdirs] = true
|
413
423
|
fileset = double('fileset')
|
414
|
-
expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true).and_return(fileset)
|
424
|
+
expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true, :max_files=>0).and_return(fileset)
|
415
425
|
expect(fileset).to receive(:files).and_return(%w{. one two one/subone two/subtwo one/subone/ssone})
|
416
426
|
allow(@tidy).to receive(:tidy?).and_return(true)
|
417
427
|
|
@@ -433,7 +443,7 @@ describe tidy do
|
|
433
443
|
@tidy[:recurse] = true
|
434
444
|
@tidy[:rmdirs] = true
|
435
445
|
fileset = double('fileset')
|
436
|
-
expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true).and_return(fileset)
|
446
|
+
expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true, :max_files=>0).and_return(fileset)
|
437
447
|
expect(fileset).to receive(:files).and_return(%w{. a a/2 a/1 a/3})
|
438
448
|
allow(@tidy).to receive(:tidy?).and_return(true)
|
439
449
|
|
@@ -446,7 +456,7 @@ describe tidy do
|
|
446
456
|
@tidy[:noop] = true
|
447
457
|
|
448
458
|
fileset = double('fileset')
|
449
|
-
expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true).and_return(fileset)
|
459
|
+
expect(Puppet::FileServing::Fileset).to receive(:new).with(@basepath, :recurse => true, :max_files=>0).and_return(fileset)
|
450
460
|
expect(fileset).to receive(:files).and_return(%w{. a a/2 a/1 a/3})
|
451
461
|
allow(@tidy).to receive(:tidy?).and_return(true)
|
452
462
|
|