RubyGems - puppet - Versions diffs - 6.22.1 → 6.23.0 - Mend

puppet 6.22.1 → 6.23.0

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (129) hide show

checksums.yaml +4 -4
data/Gemfile.lock +14 -14
data/ext/osx/puppet.plist +2 -0
data/lib/puppet/application/agent.rb +12 -5
data/lib/puppet/application/apply.rb +2 -1
data/lib/puppet/application/device.rb +2 -1
data/lib/puppet/application/resource.rb +2 -1
data/lib/puppet/application/script.rb +2 -1
data/lib/puppet/configurer/downloader.rb +2 -1
data/lib/puppet/defaults.rb +5 -3
data/lib/puppet/file_serving/fileset.rb +14 -2
data/lib/puppet/functions/all.rb +1 -1
data/lib/puppet/functions/camelcase.rb +1 -1
data/lib/puppet/functions/capitalize.rb +2 -2
data/lib/puppet/functions/downcase.rb +2 -2
data/lib/puppet/functions/get.rb +5 -5
data/lib/puppet/functions/group_by.rb +13 -5
data/lib/puppet/functions/lest.rb +1 -1
data/lib/puppet/functions/new.rb +100 -100
data/lib/puppet/functions/partition.rb +4 -4
data/lib/puppet/functions/require.rb +5 -5
data/lib/puppet/functions/sort.rb +3 -3
data/lib/puppet/functions/tree_each.rb +7 -9
data/lib/puppet/functions/type.rb +4 -4
data/lib/puppet/functions/upcase.rb +2 -2
data/lib/puppet/http/resolver/server_list.rb +15 -4
data/lib/puppet/http/service/compiler.rb +69 -0
data/lib/puppet/http/service/file_server.rb +2 -1
data/lib/puppet/indirector/catalog/compiler.rb +1 -0
data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
data/lib/puppet/provider/package/nim.rb +11 -6
data/lib/puppet/provider/service/systemd.rb +13 -3
data/lib/puppet/provider/service/windows.rb +38 -0
data/lib/puppet/provider/user/directoryservice.rb +25 -12
data/lib/puppet/reference/configuration.rb +1 -1
data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
data/lib/puppet/type/file.rb +19 -1
data/lib/puppet/type/file/selcontext.rb +1 -1
data/lib/puppet/type/service.rb +18 -38
data/lib/puppet/type/tidy.rb +21 -2
data/lib/puppet/type/user.rb +38 -20
data/lib/puppet/util/selinux.rb +30 -4
data/lib/puppet/version.rb +1 -1
data/locales/puppet.pot +109 -101
data/man/man5/puppet.conf.5 +272 -252
data/man/man8/puppet-agent.8 +1 -1
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +1 -1
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +1 -1
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +1 -1
data/man/man8/puppet-node.8 +1 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +1 -1
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
data/spec/fixtures/ssl/ca.pem +57 -35
data/spec/fixtures/ssl/crl.pem +28 -18
data/spec/fixtures/ssl/ec-key.pem +11 -11
data/spec/fixtures/ssl/ec.pem +33 -24
data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
data/spec/fixtures/ssl/encrypted-key.pem +108 -58
data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
data/spec/fixtures/ssl/intermediate.pem +57 -36
data/spec/fixtures/ssl/pluto-key.pem +107 -57
data/spec/fixtures/ssl/pluto.pem +52 -30
data/spec/fixtures/ssl/request-key.pem +107 -57
data/spec/fixtures/ssl/request.pem +47 -26
data/spec/fixtures/ssl/revoked-key.pem +107 -57
data/spec/fixtures/ssl/revoked.pem +52 -30
data/spec/fixtures/ssl/signed-key.pem +107 -57
data/spec/fixtures/ssl/signed.pem +52 -30
data/spec/fixtures/ssl/tampered-cert.pem +52 -30
data/spec/fixtures/ssl/tampered-csr.pem +47 -26
data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
data/spec/fixtures/ssl/unknown-ca.pem +55 -33
data/spec/integration/application/resource_spec.rb +30 -0
data/spec/lib/puppet/test_ca.rb +2 -2
data/spec/unit/application/agent_spec.rb +7 -2
data/spec/unit/configurer/downloader_spec.rb +6 -0
data/spec/unit/configurer_spec.rb +23 -0
data/spec/unit/file_serving/fileset_spec.rb +60 -0
data/spec/unit/gettext/config_spec.rb +12 -0
data/spec/unit/http/service/compiler_spec.rb +123 -0
data/spec/unit/indirector/catalog/compiler_spec.rb +14 -10
data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
data/spec/unit/provider/package/nim_spec.rb +42 -0
data/spec/unit/provider/service/init_spec.rb +1 -0
data/spec/unit/provider/service/openwrt_spec.rb +3 -1
data/spec/unit/provider/service/systemd_spec.rb +42 -8
data/spec/unit/provider/service/windows_spec.rb +202 -0
data/spec/unit/provider/user/directoryservice_spec.rb +67 -35
data/spec/unit/ssl/state_machine_spec.rb +19 -5
data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
data/spec/unit/transaction_spec.rb +18 -20
data/spec/unit/type/file/selinux_spec.rb +3 -3
data/spec/unit/type/service_spec.rb +59 -188
data/spec/unit/type/tidy_spec.rb +17 -7
data/spec/unit/type/user_spec.rb +45 -0
data/spec/unit/util/selinux_spec.rb +87 -16
data/tasks/generate_cert_fixtures.rake +2 -2
metadata +4 -2

data/spec/unit/configurer/downloader_spec.rb CHANGED Viewed

@@ -81,6 +81,12 @@ describe Puppet::Configurer::Downloader do
       expect(file[:source_permissions]).to eq(:ignore)
     end
+    it "should ignore the max file limit" do
+      file = generate_file_resource
+      expect(file[:max_files]).to eq(-1)
+    end
     describe "on POSIX", :if => Puppet.features.posix? do
       it "should allow source_permissions to be overridden" do
         file = generate_file_resource(:source_permissions => :use)

data/spec/unit/configurer_spec.rb CHANGED Viewed

@@ -1072,6 +1072,29 @@ describe Puppet::Configurer do
       }.to raise_error(Puppet::Error, /Could not select a functional puppet server from server_list: 'myserver:123,someotherservername'/)
     end
+    it "should warn when servers in 'server_list' are unreachable" do
+      Puppet.settings[:server_list] = "mybadserver1:123,mybadserver2:123,mygoodserver"
+      Puppet[:usecacheonfailure] = false
+      stub_request(:get, 'https://mybadserver1:123/status/v1/simple/master').and_raise(Puppet::HTTP::HTTPError)
+      stub_request(:get, 'https://mybadserver2:123/status/v1/simple/master').and_raise(Puppet::HTTP::HTTPError)
+      stub_request(:get, 'https://mygoodserver:8140/status/v1/simple/master').to_return(status: 200)
+      expect(Puppet).to receive(:warning).with(/^Unable to connect to server from server_list setting:.*Trying with next server from server_list.$/).twice
+      configurer.run
+    end
+    it "should warn when servers in 'server_list' respond with error" do
+      Puppet.settings[:server_list] = "mybadserver:123,someotherservername"
+      Puppet[:usecacheonfailure] = false
+      stub_request(:get, 'https://mybadserver:123/status/v1/simple/master').to_return(status: 400)
+      stub_request(:get, 'https://someotherservername:8140/status/v1/simple/master').to_return(status: 200)
+      expect(Puppet).to receive(:warning).with(/^Puppet server mybadserver:123 is unavailable: 400  Trying with next server from server_list.$/)
+      configurer.run
+    end
     it "should not error when usecacheonfailure is true and no servers in 'server_list' are reachable" do
       Puppet.settings[:server_list] = "myserver:123,someotherservername"
       Puppet[:usecacheonfailure] = true

data/spec/unit/file_serving/fileset_spec.rb CHANGED Viewed

@@ -46,6 +46,13 @@ describe Puppet::FileServing::Fileset do
       expect(set.recurselimit).to eq(3)
     end
+    it "accepts a 'max_files' option" do
+      expect(Puppet::FileSystem).to receive(:lstat).with(somefile).and_return(double('stat'))
+      set = Puppet::FileServing::Fileset.new(somefile, :recurselimit => 3, :max_files => 100)
+      expect(set.recurselimit).to eq(3)
+      expect(set.max_files).to eq(100)
+    end
     it "accepts an 'ignore' option" do
       expect(Puppet::FileSystem).to receive(:lstat).with(somefile).and_return(double('stat'))
       set = Puppet::FileServing::Fileset.new(somefile, :ignore => ".svn")
@@ -160,6 +167,29 @@ describe Puppet::FileServing::Fileset do
       end
     end
+    def mock_big_dir_structure(path, stat_method = :lstat)
+      allow(Puppet::FileSystem).to receive(stat_method).with(path).and_return(@dirstat)
+      # Keep track of the files we're stubbing.
+      @files = %w{.}
+      top_names = (1..10).map {|i| "dir_#{i}" }
+      sub_names = (1..100).map {|i| "file__#{i}" }
+      allow(Dir).to receive(:entries).with(path, encoding: Encoding::UTF_8).and_return(top_names)
+      top_names.each do |subdir|
+        @files << subdir # relative path
+        subpath = File.join(path, subdir)
+        allow(Puppet::FileSystem).to receive(stat_method).with(subpath).and_return(@dirstat)
+        allow(Dir).to receive(:entries).with(subpath, encoding: Encoding::UTF_8).and_return(sub_names)
+        sub_names.each do |file|
+          @files << File.join(subdir, file) # relative path
+          subfile_path = File.join(subpath, file)
+          allow(Puppet::FileSystem).to receive(stat_method).with(subfile_path).and_return(@filestat)
+        end
+      end
+    end
     def setup_mocks_for_dir(mock_dir, base_path)
       path = File.join(base_path, mock_dir.name)
       allow(Puppet::FileSystem).to receive(:lstat).with(path).and_return(MockStat.new(path, true))
@@ -258,6 +288,36 @@ describe Puppet::FileServing::Fileset do
       expect(@fileset.files.find { |file| file.include?("0") }).to be_nil
     end
+    it "raises exception if number of files is greater than :max_files" do
+      mock_dir_structure(@path)
+      @fileset.recurse = true
+      @fileset.max_files = 22
+      expect { @fileset.files }.to raise_error(Puppet::Error, "The directory '#{@path}' contains 28 entries, which exceeds the limit of 22 specified by the max_files parameter for this resource. The limit may be increased, but be aware that large number of file resources can result in excessive resource consumption and degraded performance. Consider using an alternate method to manage large directory trees")
+    end
+    it "logs a warning if number of files is greater than soft max_files limit of 1000" do
+      mock_big_dir_structure(@path)
+      @fileset.recurse = true
+      expect(Puppet).to receive(:warning).with("The directory '#{@path}' contains 1010 entries, which exceeds the default soft limit 1000 and may cause excessive resource consumption and degraded performance. To remove this warning set a value for `max_files` parameter or consider using an alternate method to manage large directory trees")
+      expect { @fileset.files }.to_not raise_error
+    end
+    it "does not emit a warning if max_files is -1" do
+      mock_big_dir_structure(@path)
+      @fileset.recurse = true
+      @fileset.max_files = -1
+      expect(Puppet).to receive(:warning).never
+      @fileset.files
+    end
+    it "does not emit a warning if max_files is `-1`(string)" do
+      mock_big_dir_structure(@path)
+      @fileset.recurse = true
+      @fileset.max_files = '-1'
+      expect(Puppet).to receive(:warning).never
+      @fileset.files
+    end
     it "ignores files that match a pattern given as a boolean" do
       mock_dir_structure(@path)
       @fileset.recurse = true

data/spec/unit/gettext/config_spec.rb CHANGED Viewed

@@ -27,6 +27,18 @@ describe Puppet::GettextConfig do
     Puppet::GettextConfig.delete_all_text_domains
   end
+  # These tests assume gettext is enabled, but it will be disabled when the
+  # first time the `Puppet[:disable_i18n]` setting is resolved
+  around(:each) do |example|
+    disabled = Puppet::GettextConfig.instance_variable_get(:@gettext_disabled)
+    Puppet::GettextConfig.instance_variable_set(:@gettext_disabled, false)
+    begin
+      example.run
+    ensure
+      Puppet::GettextConfig.instance_variable_set(:@gettext_disabled, disabled)
+    end
+  end
   describe 'setting and getting the locale' do
     it 'should return "en" when gettext is unavailable' do
       allow(Puppet::GettextConfig).to receive(:gettext_loaded?).and_return(false)

data/spec/unit/http/service/compiler_spec.rb CHANGED Viewed

@@ -1,3 +1,4 @@
 # coding: utf-8
 require 'spec_helper'
 require 'puppet/http'
@@ -258,6 +259,128 @@ describe Puppet::HTTP::Service::Compiler do
     end
   end
+  context 'when posting for a v4 catalog' do
+    let(:uri) {"https://compiler.example.com:8140/puppet/v4/catalog"}
+    let(:persistence) {{ facts: true, catalog: true }}
+    let(:facts) {{ 'foo' => 'bar' }}
+    let(:trusted_facts) {{}}
+    let(:uuid) { "ec3d2844-b236-4287-b0ad-632fbb4d1ff0" }
+    let(:job_id) { "1" }
+    let(:payload) {{
+      environment: environment,
+      persistence: persistence,
+      facts: facts,
+      trusted_facts: trusted_facts,
+      transaction_uuid: uuid,
+      job_id: job_id,
+      options: {
+        prefer_requested_environment: false,
+        capture_logs: false
+      }
+    }}
+    let(:serialized_catalog) {{ 'catalog' => catalog.to_data_hash }.to_json}
+    let(:catalog_response) {{ body: serialized_catalog, headers: {'Content-Type' => formatter.mime }}}
+    it 'includes default HTTP headers' do
+      stub_request(:post, uri).with do |request|
+        expect(request.headers).to include({'X-Puppet-Version' => /./, 'User-Agent' => /./})
+        expect(request.headers).to_not include('X-Puppet-Profiling')
+      end.to_return(**catalog_response)
+      subject.post_catalog4(certname, **payload)
+    end
+    it 'defaults the server and port based on settings' do
+      Puppet[:server] = 'compiler2.example.com'
+      Puppet[:serverport] = 8141
+      stub_request(:post, "https://compiler2.example.com:8141/puppet/v4/catalog")
+        .to_return(**catalog_response)
+      subject.post_catalog4(certname, **payload)
+    end
+    it 'includes puppet headers set via the :http_extra_headers and :profile settings' do
+      stub_request(:post, uri).with(headers: {'Example-Header' => 'real-thing', 'another' => 'thing', 'X-Puppet-Profiling' => 'true'}).
+        to_return(**catalog_response)
+      Puppet[:http_extra_headers] = 'Example-Header:real-thing,another:thing'
+      Puppet[:profile] = true
+      subject.post_catalog4(certname, **payload)
+    end
+    it 'returns a deserialized catalog' do
+      stub_request(:post, uri)
+        .to_return(**catalog_response)
+      _, cat, _ = subject.post_catalog4(certname, **payload)
+      expect(cat).to be_a(Puppet::Resource::Catalog)
+      expect(cat.name).to eq(certname)
+    end
+    it 'returns the request response' do
+      stub_request(:post, uri)
+        .to_return(**catalog_response)
+      resp, _, _ = subject.post_catalog4(certname, **payload)
+      expect(resp).to be_a(Puppet::HTTP::Response)
+    end
+    it 'raises a response error if unsuccessful' do
+      stub_request(:post, uri)
+        .to_return(status: [500, "Server Error"])
+      expect {
+        subject.post_catalog4(certname, **payload)
+      }.to raise_error do |err|
+        expect(err).to be_an_instance_of(Puppet::HTTP::ResponseError)
+        expect(err.message).to eq('Server Error')
+        expect(err.response.code).to eq(500)
+      end
+    end
+    it 'raises a response error when server response is not JSON' do
+      stub_request(:post, uri)
+        .to_return(body: "this isn't valid JSON", headers: {'Content-Type' => 'application/json'})
+      expect {
+        subject.post_catalog4(certname, **payload)
+      }.to raise_error do |err|
+        expect(err).to be_an_instance_of(Puppet::HTTP::SerializationError)
+        expect(err.message).to match(/Failed to deserialize catalog from puppetserver response/)
+      end
+    end
+    it 'raises a response error when server response a JSON serialized catalog' do
+      stub_request(:post, uri)
+        .to_return(body: {oops: 'bad response data'}.to_json, headers: {'Content-Type' => 'application/json'})
+      expect {
+        subject.post_catalog4(certname, **payload)
+      }.to raise_error do |err|
+        expect(err).to be_an_instance_of(Puppet::HTTP::SerializationError)
+        expect(err.message).to match(/Failed to deserialize catalog from puppetserver response/)
+      end
+    end
+    it 'raises ArgumentError when the `persistence` hash does not contain required keys' do
+      payload[:persistence].delete(:facts)
+      expect { subject.post_catalog4(certname, **payload) }.to raise_error do |err|
+        expect(err).to be_an_instance_of(ArgumentError)
+        expect(err.message).to match(/The 'persistence' hash is missing the keys: facts/)
+      end
+    end
+    it 'raises ArgumentError when `facts` are not a Hash' do
+      payload[:facts] = Puppet::Node::Facts.new(certname)
+      expect { subject.post_catalog4(certname, **payload) }.to raise_error do |err|
+        expect(err).to be_an_instance_of(ArgumentError)
+        expect(err.message).to match(/Facts must be a Hash not a Puppet::Node::Facts/)
+      end
+    end
+  end
   context 'when getting a node' do
     let(:uri) { %r{/puppet/v3/node/ziggy} }
     let(:node_response) { { body: formatter.render(node), headers: {'Content-Type' => formatter.mime } } }

data/spec/unit/indirector/catalog/compiler_spec.rb CHANGED Viewed

@@ -909,9 +909,10 @@ describe Puppet::Resource::Catalog::Compiler do
         it "inlines child metadata" do
           catalog = compile_to_catalog(<<-MANIFEST, node)
             file { '#{path}':
-              ensure  => directory,
-              recurse => true,
-              source  => '#{source_dir}'
+              ensure    => directory,
+              recurse   => true,
+              source    => '#{source_dir}',
+              max_files => 1234,
             }
           MANIFEST
@@ -925,6 +926,7 @@ describe Puppet::Resource::Catalog::Compiler do
             :source_permissions => :ignore,
             :recurse            => true,
             :recurselimit       => nil,
+            :max_files          => 1234,
             :ignore             => nil,
           }
           expect(Puppet::FileServing::Metadata.indirection).to receive(:search).with(source_dir, options).and_return([metadata, child_metadata])
@@ -938,14 +940,15 @@ describe Puppet::Resource::Catalog::Compiler do
         it "uses resource parameters when inlining metadata" do
           catalog = compile_to_catalog(<<-MANIFEST, node)
             file { '#{path}':
-              ensure  => directory,
-              recurse => true,
-              source  => '#{source_dir}',
-              checksum => sha256,
+              ensure             => directory,
+              recurse            => true,
+              source             => '#{source_dir}',
+              checksum           => sha256,
               source_permissions => use_when_creating,
-              recurselimit => 2,
-              ignore => 'foo.+',
-              links => follow,
+              recurselimit       => 2,
+              max_files          => 4321,
+              ignore             => 'foo.+',
+              links              => follow,
             }
           MANIFEST
@@ -956,6 +959,7 @@ describe Puppet::Resource::Catalog::Compiler do
             :source_permissions => :use_when_creating,
             :recurse            => true,
             :recurselimit       => 2,
+            :max_files          => 4321,
             :ignore             => 'foo.+',
           }
           expect(Puppet::FileServing::Metadata.indirection).to receive(:search).with(source_dir, options).and_return([metadata, child_metadata])

data/spec/unit/parser/functions/fqdn_rand_spec.rb CHANGED Viewed

@@ -61,12 +61,26 @@ describe "the fqdn_rand function" do
     expect(fqdn_rand(5000, :extra_identifier => ['expensive job 33'])).to eql(2389)
   end
+  it "returns the same value if only host differs by case" do
+    val1 = fqdn_rand(1000000000, :host => "host.example.com", :extra_identifier => [nil, true])
+    val2 = fqdn_rand(1000000000, :host => "HOST.example.com", :extra_identifier => [nil, true])
+    expect(val1).to eql(val2)
+  end
+  it "returns the same value if only host differs by case and an initial seed is given" do
+    val1 = fqdn_rand(1000000000, :host => "host.example.com", :extra_identifier => ['a seed', true])
+    val2 = fqdn_rand(1000000000, :host => "HOST.example.com", :extra_identifier => ['a seed', true])
+    expect(val1).to eql(val2)
+  end
   def fqdn_rand(max, args = {})
     host = args[:host] || '127.0.0.1'
     extra = args[:extra_identifier] || []
     scope = create_test_scope_for_node('localhost')
-    allow(scope).to receive(:[]).with("::fqdn").and_return(host)
+    scope.compiler.topscope['fqdn'] = host.freeze
     scope.function_fqdn_rand([max] + extra)
   end

data/spec/unit/pops/types/p_sem_ver_type_spec.rb CHANGED Viewed

@@ -125,6 +125,24 @@ describe 'Semantic Versions' do
         expect(eval_and_collect_notices(code)).to eql(['true', 'false'])
       end
+      it 'can be compared to another instance created from arguments' do
+        code = <<-CODE
+          $x = SemVer('1.2.3-rc4+5')
+          $y = SemVer(1, 2, 3, 'rc4', '5')
+          notice($x == $y)
+        CODE
+        expect(eval_and_collect_notices(code)).to eql(['true'])
+      end
+      it 'can be compared to another instance created from a hash' do
+        code = <<-CODE
+          $x = SemVer('1.2.3-rc4+5')
+          $y = SemVer(major => 1, minor => 2, patch => 3, prerelease => 'rc4', build => '5')
+          notice($x == $y)
+        CODE
+        expect(eval_and_collect_notices(code)).to eql(['true'])
+      end
       it 'can be compared to another instance for magnitude' do
         code = <<-CODE
           $x = SemVer('1.1.1')

data/spec/unit/pops/types/p_sensitive_type_spec.rb CHANGED Viewed

@@ -113,6 +113,24 @@ describe 'Sensitive Type' do
       expect(eval_and_collect_notices(code)).to eq(['Sensitive[Integer] != Sensitive[String]'])
     end
+    it 'equals another instance with the same value' do
+      code =<<-CODE
+        $i = Sensitive('secret')
+        $o = Sensitive('secret')
+        notice($i == $o)
+      CODE
+      expect(eval_and_collect_notices(code)).to eq(['true'])
+    end
+    it 'has equal hash keys for same values' do
+      code =<<-CODE
+        $i = Sensitive('secret')
+        $o = Sensitive('secret')
+        notice({$i => 1} == {$o => 1})
+      CODE
+      expect(eval_and_collect_notices(code)).to eq(['true'])
+    end
     it 'can be created from another sensitive instance ' do
       code =<<-CODE
         $o = Sensitive("hunter2")

data/spec/unit/provider/package/nim_spec.rb CHANGED Viewed

@@ -191,6 +191,27 @@ OUTPUT
           expect(versions[version]).to eq(:rpm)
         end
       end
+      it "should be able to parse RPM package listings with letters in version" do
+        showres_output = <<END
+cairo                                                              ALL  @@R:cairo _all_filesets
+   @@R:cairo-1.14.6-2waixX11 1.14.6-2waixX11
+END
+        packages = subject.send(:parse_showres_output, showres_output)
+        expect(Set.new(packages.keys)).to eq(Set.new(['cairo']))
+        versions = packages['cairo']
+        expect(versions.has_key?('1.14.6-2waixX11')).to eq(true)
+        expect(versions['1.14.6-2waixX11']).to eq(:rpm)
+      end
+      it "should raise error when parsing invalid RPM package listings" do
+              showres_output = <<END
+cairo                                                              ALL  @@R:cairo _all_filesets
+   @@R:cairo-invalid_version invalid_version
+END
+        expect{ subject.send(:parse_showres_output, showres_output) }.to raise_error(Puppet::Error,
+          /Unable to parse output from nimclient showres: package string does not match expected rpm package string format/)
+      end
     end
     context "#determine_latest_version" do
@@ -220,6 +241,27 @@ END
       it "should return :installp for installp/bff packages" do
         expect(subject.send(:determine_package_type, bff_showres_output, 'mypackage.foo', '1.2.3.4')).to eq(:installp)
       end
+      it "should return :installp for security updates" do
+        nimclient_showres_output = <<END
+bos.net                                                            ALL  @@S:bos.net _all_filesets
+ + 7.2.0.1  TCP/IP ntp Applications                                     @@S:bos.net.tcp.ntp 7.2.0.1
+ + 7.2.0.2  TCP/IP ntp Applications                                     @@S:bos.net.tcp.ntp 7.2.0.2
+END
+        expect(subject.send(:determine_package_type, nimclient_showres_output, 'bos.net.tcp.ntp', '7.2.0.2')).to eq(:installp)
+      end
+      it "should raise error when invalid header format is given" do
+        nimclient_showres_output = <<END
+bos.net                                                            ALL  @@INVALID_TYPE:bos.net _all_filesets
+ + 7.2.0.1  TCP/IP ntp Applications                                     @@INVALID_TYPE:bos.net.tcp.ntp 7.2.0.1
+ + 7.2.0.2  TCP/IP ntp Applications                                     @@INVALID_TYPE:bos.net.tcp.ntp 7.2.0.2
+END
+        expect{ subject.send(:determine_package_type, nimclient_showres_output, 'bos.net.tcp.ntp', '7.2.0.2') }.to raise_error(
+          Puppet::Error, /Unable to parse output from nimclient showres: line does not match expected package header format/)
+      end
     end
   end
 end