puppet 6.23.0-universal-darwin → 6.24.0-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (119) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +5 -5
  3. data/Gemfile.lock +8 -8
  4. data/README.md +4 -4
  5. data/ext/project_data.yaml +1 -0
  6. data/lib/puppet/application/filebucket.rb +1 -0
  7. data/lib/puppet/application/resource.rb +15 -2
  8. data/lib/puppet/application/ssl.rb +1 -0
  9. data/lib/puppet/environments.rb +10 -0
  10. data/lib/puppet/face/help/action.erb +1 -0
  11. data/lib/puppet/face/help/face.erb +1 -0
  12. data/lib/puppet/face/node/clean.rb +11 -0
  13. data/lib/puppet/file_system/file_impl.rb +1 -1
  14. data/lib/puppet/file_system/windows.rb +2 -2
  15. data/lib/puppet/forge.rb +3 -3
  16. data/lib/puppet/functions/empty.rb +8 -0
  17. data/lib/puppet/functions/strftime.rb +1 -0
  18. data/lib/puppet/functions/unwrap.rb +17 -2
  19. data/lib/puppet/indirector/resource/ral.rb +6 -1
  20. data/lib/puppet/interface/documentation.rb +1 -0
  21. data/lib/puppet/module_tool/applications/installer.rb +4 -0
  22. data/lib/puppet/module_tool/errors/shared.rb +17 -0
  23. data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
  24. data/lib/puppet/provider/exec/posix.rb +16 -4
  25. data/lib/puppet/provider/package/pip.rb +15 -3
  26. data/lib/puppet/provider/parsedfile.rb +3 -0
  27. data/lib/puppet/settings.rb +30 -7
  28. data/lib/puppet/type/exec.rb +16 -3
  29. data/lib/puppet/type/file/mode.rb +6 -0
  30. data/lib/puppet/type/tidy.rb +1 -1
  31. data/lib/puppet/util/symbolic_file_mode.rb +29 -17
  32. data/lib/puppet/util/windows/sid.rb +3 -1
  33. data/lib/puppet/version.rb +1 -1
  34. data/lib/puppet.rb +3 -3
  35. data/locales/puppet.pot +154 -134
  36. data/man/man5/puppet.conf.5 +2 -2
  37. data/man/man8/puppet-agent.8 +1 -1
  38. data/man/man8/puppet-apply.8 +1 -1
  39. data/man/man8/puppet-catalog.8 +9 -9
  40. data/man/man8/puppet-config.8 +1 -1
  41. data/man/man8/puppet-describe.8 +1 -1
  42. data/man/man8/puppet-device.8 +1 -1
  43. data/man/man8/puppet-doc.8 +1 -1
  44. data/man/man8/puppet-epp.8 +1 -1
  45. data/man/man8/puppet-facts.8 +8 -8
  46. data/man/man8/puppet-filebucket.8 +1 -1
  47. data/man/man8/puppet-generate.8 +1 -1
  48. data/man/man8/puppet-help.8 +1 -1
  49. data/man/man8/puppet-key.8 +7 -7
  50. data/man/man8/puppet-lookup.8 +1 -1
  51. data/man/man8/puppet-man.8 +1 -1
  52. data/man/man8/puppet-module.8 +1 -1
  53. data/man/man8/puppet-node.8 +5 -5
  54. data/man/man8/puppet-parser.8 +1 -1
  55. data/man/man8/puppet-plugin.8 +1 -1
  56. data/man/man8/puppet-report.8 +5 -5
  57. data/man/man8/puppet-resource.8 +1 -1
  58. data/man/man8/puppet-script.8 +1 -1
  59. data/man/man8/puppet-ssl.8 +1 -1
  60. data/man/man8/puppet-status.8 +4 -4
  61. data/man/man8/puppet.8 +2 -2
  62. data/spec/fixtures/ssl/127.0.0.1-key.pem +106 -106
  63. data/spec/fixtures/ssl/127.0.0.1.pem +48 -48
  64. data/spec/fixtures/ssl/bad-basic-constraints.pem +54 -54
  65. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +51 -51
  66. data/spec/fixtures/ssl/ca.pem +52 -52
  67. data/spec/fixtures/ssl/crl.pem +25 -25
  68. data/spec/fixtures/ssl/ec-key.pem +11 -11
  69. data/spec/fixtures/ssl/ec.pem +32 -32
  70. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  71. data/spec/fixtures/ssl/encrypted-key.pem +107 -107
  72. data/spec/fixtures/ssl/intermediate-agent-crl.pem +25 -25
  73. data/spec/fixtures/ssl/intermediate-agent.pem +54 -54
  74. data/spec/fixtures/ssl/intermediate-crl.pem +28 -28
  75. data/spec/fixtures/ssl/intermediate.pem +51 -51
  76. data/spec/fixtures/ssl/oid-key.pem +117 -0
  77. data/spec/fixtures/ssl/oid.pem +69 -0
  78. data/spec/fixtures/ssl/pluto-key.pem +106 -106
  79. data/spec/fixtures/ssl/pluto.pem +50 -50
  80. data/spec/fixtures/ssl/request-key.pem +106 -106
  81. data/spec/fixtures/ssl/request.pem +45 -45
  82. data/spec/fixtures/ssl/revoked-key.pem +106 -106
  83. data/spec/fixtures/ssl/revoked.pem +49 -49
  84. data/spec/fixtures/ssl/signed-key.pem +106 -106
  85. data/spec/fixtures/ssl/signed.pem +47 -47
  86. data/spec/fixtures/ssl/tampered-cert.pem +49 -49
  87. data/spec/fixtures/ssl/tampered-csr.pem +45 -45
  88. data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
  89. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +106 -106
  90. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -48
  91. data/spec/fixtures/ssl/unknown-ca-key.pem +106 -106
  92. data/spec/fixtures/ssl/unknown-ca.pem +52 -52
  93. data/spec/integration/application/filebucket_spec.rb +11 -0
  94. data/spec/integration/application/module_spec.rb +21 -0
  95. data/spec/integration/application/resource_spec.rb +35 -1
  96. data/spec/integration/application/ssl_spec.rb +20 -0
  97. data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
  98. data/spec/integration/indirector/facts/facter_spec.rb +90 -36
  99. data/spec/integration/type/exec_spec.rb +70 -45
  100. data/spec/lib/puppet/test_ca.rb +5 -0
  101. data/spec/lib/puppet_spec/settings.rb +1 -0
  102. data/spec/unit/environments_spec.rb +35 -0
  103. data/spec/unit/file_system_spec.rb +6 -0
  104. data/spec/unit/functions/assert_type_spec.rb +1 -1
  105. data/spec/unit/functions/empty_spec.rb +10 -0
  106. data/spec/unit/functions/unwrap_spec.rb +8 -0
  107. data/spec/unit/functions4_spec.rb +2 -2
  108. data/spec/unit/indirector/resource/ral_spec.rb +40 -75
  109. data/spec/unit/module_tool/applications/installer_spec.rb +12 -0
  110. data/spec/unit/parser/templatewrapper_spec.rb +12 -2
  111. data/spec/unit/provider/package/pip_spec.rb +37 -0
  112. data/spec/unit/provider/parsedfile_spec.rb +10 -0
  113. data/spec/unit/settings_spec.rb +97 -56
  114. data/spec/unit/type/exec_spec.rb +76 -29
  115. data/spec/unit/type/file/source_spec.rb +4 -4
  116. data/spec/unit/type/tidy_spec.rb +7 -0
  117. data/spec/unit/util/windows/sid_spec.rb +39 -4
  118. data/tasks/generate_cert_fixtures.rake +10 -1
  119. metadata +12 -3
@@ -266,6 +266,43 @@ describe Puppet::Type.type(:package).provider(:pip) do
266
266
  let(:pip_version) { '1.5.4' }
267
267
  let(:pip_path) { '/fake/bin/pip' }
268
268
 
269
+ context "with pip version >= 20.3 and < 21.1" do
270
+ let(:pip_version) { '20.3.1' }
271
+ let(:pip_path) { '/fake/bin/pip' }
272
+
273
+ it "should use legacy-resolver argument" do
274
+ p = StringIO.new(
275
+ <<-EOS
276
+ Collecting real-package==versionplease
277
+ Could not find a version that satisfies the requirement real-package==versionplease (from versions: 1.1.3, 1.0, 1.9b1)
278
+ No matching distribution found for real-package==versionplease
279
+ EOS
280
+ )
281
+ expect(Puppet::Util::Execution).to receive(:execpipe).with(["/fake/bin/pip", "install", "real_package==versionplease",
282
+ "--use-deprecated=legacy-resolver"]).and_yield(p).once
283
+ @resource[:name] = "real_package"
284
+ @provider.latest
285
+ end
286
+ end
287
+
288
+ context "with pip version >= 21.1" do
289
+ let(:pip_version) { '21.1' }
290
+ let(:pip_path) { '/fake/bin/pip' }
291
+
292
+ it "should not use legacy-resolver argument" do
293
+ p = StringIO.new(
294
+ <<-EOS
295
+ Collecting real-package==versionplease
296
+ Could not find a version that satisfies the requirement real-package==versionplease (from versions: 1.1.3, 1.0, 1.9b1)
297
+ No matching distribution found for real-package==versionplease
298
+ EOS
299
+ )
300
+ expect(Puppet::Util::Execution).to receive(:execpipe).with(["/fake/bin/pip", "install", "real_package==versionplease"]).and_yield(p).once
301
+ @resource[:name] = "real_package"
302
+ @provider.latest
303
+ end
304
+ end
305
+
269
306
  it "should find a version number for real_package" do
270
307
  p = StringIO.new(
271
308
  <<-EOS
@@ -79,6 +79,16 @@ describe Puppet::Provider::ParsedFile do
79
79
 
80
80
  provider.instances
81
81
  end
82
+
83
+ it "should raise if parsing returns nil" do
84
+ expect(provider).to receive(:targets).and_return(%w{/one})
85
+ expect_any_instance_of(Puppet::Util::FileType::FileTypeFlat).to receive(:read).and_return('a=b')
86
+ expect(provider).to receive(:parse).and_return(nil)
87
+
88
+ expect {
89
+ provider.instances
90
+ }.to raise_error(Puppet::DevError, %r{Prefetching /one for provider parsedfile_provider returned nil})
91
+ end
82
92
  end
83
93
 
84
94
  describe "when matching resources to existing records" do
@@ -29,6 +29,17 @@ describe Puppet::Settings do
29
29
  end
30
30
  end
31
31
 
32
+ def stub_config_with(content)
33
+ allow(Puppet.features).to receive(:root?).and_return(false)
34
+ expect(Puppet::FileSystem).to receive(:exist?).
35
+ with(user_config_file_default_location).
36
+ and_return(true).ordered
37
+ expect(@settings).to receive(:read_file).
38
+ with(user_config_file_default_location).
39
+ and_return(content).ordered
40
+ @settings.send(:parse_config_files)
41
+ end
42
+
32
43
  describe "when specifying defaults" do
33
44
  before do
34
45
  @settings = Puppet::Settings.new
@@ -264,23 +275,31 @@ describe Puppet::Settings do
264
275
  expect(@settings[:myval]).to eq("")
265
276
  end
266
277
 
267
- it "should flag string settings from the CLI" do
278
+ it "should retrieve numeric settings from the CLI" do
268
279
  @settings.handlearg("--myval", "12")
269
- expect(@settings.set_by_cli?(:myval)).to be_truthy
280
+ expect(@settings.set_by_cli(:myval)).to eq(12)
281
+ expect(@settings.set_by_cli?(:myval)).to be true
270
282
  end
271
283
 
272
- it "should flag bool settings from the CLI" do
284
+ it "should retrieve string settings from the CLI" do
285
+ @settings.handlearg("--myval", "something")
286
+ expect(@settings.set_by_cli(:myval)).to eq("something")
287
+ expect(@settings.set_by_cli?(:myval)).to be true
288
+ end
289
+
290
+ it "should retrieve bool settings from the CLI" do
273
291
  @settings.handlearg("--bool")
274
- expect(@settings.set_by_cli?(:bool)).to be_truthy
292
+ expect(@settings.set_by_cli(:bool)).to be true
293
+ expect(@settings.set_by_cli?(:bool)).to be true
275
294
  end
276
295
 
277
- it "should not flag settings memory as from CLI" do
296
+ it "should not retrieve settings set in memory as from CLI" do
278
297
  @settings[:myval] = "12"
279
- expect(@settings.set_by_cli?(:myval)).to be_falsey
298
+ expect(@settings.set_by_cli?(:myval)).to be false
280
299
  end
281
300
 
282
301
  it "should find no configured settings by default" do
283
- expect(@settings.set_by_config?(:myval)).to be_falsey
302
+ expect(@settings.set_by_config?(:myval)).to be false
284
303
  end
285
304
 
286
305
  it "should identify configured settings in memory" do
@@ -304,64 +323,66 @@ describe Puppet::Settings do
304
323
  expect(@settings.set_by_config?(:manifest, Puppet[:environment])).to be_truthy
305
324
  end
306
325
 
307
- it "should identify configured settings from the preferred run mode" do
308
- user_config_text = "[#{@settings.preferred_run_mode}]\nmyval = foo"
326
+ context "when handling puppet.conf" do
327
+ describe "#set_by_config?" do
328
+ it "should identify configured settings from the preferred run mode" do
329
+ stub_config_with(<<~CONFIG)
330
+ [#{@settings.preferred_run_mode}]
331
+ myval = foo
332
+ CONFIG
309
333
 
310
- allow(Puppet.features).to receive(:root?).and_return(false)
311
- expect(Puppet::FileSystem).to receive(:exist?).
312
- with(user_config_file_default_location).
313
- and_return(true).ordered
314
- expect(@settings).to receive(:read_file).
315
- with(user_config_file_default_location).
316
- and_return(user_config_text).ordered
334
+ expect(@settings.set_by_config?(:myval)).to be_truthy
335
+ end
317
336
 
318
- @settings.send(:parse_config_files)
319
- expect(@settings.set_by_config?(:myval)).to be_truthy
320
- end
337
+ it "should identify configured settings from the specified run mode" do
338
+ stub_config_with(<<~CONFIG)
339
+ [server]
340
+ myval = foo
341
+ CONFIG
321
342
 
322
- it "should identify configured settings from the specified run mode" do
323
- user_config_text = "[server]\nmyval = foo"
343
+ expect(@settings.set_by_config?(:myval, nil, :server)).to be_truthy
344
+ end
324
345
 
325
- allow(Puppet.features).to receive(:root?).and_return(false)
326
- expect(Puppet::FileSystem).to receive(:exist?).
327
- with(user_config_file_default_location).
328
- and_return(true).ordered
329
- expect(@settings).to receive(:read_file).
330
- with(user_config_file_default_location).
331
- and_return(user_config_text).ordered
346
+ it "should not identify configured settings from an unspecified run mode" do
347
+ stub_config_with(<<~CONFIG)
348
+ [zaz]
349
+ myval = foo
350
+ CONFIG
332
351
 
333
- @settings.send(:parse_config_files)
334
- expect(@settings.set_by_config?(:myval, nil, :server)).to be_truthy
335
- end
352
+ expect(@settings.set_by_config?(:myval)).to be_falsey
353
+ end
336
354
 
337
- it "should not identify configured settings from an unspecified run mode" do
338
- user_config_text = "[zaz]\nmyval = foo"
355
+ it "should identify configured settings from the main section" do
356
+ stub_config_with(<<~CONFIG)
357
+ [main]
358
+ myval = foo
359
+ CONFIG
339
360
 
340
- allow(Puppet.features).to receive(:root?).and_return(false)
341
- expect(Puppet::FileSystem).to receive(:exist?).
342
- with(user_config_file_default_location).
343
- and_return(true).ordered
344
- expect(@settings).to receive(:read_file).
345
- with(user_config_file_default_location).
346
- and_return(user_config_text).ordered
361
+ expect(@settings.set_by_config?(:myval)).to be_truthy
362
+ end
363
+ end
347
364
 
348
- @settings.send(:parse_config_files)
349
- expect(@settings.set_by_config?(:myval)).to be_falsey
350
- end
365
+ describe "#set_in_section" do
366
+ it "should retrieve configured settings from the specified section" do
367
+ stub_config_with(<<~CONFIG)
368
+ [agent]
369
+ myval = foo
370
+ CONFIG
351
371
 
352
- it "should identify configured settings from the main section" do
353
- user_config_text = "[main]\nmyval = foo"
372
+ expect(@settings.set_in_section(:myval, :agent)).to eq("foo")
373
+ expect(@settings.set_in_section?(:myval, :agent)).to be true
374
+ end
354
375
 
355
- allow(Puppet.features).to receive(:root?).and_return(false)
356
- expect(Puppet::FileSystem).to receive(:exist?).
357
- with(user_config_file_default_location).
358
- and_return(true).ordered
359
- expect(@settings).to receive(:read_file).
360
- with(user_config_file_default_location).
361
- and_return(user_config_text).ordered
376
+ it "should not retrieve configured settings from a different section" do
377
+ stub_config_with(<<~CONFIG)
378
+ [main]
379
+ myval = foo
380
+ CONFIG
362
381
 
363
- @settings.send(:parse_config_files)
364
- expect(@settings.set_by_config?(:myval)).to be_truthy
382
+ expect(@settings.set_in_section(:myval, :agent)).to be nil
383
+ expect(@settings.set_in_section?(:myval, :agent)).to be false
384
+ end
385
+ end
365
386
  end
366
387
 
367
388
  it "should clear the cache when setting getopt-specific values" do
@@ -2120,7 +2141,7 @@ describe Puppet::Settings do
2120
2141
  end
2121
2142
 
2122
2143
  def a_user_type_for(username)
2123
- user = double('user')
2144
+ user = double('user', 'suitable?': true, to_s: "User[#{username}]")
2124
2145
  expect(Puppet::Type.type(:user)).to receive(:new).with(hash_including(name: username)).and_return(user)
2125
2146
  user
2126
2147
  end
@@ -2153,6 +2174,16 @@ describe Puppet::Settings do
2153
2174
 
2154
2175
  expect(settings).to be_service_user_available
2155
2176
  end
2177
+
2178
+ it "raises if the user is not suitable" do
2179
+ settings[:user] = "foo"
2180
+
2181
+ expect(a_user_type_for("foo")).to receive(:suitable?).and_return(false)
2182
+
2183
+ expect {
2184
+ settings.service_user_available?
2185
+ }.to raise_error(Puppet::Error, /Cannot manage owner permissions, because the provider for 'User\[foo\]' is not functional/)
2186
+ end
2156
2187
  end
2157
2188
 
2158
2189
  describe "when determining if the service group is available" do
@@ -2163,7 +2194,7 @@ describe Puppet::Settings do
2163
2194
  end
2164
2195
 
2165
2196
  def a_group_type_for(groupname)
2166
- group = double('group')
2197
+ group = double('group', 'suitable?': true, to_s: "Group[#{groupname}]")
2167
2198
  expect(Puppet::Type.type(:group)).to receive(:new).with(hash_including(name: groupname)).and_return(group)
2168
2199
  group
2169
2200
  end
@@ -2196,6 +2227,16 @@ describe Puppet::Settings do
2196
2227
 
2197
2228
  expect(settings).to be_service_group_available
2198
2229
  end
2230
+
2231
+ it "raises if the group is not suitable" do
2232
+ settings[:group] = "foo"
2233
+
2234
+ expect(a_group_type_for("foo")).to receive(:suitable?).and_return(false)
2235
+
2236
+ expect {
2237
+ settings.service_group_available?
2238
+ }.to raise_error(Puppet::Error, /Cannot manage group permissions, because the provider for 'Group\[foo\]' is not functional/)
2239
+ end
2199
2240
  end
2200
2241
 
2201
2242
  describe "when dealing with command-line options" do
@@ -239,6 +239,19 @@ RSpec.describe Puppet::Type.type(:exec) do
239
239
  expect(dependencies.collect(&:to_s)).to eq([Puppet::Relationship.new(tmp, execer).to_s])
240
240
  end
241
241
 
242
+ it "should be able to autorequire files mentioned in the array command" do
243
+ foo = make_absolute('/bin/foo')
244
+ catalog = Puppet::Resource::Catalog.new
245
+ tmp = Puppet::Type.type(:file).new(:name => foo)
246
+ execer = Puppet::Type.type(:exec).new(:name => 'test array', :command => [foo, 'bar'])
247
+
248
+ catalog.add_resource tmp
249
+ catalog.add_resource execer
250
+ dependencies = execer.autorequire(catalog)
251
+
252
+ expect(dependencies.collect(&:to_s)).to eq([Puppet::Relationship.new(tmp, execer).to_s])
253
+ end
254
+
242
255
  describe "when handling the path parameter" do
243
256
  expect = %w{one two three four}
244
257
  { "an array" => expect,
@@ -346,7 +359,13 @@ RSpec.describe Puppet::Type.type(:exec) do
346
359
  end
347
360
 
348
361
  shared_examples_for "all exec command parameters" do |param|
349
- { "relative" => "example", "absolute" => "/bin/example" }.sort.each do |name, command|
362
+ array_cmd = ["/bin/example", "*"]
363
+ array_cmd = [["/bin/example", "*"]] if [:onlyif, :unless].include?(param)
364
+
365
+ commands = { "relative" => "example", "absolute" => "/bin/example" }
366
+ commands["array"] = array_cmd
367
+
368
+ commands.sort.each do |name, command|
350
369
  describe "if command is #{name}" do
351
370
  before :each do
352
371
  @param = param
@@ -379,45 +398,44 @@ RSpec.describe Puppet::Type.type(:exec) do
379
398
  end
380
399
 
381
400
  shared_examples_for "all exec command parameters that take arrays" do |param|
382
- describe "when given an array of inputs" do
383
- before :each do
384
- @test = Puppet::Type.type(:exec).new(:name => @executable)
385
- end
401
+ [
402
+ %w{one two three},
403
+ [%w{one -a}, %w{two, -b}, 'three']
404
+ ].each do |input|
405
+ context "when given #{input.inspect} as input" do
406
+ let(:resource) { Puppet::Type.type(:exec).new(:name => @executable) }
386
407
 
387
- it "should accept the array when all commands return valid" do
388
- input = %w{one two three}
389
- expect(@test.provider).to receive(:validatecmd).exactly(input.length).times.and_return(true)
390
- @test[param] = input
391
- expect(@test[param]).to eq(input)
392
- end
408
+ it "accepts the array when all commands return valid" do
409
+ input = %w{one two three}
410
+ allow(resource.provider).to receive(:validatecmd).exactly(input.length).times.and_return(true)
411
+ resource[param] = input
412
+ expect(resource[param]).to eq(input)
413
+ end
393
414
 
394
- it "should reject the array when any commands return invalid" do
395
- input = %w{one two three}
396
- expect(@test.provider).to receive(:validatecmd).with(input.first).and_return(false)
397
- input[1..-1].each do |cmd|
398
- expect(@test.provider).to receive(:validatecmd).with(cmd).and_return(true)
415
+ it "rejects the array when any commands return invalid" do
416
+ input = %w{one two three}
417
+ allow(resource.provider).to receive(:validatecmd).with(input[0]).and_return(true)
418
+ allow(resource.provider).to receive(:validatecmd).with(input[1]).and_raise(Puppet::Error)
419
+
420
+ expect { resource[param] = input }.to raise_error(Puppet::ResourceError, /Parameter #{param} failed/)
399
421
  end
400
- @test[param] = input
401
- expect(@test[param]).to eq(input)
402
- end
403
422
 
404
- it "should reject the array when all commands return invalid" do
405
- input = %w{one two three}
406
- expect(@test.provider).to receive(:validatecmd).exactly(input.length).times.and_return(false)
407
- @test[param] = input
408
- expect(@test[param]).to eq(input)
423
+ it "stops at the first invalid command" do
424
+ input = %w{one two three}
425
+ allow(resource.provider).to receive(:validatecmd).with(input[0]).and_raise(Puppet::Error)
426
+
427
+ expect(resource.provider).not_to receive(:validatecmd).with(input[1])
428
+ expect(resource.provider).not_to receive(:validatecmd).with(input[2])
429
+ expect { resource[param] = input }.to raise_error(Puppet::ResourceError, /Parameter #{param} failed/)
430
+ end
409
431
  end
410
432
  end
411
433
  end
412
434
 
413
435
  describe "when setting command" do
414
436
  subject { described_class.new(:name => @command) }
415
- it "fails when passed an Array" do
416
- expect { subject[:command] = [] }.to raise_error Puppet::Error, /Command must be a String/
417
- end
418
-
419
437
  it "fails when passed a Hash" do
420
- expect { subject[:command] = {} }.to raise_error Puppet::Error, /Command must be a String/
438
+ expect { subject[:command] = {} }.to raise_error Puppet::Error, /Command must be a String or Array<String>/
421
439
  end
422
440
  end
423
441
 
@@ -759,6 +777,35 @@ RSpec.describe Puppet::Type.type(:exec) do
759
777
  end
760
778
  end
761
779
 
780
+ context 'with an array of arrays with multiple items' do
781
+ before do
782
+ [true, false].each do |check|
783
+ allow(@test.provider).to receive(:run).with([@pass, '--flag'], check).
784
+ and_return(['test output', @pass_status])
785
+ allow(@test.provider).to receive(:run).with([@fail, '--flag'], check).
786
+ and_return(['test output', @fail_status])
787
+ allow(@test.provider).to receive(:run).with([@pass], check).
788
+ and_return(['test output', @pass_status])
789
+ allow(@test.provider).to receive(:run).with([@fail], check).
790
+ and_return(['test output', @fail_status])
791
+ end
792
+ end
793
+ it "runs if all the commands exits non-zero" do
794
+ @test[param] = [[@fail, '--flag'], [@fail], [@fail, '--flag']]
795
+ expect(@test.check_all_attributes).to eq(true)
796
+ end
797
+
798
+ it "does not run if one command exits zero" do
799
+ @test[param] = [[@pass, '--flag'], [@pass], [@fail, '--flag']]
800
+ expect(@test.check_all_attributes).to eq(false)
801
+ end
802
+
803
+ it "does not run if all command exits zero" do
804
+ @test[param] = [[@pass, '--flag'], [@pass], [@pass, '--flag']]
805
+ expect(@test.check_all_attributes).to eq(false)
806
+ end
807
+ end
808
+
762
809
  it "should emit output to debug" do
763
810
  Puppet::Util::Log.level = :debug
764
811
  @test[param] = @fail
@@ -264,7 +264,7 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
264
264
 
265
265
  expect(@resource[:owner]).to eq(100)
266
266
  expect(@resource[:group]).to eq(200)
267
- expect(@resource[:mode]).to eq("173")
267
+ expect(@resource[:mode]).to eq("0173")
268
268
 
269
269
  # Metadata calls it checksum and checksum_type, we call it content and checksum.
270
270
  expect(@resource[:content]).to eq(@metadata.checksum)
@@ -281,7 +281,7 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
281
281
 
282
282
  expect(@resource[:owner]).to eq(1)
283
283
  expect(@resource[:group]).to eq(2)
284
- expect(@resource[:mode]).to eq('173')
284
+ expect(@resource[:mode]).to eq('0173')
285
285
  expect(@resource[:content]).not_to eq(@metadata.checksum)
286
286
  expect(@resource[:checksum]).not_to eq(@metadata.checksum_type.to_sym)
287
287
  end
@@ -318,7 +318,7 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
318
318
 
319
319
  expect(@resource[:owner]).to eq(100)
320
320
  expect(@resource[:group]).to eq(200)
321
- expect(@resource[:mode]).to eq("173")
321
+ expect(@resource[:mode]).to eq("0173")
322
322
  end
323
323
 
324
324
  it "copies the remote owner" do
@@ -336,7 +336,7 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
336
336
  it "copies the remote mode" do
337
337
  @source.copy_source_values
338
338
 
339
- expect(@resource[:mode]).to eq("173")
339
+ expect(@resource[:mode]).to eq("0173")
340
340
  end
341
341
  end
342
342
 
@@ -280,6 +280,13 @@ describe tidy do
280
280
  @ager.tidy?(@basepath, @stat)
281
281
  end
282
282
 
283
+ it "should return true if the specified age is 0" do
284
+ @tidy[:age] = "0"
285
+ expect(@stat).to receive(:mtime).and_return(Time.now)
286
+
287
+ expect(@ager).to be_tidy(@basepath, @stat)
288
+ end
289
+
283
290
  it "should return false if the file is more recent than the specified age" do
284
291
  expect(@stat).to receive(:mtime).and_return(Time.now)
285
292
 
@@ -131,38 +131,73 @@ describe "Puppet::Util::Windows::SID", :if => Puppet::Util::Platform.windows? do
131
131
  expect(subject.name_to_principal(unknown_name)).to be_nil
132
132
  end
133
133
 
134
+ it "should print a debug message if the account does not exist" do
135
+ expect(Puppet).to receive(:debug).with(/No mapping between account names and security IDs was done/)
136
+ subject.name_to_principal(unknown_name)
137
+ end
138
+
134
139
  it "should return a Puppet::Util::Windows::SID::Principal instance for any valid sid" do
135
140
  expect(subject.name_to_principal(sid)).to be_an_instance_of(Puppet::Util::Windows::SID::Principal)
136
141
  end
137
142
 
143
+ it "should not print debug messages for valid sid" do
144
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
145
+ expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
146
+ subject.name_to_principal(sid)
147
+ end
148
+
149
+ it "should print a debug message for invalid sid" do
150
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
151
+ expect(Puppet).to receive(:debug).with(/No mapping between account names and security IDs was done/)
152
+ subject.name_to_principal('S-1-5-21-INVALID-SID')
153
+ end
154
+
138
155
  it "should accept unqualified account name" do
139
156
  # NOTE: lookup by name works in localized environments only for a few instances
140
157
  # this works in French Windows, even though the account is really Syst\u00E8me
141
158
  expect(subject.name_to_principal('SYSTEM').sid).to eq(sid)
142
159
  end
143
160
 
161
+ it "should not print debug messages for unqualified account name" do
162
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
163
+ expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
164
+ subject.name_to_principal('SYSTEM')
165
+ end
166
+
144
167
  it "should be case-insensitive" do
145
168
  # NOTE: lookup by name works in localized environments only for a few instances
146
169
  # this works in French Windows, even though the account is really Syst\u00E8me
147
170
  expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal('system'))
148
171
  end
149
172
 
173
+ it "should not print debug messages for wrongly cased account name" do
174
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
175
+ expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
176
+ subject.name_to_principal('system')
177
+ end
178
+
150
179
  it "should be leading and trailing whitespace-insensitive" do
151
180
  # NOTE: lookup by name works in localized environments only for a few instances
152
181
  # this works in French Windows, even though the account is really Syst\u00E8me
153
182
  expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal(' SYSTEM '))
154
183
  end
155
184
 
185
+ it "should not print debug messages for account name with leading and trailing whitespace" do
186
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
187
+ expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
188
+ subject.name_to_principal(' SYSTEM ')
189
+ end
190
+
156
191
  it "should accept domain qualified account names" do
157
192
  # NOTE: lookup by name works in localized environments only for a few instances
158
193
  # this works in French Windows, even though the account is really AUTORITE NT\\Syst\u00E8me
159
194
  expect(subject.name_to_principal('NT AUTHORITY\SYSTEM').sid).to eq(sid)
160
195
  end
161
196
 
162
- it "should print a debug message on failures" do
163
- expect(Puppet).to receive(:debug).with(/Could not retrieve raw SID bytes from 'NonExistingUser'/)
164
- expect(Puppet).to receive(:debug).with(/No mapping between account names and security IDs was done/)
165
- subject.name_to_principal('NonExistingUser')
197
+ it "should not print debug messages for domain qualified account names" do
198
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
199
+ expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
200
+ subject.name_to_principal('NT AUTHORITY\SYSTEM')
166
201
  end
167
202
  end
168
203
 
@@ -40,6 +40,7 @@ task(:gen_cert_fixtures) do
40
40
  # 127.0.0.1.pem | +- /CN=127.0.0.1 (with dns alt names)
41
41
  # tampered-cert.pem | +- /CN=signed (with different public key)
42
42
  # ec.pem | +- /CN=ec (with EC private key)
43
+ # oid.pem | +- /CN=oid (with custom oid)
43
44
  # |
44
45
  # + /CN=Test CA Agent Subauthority
45
46
  # | |
@@ -49,7 +50,7 @@ task(:gen_cert_fixtures) do
49
50
  #
50
51
  # bad-basic-constraints.pem /CN=Test CA (bad isCA constraint)
51
52
  #
52
- # unknown-ca.pemm /CN=Unknown CA
53
+ # unknown-ca.pem /CN=Unknown CA
53
54
  # |
54
55
  # unknown-127.0.0.1.pem +- /CN=127.0.0.1
55
56
  #
@@ -103,6 +104,14 @@ task(:gen_cert_fixtures) do
103
104
  save(dir, '127.0.0.1.pem', signed[:cert])
104
105
  save(dir, '127.0.0.1-key.pem', signed[:private_key])
105
106
 
107
+ # Create an SSL cert with extensions containing custom oids
108
+ extensions = [
109
+ ['1.3.6.1.4.1.34380.1.2.1.1', OpenSSL::ASN1::UTF8String.new('somevalue'), false],
110
+ ]
111
+ oid = ca.create_cert('oid', inter[:cert], inter[:private_key], extensions: extensions)
112
+ save(dir, 'oid.pem', oid[:cert])
113
+ save(dir, 'oid-key.pem', oid[:private_key])
114
+
106
115
  # Create a leaf/entity key and cert for host "revoked", issued by "Test CA Subauthority"
107
116
  # and revoke the cert
108
117
  revoked = ca.create_cert('revoked', inter[:cert], inter[:private_key])
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puppet
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.23.0
4
+ version: 6.24.0
5
5
  platform: universal-darwin
6
6
  authors:
7
7
  - Puppet Labs
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-11 00:00:00.000000000 Z
11
+ date: 2021-07-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: facter
@@ -1472,6 +1472,8 @@ files:
1472
1472
  - spec/fixtures/ssl/intermediate-crl.pem
1473
1473
  - spec/fixtures/ssl/intermediate.pem
1474
1474
  - spec/fixtures/ssl/netlock-arany-utf8.pem
1475
+ - spec/fixtures/ssl/oid-key.pem
1476
+ - spec/fixtures/ssl/oid.pem
1475
1477
  - spec/fixtures/ssl/pluto-key.pem
1476
1478
  - spec/fixtures/ssl/pluto.pem
1477
1479
  - spec/fixtures/ssl/request-key.pem
@@ -1482,6 +1484,7 @@ files:
1482
1484
  - spec/fixtures/ssl/signed.pem
1483
1485
  - spec/fixtures/ssl/tampered-cert.pem
1484
1486
  - spec/fixtures/ssl/tampered-csr.pem
1487
+ - spec/fixtures/ssl/trusted_oid_mapping.yaml
1485
1488
  - spec/fixtures/ssl/unknown-127.0.0.1-key.pem
1486
1489
  - spec/fixtures/ssl/unknown-127.0.0.1.pem
1487
1490
  - spec/fixtures/ssl/unknown-ca-key.pem
@@ -1832,6 +1835,7 @@ files:
1832
1835
  - spec/integration/application/module_spec.rb
1833
1836
  - spec/integration/application/plugin_spec.rb
1834
1837
  - spec/integration/application/resource_spec.rb
1838
+ - spec/integration/application/ssl_spec.rb
1835
1839
  - spec/integration/configurer_spec.rb
1836
1840
  - spec/integration/data_binding_spec.rb
1837
1841
  - spec/integration/defaults_spec.rb
@@ -2665,7 +2669,8 @@ files:
2665
2669
  - tasks/parser.rake
2666
2670
  - tasks/yard.rake
2667
2671
  homepage: https://github.com/puppetlabs/puppet
2668
- licenses: []
2672
+ licenses:
2673
+ - Apache-2.0
2669
2674
  metadata: {}
2670
2675
  post_install_message:
2671
2676
  rdoc_options:
@@ -2742,6 +2747,8 @@ test_files:
2742
2747
  - spec/fixtures/ssl/intermediate-crl.pem
2743
2748
  - spec/fixtures/ssl/intermediate.pem
2744
2749
  - spec/fixtures/ssl/netlock-arany-utf8.pem
2750
+ - spec/fixtures/ssl/oid-key.pem
2751
+ - spec/fixtures/ssl/oid.pem
2745
2752
  - spec/fixtures/ssl/pluto-key.pem
2746
2753
  - spec/fixtures/ssl/pluto.pem
2747
2754
  - spec/fixtures/ssl/request-key.pem
@@ -2752,6 +2759,7 @@ test_files:
2752
2759
  - spec/fixtures/ssl/signed.pem
2753
2760
  - spec/fixtures/ssl/tampered-cert.pem
2754
2761
  - spec/fixtures/ssl/tampered-csr.pem
2762
+ - spec/fixtures/ssl/trusted_oid_mapping.yaml
2755
2763
  - spec/fixtures/ssl/unknown-127.0.0.1-key.pem
2756
2764
  - spec/fixtures/ssl/unknown-127.0.0.1.pem
2757
2765
  - spec/fixtures/ssl/unknown-ca-key.pem
@@ -3102,6 +3110,7 @@ test_files:
3102
3110
  - spec/integration/application/module_spec.rb
3103
3111
  - spec/integration/application/plugin_spec.rb
3104
3112
  - spec/integration/application/resource_spec.rb
3113
+ - spec/integration/application/ssl_spec.rb
3105
3114
  - spec/integration/configurer_spec.rb
3106
3115
  - spec/integration/data_binding_spec.rb
3107
3116
  - spec/integration/defaults_spec.rb