puppet 6.23.0 → 7.0.0

data/spec/unit/indirector_spec.rb

@@ -112,8 +112,8 @@ describe Puppet::Indirector, "when registering an indirection" do
   end
 
   it "should pass any provided options to the indirection during initialization" do
-    expect(Puppet::Indirector::Indirection).to receive(:new).with(@thingie, :first, {:doc => 'some docs', :indirected_class => 'Thingie'})
-    @indirection = @thingie.indirects :first, :doc => 'some docs'
+    expect(Puppet::Indirector::Indirection).to receive(:new).with(@thingie, :first, {:some => :options, :indirected_class => 'Thingie'})
+    @indirection = @thingie.indirects :first, :some => :options
   end
 
   it "should extend the class to handle serialization" do

data/spec/unit/module_tool/applications/installer_spec.rb

@@ -247,21 +247,6 @@ describe Puppet::ModuleTool::Applications::Installer, :unless => RUBY_PLATFORM =
           expect(subject).to include :result => :success
           graph_should_include 'pmtacceptance-mysql', nil => v('0.8.0')
         end
-
-        context 'with an already installed dependency' do
-          before { preinstall('pmtacceptance-stdlib', '2.6.0') }
-
-          def options
-            super.merge(:version => '0.7.0')
-          end
-
-          it 'installs given version without errors and does not change version of dependency' do
-            expect(subject).to include :result => :success
-            graph_should_include 'pmtacceptance-mysql', nil => v('0.7.0')
-            expect(subject[:error]).to be_nil
-            graph_should_include 'pmtacceptance-stdlib', v('2.6.0') => v('2.6.0')
-          end
-        end
       end
 
       context 'with a --version that cannot satisfy' do
@@ -273,20 +258,6 @@ describe Puppet::ModuleTool::Applications::Installer, :unless => RUBY_PLATFORM =
           expect(subject).to include :result => :failure
         end
 
-        it 'prints a detailed error containing the modules that would not be satisfied' do
-          graph = double(SemanticPuppet::Dependency::Graph, :modules => ['pmtacceptance-mysql'])
-          exception = SemanticPuppet::Dependency::UnsatisfiableGraph.new(graph)
-          allow(exception).to receive(:respond_to?).and_return(true)
-          allow(exception).to receive(:unsatisfied).and_return('pmtacceptance-mysql')
-          allow(SemanticPuppet::Dependency).to receive(:resolve).and_raise(exception)
-
-          expect(subject[:error]).to include(:multiline)
-          expect(subject[:error][:multiline]).to include("Could not install module 'pmtacceptance-mysql' (> 1.0.0)")
-          expect(subject[:error][:multiline]).to include("The requested version cannot satisfy one or more of the following installed modules:")
-          expect(subject[:error][:multiline]).to include("pmtacceptance-keystone, expects 'pmtacceptance-mysql': >=0.6.1 <1.0.0")
-          expect(subject[:error][:multiline]).to include("Use `puppet module install 'pmtacceptance-mysql' --ignore-dependencies` to install only this module")
-        end
-
         context 'with --ignore-dependencies' do
           def options
             super.merge(:ignore_dependencies => true)
@@ -307,43 +278,6 @@ describe Puppet::ModuleTool::Applications::Installer, :unless => RUBY_PLATFORM =
             graph_should_include 'pmtacceptance-mysql', nil => v('2.1.0')
           end
         end
-
-        context 'with an already installed dependency' do
-          let(:graph) {
-            double(SemanticPuppet::Dependency::Graph,
-              :dependencies => {
-                'pmtacceptance-mysql' => {
-                  :version => '2.1.0'
-                }
-              },
-              :modules => ['pmtacceptance-mysql'],
-              :unsatisfied => 'pmtacceptance-stdlib'
-            )
-          }
-
-          let(:unsatisfiable_graph_exception) { SemanticPuppet::Dependency::UnsatisfiableGraph.new(graph) }
-
-          before do
-            allow(SemanticPuppet::Dependency).to receive(:resolve).and_raise(unsatisfiable_graph_exception)
-            allow(unsatisfiable_graph_exception).to receive(:respond_to?).and_return(true)
-            allow(unsatisfiable_graph_exception).to receive(:unsatisfied).and_return(graph.unsatisfied)
-
-            preinstall('pmtacceptance-stdlib', '2.6.0')
-          end
-
-          def options
-            super.merge(:version => '2.1.0')
-          end
-
-          it 'fails to install and outputs a multiline error containing the versions, expectations and workaround' do
-            expect(subject).to include :result => :failure
-            expect(subject[:error]).to include(:multiline)
-            expect(subject[:error][:multiline]).to include("Could not install module 'pmtacceptance-mysql' (v2.1.0)")
-            expect(subject[:error][:multiline]).to include("The requested version cannot satisfy one or more of the following installed modules:")
-            expect(subject[:error][:multiline]).to include("pmtacceptance-stdlib, installed: 2.6.0, expected: >= 2.2.1")
-            expect(subject[:error][:multiline]).to include("Use `puppet module install 'pmtacceptance-mysql' --ignore-dependencies` to install only this module")
-          end
-        end
       end
     end
 

data/spec/unit/network/authconfig_spec.rb

@@ -1,135 +1,8 @@
 require 'spec_helper'
-
 require 'puppet/network/authconfig'
 
-describe Puppet::Network::DefaultAuthProvider do
-  before :each do
-    allow(Puppet::FileSystem).to receive(:stat).and_return(double('stat', :ctime => :now))
-    allow(Time).to receive(:now).and_return(Time.now)
-  end
-
-  describe "when initializing" do
-    it "inserts default ACLs after setting initial rights" do
-      expect_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:insert_default_acl)
-      Puppet::Network::DefaultAuthProvider.new
-    end
-  end
-
-  describe "when defining an acl with mk_acl" do
-    before :each do
-      allow_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:insert_default_acl)
-      @authprovider = Puppet::Network::DefaultAuthProvider.new
-    end
-
-    it "should create a new right for each default acl" do
-      @authprovider.mk_acl(:acl => '/')
-      expect(@authprovider.rights['/']).to be
-    end
-
-    it "allows everyone for each default right" do
-      @authprovider.mk_acl(:acl => '/')
-      expect(@authprovider.rights['/']).to be_globalallow
-    end
-
-    it "accepts an argument to restrict the method" do
-      @authprovider.mk_acl(:acl => '/', :method => :find)
-      expect(@authprovider.rights['/'].methods).to eq([:find])
-    end
-
-    it "creates rights with authentication set to true by default" do
-      @authprovider.mk_acl(:acl => '/')
-      expect(@authprovider.rights['/'].authentication).to be_truthy
-    end
-
-    it "accepts an argument to set the authentication requirement" do
-      @authprovider.mk_acl(:acl => '/', :authenticated => :any)
-      expect(@authprovider.rights['/'].authentication).to be_falsey
-    end
-  end
-
-  describe "when adding default ACLs" do
-    before :each do
-      allow_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:insert_default_acl)
-      @authprovider = Puppet::Network::DefaultAuthProvider.new
-      allow_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:insert_default_acl).and_call_original
-    end
-
-    Puppet::Network::DefaultAuthProvider::default_acl.each do |acl|
-      it "should create a default right for #{acl[:acl]}" do
-        allow(@authprovider).to receive(:mk_acl)
-        expect(@authprovider).to receive(:mk_acl).with(acl)
-        @authprovider.insert_default_acl
-      end
-    end
-
-    it "should log at info loglevel" do
-      expect(Puppet).to receive(:info).at_least(:once)
-      @authprovider.insert_default_acl
-    end
-
-    it "creates an empty catch-all rule for '/' for any authentication request state" do
-      allow(@authprovider).to receive(:mk_acl)
-
-      @authprovider.insert_default_acl
-      expect(@authprovider.rights['/']).to be_empty
-      expect(@authprovider.rights['/'].authentication).to be_falsey
-    end
-
-    it '(CVE-2013-2275) allows report submission only for the node matching the certname by default' do
-      acl = {
-        :acl => "~ ^#{Puppet::Network::HTTP::MASTER_URL_PREFIX}\/v3\/report\/([^\/]+)$",
-        :method => :save,
-        :allow => '$1',
-        :authenticated => true
-      }
-      allow(@authprovider).to receive(:mk_acl)
-      expect(@authprovider).to receive(:mk_acl).with(acl)
-      @authprovider.insert_default_acl
-    end
-  end
-
-  describe "when checking authorization" do
-    it "should ask for authorization to the ACL subsystem" do
-      params = {
-        :ip => "127.0.0.1",
-        :node => "me",
-        :environment => :env,
-        :authenticated => true
-      }
-
-      expect_any_instance_of(Puppet::Network::Rights).to receive(:is_request_forbidden_and_why?).with(:save, "/path/to/resource", params)
-
-      described_class.new.check_authorization(:save, "/path/to/resource", params)
-    end
-  end
-end
-
 describe Puppet::Network::AuthConfig do
-  after :each do
-    Puppet::Network::AuthConfig.authprovider_class = nil
-  end
-
-  class TestAuthProvider
-    def initialize(rights=nil); end
-    def check_authorization(method, path, params); end
-  end
-
-  it "instantiates authprovider_class with rights" do
-    Puppet::Network::AuthConfig.authprovider_class = TestAuthProvider
-    rights = Puppet::Network::Rights.new
-    expect(TestAuthProvider).to receive(:new).with(rights)
-    described_class.new(rights)
-  end
-
-  it "delegates authorization check to authprovider_class" do
-    Puppet::Network::AuthConfig.authprovider_class = TestAuthProvider
-    expect_any_instance_of(TestAuthProvider).to receive(:check_authorization).with(:save, '/path/to/resource', {})
-    described_class.new.check_authorization(:save, '/path/to/resource', {})
-  end
-
-  it "uses DefaultAuthProvider by default" do
-    Puppet::Network::AuthConfig.authprovider_class = nil
-    expect_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:check_authorization).with(:save, '/path/to/resource', {})
-    described_class.new.check_authorization(:save, '/path/to/resource', {})
+  it "accepts an auth provider class" do
+    Puppet::Network::AuthConfig.authprovider_class = Object
   end
 end

data/spec/unit/network/authorization_spec.rb

@@ -1,61 +1,8 @@
 require 'spec_helper'
-require 'puppet/network/http'
-require 'puppet/network/http/api/indirected_routes'
 require 'puppet/network/authorization'
 
 describe Puppet::Network::Authorization do
-  class AuthTest
-    include Puppet::Network::Authorization
-  end
-
-  subject { AuthTest.new }
-
-  context "when creating an authconfig object" do
-    before :each do
-      # Other tests may have created an authconfig, so we have to undo that.
-      @orig_auth_config = Puppet::Network::AuthConfigLoader.instance_variable_get(:@auth_config)
-      @orig_auth_config_file = Puppet::Network::AuthConfigLoader.instance_variable_get(:@auth_config_file)
-
-      Puppet::Network::AuthConfigLoader.instance_variable_set(:@auth_config, nil)
-      Puppet::Network::AuthConfigLoader.instance_variable_set(:@auth_config_file, nil)
-    end
-
-    after :each do
-      Puppet::Network::AuthConfigLoader.instance_variable_set(:@auth_config, @orig_auth_config)
-      Puppet::Network::AuthConfigLoader.instance_variable_set(:@auth_config_file, @orig_auth_config_file)
-    end
-
-    it "creates default ACL entries if no file has been read" do
-      expect(Puppet::Network::AuthConfigParser).to receive(:new_from_file).and_raise(Errno::ENOENT)
-      expect_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:insert_default_acl)
-
-      subject.authconfig
-    end
-  end
-
-  class TestAuthConfig
-    def check_authorization(method, path, params); end
-  end
-
-  class TestAuthConfigLoader
-    def self.authconfig
-      TestAuthConfig.new
-    end
-  end
-
-  context "when checking authorization" do
-    after :each do
-      Puppet::Network::Authorization.authconfigloader_class = nil
-    end
-
-    it "delegates to the authconfig object" do
-      Puppet::Network::Authorization.authconfigloader_class =
-          TestAuthConfigLoader
-      expect_any_instance_of(TestAuthConfig).to receive(:check_authorization).with(
-          :save, '/mypath', {:param1 => "value1"}).and_return("yay, it worked!")
-      expect(subject.check_authorization(
-                 :save, '/mypath',
-                 {:param1 => "value1"})).to eq("yay, it worked!")
-    end
+  it "accepts an auth config loader class" do
+    Puppet::Network::Authorization.authconfigloader_class = Object
   end
 end

data/spec/unit/network/formats_spec.rb

@@ -161,19 +161,19 @@ describe "Puppet Network Format" do
     end
 
     it 'raises when interning an instance of an unacceptable indirected type' do
-      obj = Puppet::SSL::Key.new('foo')
+      obj = :something
 
       expect {
         yaml.intern(obj.class, YAML.dump(obj))
-      }.to raise_error(Puppet::Network::FormatHandler::FormatError, /Tried to load unspecified class: Puppet::SSL::Key/)
+      }.to raise_error(Puppet::Network::FormatHandler::FormatError, /Tried to load unspecified class: Symbol/)
     end
 
     it 'raises when interning multple instances of an unacceptable indirected type' do
-      obj = Puppet::SSL::Key.new('foo')
+      obj = :something
 
       expect {
         yaml.intern_multiple(obj.class, YAML.dump([obj]))
-      }.to raise_error(Puppet::Network::FormatHandler::FormatError, /Tried to load unspecified class: Puppet::SSL::Key/)
+      }.to raise_error(Puppet::Network::FormatHandler::FormatError, /Tried to load unspecified class: Symbol/)
     end
   end
 
@@ -534,45 +534,4 @@ EOT
       end
     end
   end
-
-  describe ":flat format" do
-    let(:flat) { Puppet::Network::FormatHandler.format(:flat) }
-
-    it "should include a flat format" do
-      expect(flat).to be_an_instance_of Puppet::Network::Format
-    end
-
-    [:intern, :intern_multiple].each do |method|
-      it "should not implement #{method}" do
-        expect { flat.send(method, String, 'blah') }.to raise_error NotImplementedError
-      end
-    end
-
-    context "when rendering arrays" do
-      {
-          []                           => "",
-          [1, 2]                       => "0=1\n1=2\n",
-          ["one"]                      => "0=one\n",
-          [{"one" => 1}, {"two" => 2}] => "0.one=1\n1.two=2\n",
-          [['something', 'for'], ['the', 'test']]  => "0=[\"something\", \"for\"]\n1=[\"the\", \"test\"]\n"
-      }.each_pair do |input, output|
-        it "should render #{input.inspect} as one item per line" do
-          expect(flat.render(input)).to eq(output)
-        end
-      end
-    end
-
-    context "when rendering hashes" do
-      {
-          {}                                   => "",
-          {1 => 2}                             => "1=2\n",
-          {"one" => "two"}                     => "one=two\n",
-          {[1,2] => 3, [2,3] => 5, [3,4] => 7} => "[1, 2]=3\n[2, 3]=5\n[3, 4]=7\n",
-      }.each_pair do |input, output|
-        it "should render #{input.inspect}" do
-          expect(flat.render(input)).to eq(output)
-        end
-      end
-    end
-  end
 end

data/spec/unit/network/http/api/indirected_routes_spec.rb

@@ -24,6 +24,10 @@ describe Puppet::Network::HTTP::API::IndirectedRoutes do
     let(:env_loaders) { Puppet::Environments::Static.new(environment) }
     let(:params) { { :environment => "env" } }
 
+    before do
+      allow(handler).to receive(:handler).and_return("foo")
+    end
+
     around do |example|
       Puppet.override(:environments => env_loaders) do
         example.run
@@ -58,7 +62,7 @@ describe Puppet::Network::HTTP::API::IndirectedRoutes do
       }.to raise_error(bad_request_error)
     end
 
-    it "should not pass a buck_path parameter through (See Bugs #13553, #13518, #13511)" do
+    it "should not pass a bucket_path parameter through (See Bugs #13553, #13518, #13511)" do
       expect(handler.uri2indirection("GET", "#{master_url_prefix}/node/bar",
                               { :environment => "env",
                                 :bucket_path => "/malicious/path" })[3]).not_to include({ :bucket_path => "/malicious/path" })
@@ -118,10 +122,6 @@ describe Puppet::Network::HTTP::API::IndirectedRoutes do
       expect(handler.uri2indirection("PUT", "#{master_url_prefix}/facts/puppet.node.test", params)[0].name).to eq(:facts)
     end
 
-    it "should change indirection name to 'status' if the http method is a GET and the indirection name is statuses" do
-      expect(handler.uri2indirection("GET", "#{master_url_prefix}/statuses/bar", params)[0].name).to eq(:status)
-    end
-
     it "should change indirection name to 'node' if the http method is a GET and the indirection name is nodes" do
       expect(handler.uri2indirection("GET", "#{master_url_prefix}/nodes/bar", params)[0].name).to eq(:node)
     end
@@ -145,96 +145,9 @@ describe Puppet::Network::HTTP::API::IndirectedRoutes do
       _, _, key, _ = handler.uri2indirection("GET", "#{master_url_prefix}/node/#{escaped}", params)
       expect(key).to eq(escaped)
     end
-
-    it "should not unescape the URI passed through in a call to check_authorization" do
-      key_escaped = Puppet::Util.uri_encode("foo bar")
-      uri_escaped = "#{master_url_prefix}/node/#{key_escaped}"
-      expect(handler).to receive(:check_authorization).with(anything, uri_escaped, anything)
-      handler.uri2indirection("GET", uri_escaped, params)
-    end
-
-    it "when the environment is unknown should remove :environment from params passed to check_authorization and therefore fail" do
-      expect(handler).to receive(:check_authorization).with(anything,
-                                                            anything,
-                                                            excluding(:environment))
-      expect { handler.uri2indirection("GET",
-                                       "#{master_url_prefix}/node/bar",
-                                       {:environment => 'bogus'})
-      }.to raise_error(not_found_error)
-    end
-
-    it "should not URI unescape the indirection key as passed through to a call to check_authorization" do
-      expect(handler).to receive(:check_authorization).with(anything, anything, hash_including(environment: be_a(Puppet::Node::Environment).and(have_attributes(name: :env))))
-
-      handler.uri2indirection("GET", "#{master_url_prefix}/node/bar", params)
-    end
-
-  end
-
-  describe "when converting a request into a URI" do
-    let(:environment) { Puppet::Node::Environment.create(:myenv, []) }
-    let(:request) { Puppet::Indirector::Request.new(:foo, :find, "with spaces", nil, :foo => :bar, :environment => environment) }
-
-    it "should include the environment in the query string of the URI" do
-      expect(handler.class.request_to_uri(request)).to eq("#{master_url_prefix}/foo/with%20spaces?environment=myenv&foo=bar")
-    end
-
-    it "should include the correct url prefix if it is a ca request" do
-      allow(request).to receive(:indirection_name).and_return("certificate")
-      expect(handler.class.request_to_uri(request)).to eq("#{ca_url_prefix}/certificate/with%20spaces?environment=myenv&foo=bar")
-    end
-
-    it "should pluralize the indirection name if the method is 'search'" do
-      allow(request).to receive(:method).and_return(:search)
-      expect(handler.class.request_to_uri(request).split("/")[3]).to eq("foos")
-    end
-
-    it "should add the query string to the URI" do
-      expect(request).to receive(:query_string).and_return("query")
-      expect(handler.class.request_to_uri(request)).to match(/\&query$/)
-    end
-  end
-
-  describe "when converting a request into a URI with body" do
-    let(:environment) { Puppet::Node::Environment.create(:myenv, []) }
-    let(:request) { Puppet::Indirector::Request.new(:foo, :find, "with spaces", nil, :foo => :bar, :environment => environment) }
-
-    it "should use the indirection as the first field of the URI" do
-      expect(handler.class.request_to_uri_and_body(request).first.split("/")[3]).to eq("foo")
-    end
-
-    it "should use the escaped key as the remainder of the URI" do
-      escaped = Puppet::Util.uri_encode("with spaces")
-      expect(handler.class.request_to_uri_and_body(request).first.split("/")[4].sub(/\?.+/, '')).to eq(escaped)
-    end
-
-    it "should include the correct url prefix if it is a master request" do
-      expect(handler.class.request_to_uri_and_body(request).first).to eq("#{master_url_prefix}/foo/with%20spaces")
-    end
-
-    it "should include the correct url prefix if it is a ca request" do
-      allow(request).to receive(:indirection_name).and_return("certificate")
-      expect(handler.class.request_to_uri_and_body(request).first).to eq("#{ca_url_prefix}/certificate/with%20spaces")
-    end
-
-    it "should return the URI and body separately" do
-      expect(handler.class.request_to_uri_and_body(request)).to eq(["#{master_url_prefix}/foo/with%20spaces", "environment=myenv&foo=bar"])
-    end
   end
 
   describe "when processing a request" do
-    it "should raise not_authorized_error when authorization fails" do
-      data = Puppet::IndirectorTesting.new("my data")
-      indirection.save(data, "my data")
-      request = a_request_that_heads(data)
-
-      expect(handler).to receive(:check_authorization).and_raise(Puppet::Network::AuthorizationError.new("forbidden"))
-
-      expect {
-        handler.call(request, response)
-      }.to raise_error(not_authorized_error)
-    end
-
     it "should raise not_found_error if the indirection does not support remote requests" do
       request = a_request_that_heads(Puppet::IndirectorTesting.new("my data"))