puppet 6.24.0-x64-mingw32 → 7.0.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (613) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +16 -2
  3. data/CONTRIBUTING.md +5 -5
  4. data/Gemfile +1 -3
  5. data/Gemfile.lock +35 -47
  6. data/README.md +5 -5
  7. data/conf/fileserver.conf +5 -10
  8. data/ext/build_defaults.yaml +1 -1
  9. data/ext/osx/file_mapping.yaml +0 -5
  10. data/ext/osx/puppet.plist +0 -2
  11. data/ext/project_data.yaml +1 -15
  12. data/ext/redhat/puppet.spec.erb +0 -1
  13. data/ext/windows/service/daemon.rb +6 -5
  14. data/install.rb +21 -17
  15. data/lib/puppet.rb +14 -23
  16. data/lib/puppet/application.rb +178 -108
  17. data/lib/puppet/application/agent.rb +4 -12
  18. data/lib/puppet/application/apply.rb +2 -4
  19. data/lib/puppet/application/device.rb +100 -106
  20. data/lib/puppet/application/filebucket.rb +13 -10
  21. data/lib/puppet/application/resource.rb +3 -17
  22. data/lib/puppet/application/script.rb +0 -2
  23. data/lib/puppet/application/ssl.rb +1 -13
  24. data/lib/puppet/application_support.rb +0 -7
  25. data/lib/puppet/configurer.rb +30 -45
  26. data/lib/puppet/configurer/downloader.rb +1 -2
  27. data/lib/puppet/configurer/plugin_handler.rb +21 -19
  28. data/lib/puppet/defaults.rb +100 -192
  29. data/lib/puppet/environments.rb +60 -84
  30. data/lib/puppet/face/facts.rb +5 -103
  31. data/lib/puppet/face/help.rb +1 -1
  32. data/lib/puppet/face/help/action.erb +0 -1
  33. data/lib/puppet/face/help/face.erb +0 -1
  34. data/lib/puppet/face/node/clean.rb +0 -11
  35. data/lib/puppet/face/plugin.rb +5 -8
  36. data/lib/puppet/ffi/windows.rb +12 -0
  37. data/lib/puppet/ffi/windows/api_types.rb +311 -0
  38. data/lib/puppet/ffi/windows/constants.rb +404 -0
  39. data/lib/puppet/ffi/windows/functions.rb +628 -0
  40. data/lib/puppet/ffi/windows/structs.rb +338 -0
  41. data/lib/puppet/file_serving/configuration.rb +0 -5
  42. data/lib/puppet/file_serving/configuration/parser.rb +3 -32
  43. data/lib/puppet/file_serving/fileset.rb +2 -14
  44. data/lib/puppet/file_serving/http_metadata.rb +1 -1
  45. data/lib/puppet/file_serving/mount.rb +1 -2
  46. data/lib/puppet/file_system/file_impl.rb +1 -1
  47. data/lib/puppet/file_system/memory_file.rb +1 -8
  48. data/lib/puppet/file_system/windows.rb +2 -4
  49. data/lib/puppet/forge.rb +3 -3
  50. data/lib/puppet/forge/repository.rb +0 -1
  51. data/lib/puppet/functions/all.rb +1 -1
  52. data/lib/puppet/functions/camelcase.rb +1 -1
  53. data/lib/puppet/functions/capitalize.rb +2 -2
  54. data/lib/puppet/functions/downcase.rb +2 -2
  55. data/lib/puppet/functions/empty.rb +0 -8
  56. data/lib/puppet/functions/get.rb +5 -5
  57. data/lib/puppet/functions/group_by.rb +5 -13
  58. data/lib/puppet/functions/lest.rb +1 -1
  59. data/lib/puppet/functions/new.rb +100 -100
  60. data/lib/puppet/functions/partition.rb +4 -12
  61. data/lib/puppet/functions/require.rb +5 -5
  62. data/lib/puppet/functions/sort.rb +3 -3
  63. data/lib/puppet/functions/strftime.rb +0 -1
  64. data/lib/puppet/functions/tree_each.rb +9 -7
  65. data/lib/puppet/functions/type.rb +4 -4
  66. data/lib/puppet/functions/unwrap.rb +2 -17
  67. data/lib/puppet/functions/upcase.rb +2 -2
  68. data/lib/puppet/generate/models/type/type.rb +4 -1
  69. data/lib/puppet/http.rb +22 -13
  70. data/lib/puppet/http/client.rb +164 -114
  71. data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
  72. data/lib/puppet/http/errors.rb +16 -0
  73. data/lib/puppet/http/external_client.rb +5 -7
  74. data/lib/puppet/{network/http → http}/factory.rb +8 -15
  75. data/lib/puppet/{network/http → http}/pool.rb +61 -26
  76. data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
  77. data/lib/puppet/http/proxy.rb +137 -0
  78. data/lib/puppet/http/redirector.rb +4 -12
  79. data/lib/puppet/http/resolver.rb +5 -15
  80. data/lib/puppet/http/resolver/server_list.rb +10 -25
  81. data/lib/puppet/http/resolver/settings.rb +4 -7
  82. data/lib/puppet/http/resolver/srv.rb +7 -11
  83. data/lib/puppet/http/response.rb +36 -54
  84. data/lib/puppet/http/response_converter.rb +24 -0
  85. data/lib/puppet/http/response_net_http.rb +42 -0
  86. data/lib/puppet/http/retry_after_handler.rb +4 -13
  87. data/lib/puppet/http/service.rb +12 -26
  88. data/lib/puppet/http/service/ca.rb +11 -22
  89. data/lib/puppet/http/service/compiler.rb +22 -138
  90. data/lib/puppet/http/service/file_server.rb +19 -29
  91. data/lib/puppet/http/service/puppetserver.rb +26 -12
  92. data/lib/puppet/http/service/report.rb +8 -10
  93. data/lib/puppet/http/session.rb +11 -20
  94. data/lib/puppet/{network/http → http}/site.rb +1 -2
  95. data/lib/puppet/indirector/catalog/compiler.rb +0 -1
  96. data/lib/puppet/indirector/catalog/rest.rb +2 -4
  97. data/lib/puppet/indirector/facts/rest.rb +3 -22
  98. data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
  99. data/lib/puppet/indirector/file_content/rest.rb +2 -6
  100. data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
  101. data/lib/puppet/indirector/file_server.rb +1 -8
  102. data/lib/puppet/indirector/generic_http.rb +0 -11
  103. data/lib/puppet/indirector/node/rest.rb +2 -4
  104. data/lib/puppet/indirector/report/rest.rb +3 -8
  105. data/lib/puppet/indirector/request.rb +0 -101
  106. data/lib/puppet/indirector/resource/ral.rb +1 -6
  107. data/lib/puppet/indirector/rest.rb +12 -263
  108. data/lib/puppet/interface/documentation.rb +0 -1
  109. data/lib/puppet/module_tool/applications.rb +0 -1
  110. data/lib/puppet/module_tool/applications/installer.rb +2 -52
  111. data/lib/puppet/module_tool/errors/shared.rb +2 -34
  112. data/lib/puppet/network/authconfig.rb +2 -96
  113. data/lib/puppet/network/authorization.rb +13 -35
  114. data/lib/puppet/network/formats.rb +0 -67
  115. data/lib/puppet/network/http.rb +3 -3
  116. data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
  117. data/lib/puppet/network/http/api/master/v3.rb +11 -13
  118. data/lib/puppet/network/http/connection.rb +247 -316
  119. data/lib/puppet/network/http/handler.rb +0 -1
  120. data/lib/puppet/network/http_pool.rb +16 -34
  121. data/lib/puppet/node.rb +1 -30
  122. data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
  123. data/lib/puppet/pal/pal_impl.rb +3 -1
  124. data/lib/puppet/parser/ast/leaf.rb +2 -3
  125. data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
  126. data/lib/puppet/parser/compiler.rb +0 -198
  127. data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
  128. data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
  129. data/lib/puppet/parser/resource.rb +0 -69
  130. data/lib/puppet/parser/templatewrapper.rb +1 -1
  131. data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
  132. data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
  133. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
  134. data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
  135. data/lib/puppet/pops/issues.rb +0 -5
  136. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
  137. data/lib/puppet/pops/model/ast.pp +0 -42
  138. data/lib/puppet/pops/model/ast.rb +0 -290
  139. data/lib/puppet/pops/model/ast_transformer.rb +1 -1
  140. data/lib/puppet/pops/model/factory.rb +0 -45
  141. data/lib/puppet/pops/model/model_label_provider.rb +0 -5
  142. data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
  143. data/lib/puppet/pops/model/pn_transformer.rb +0 -16
  144. data/lib/puppet/pops/parser/egrammar.ra +0 -56
  145. data/lib/puppet/pops/parser/eparser.rb +1520 -1712
  146. data/lib/puppet/pops/parser/lexer2.rb +4 -4
  147. data/lib/puppet/pops/parser/parser_support.rb +0 -5
  148. data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
  149. data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
  150. data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
  151. data/lib/puppet/pops/types/type_calculator.rb +0 -7
  152. data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
  153. data/lib/puppet/pops/types/type_parser.rb +0 -4
  154. data/lib/puppet/pops/types/types.rb +0 -1
  155. data/lib/puppet/pops/validation/checker4_0.rb +9 -37
  156. data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
  157. data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
  158. data/lib/puppet/property/list.rb +1 -1
  159. data/lib/puppet/provider.rb +0 -13
  160. data/lib/puppet/provider/exec/posix.rb +4 -16
  161. data/lib/puppet/provider/group/groupadd.rb +8 -13
  162. data/lib/puppet/provider/nameservice.rb +0 -18
  163. data/lib/puppet/provider/package/apt.rb +2 -34
  164. data/lib/puppet/provider/package/aptitude.rb +0 -6
  165. data/lib/puppet/provider/package/dnfmodule.rb +1 -1
  166. data/lib/puppet/provider/package/dpkg.rb +0 -10
  167. data/lib/puppet/provider/package/gem.rb +23 -3
  168. data/lib/puppet/provider/package/nim.rb +6 -11
  169. data/lib/puppet/provider/package/pip.rb +3 -16
  170. data/lib/puppet/provider/package/pkg.rb +0 -4
  171. data/lib/puppet/provider/package/portage.rb +1 -1
  172. data/lib/puppet/provider/package/puppet_gem.rb +1 -4
  173. data/lib/puppet/provider/parsedfile.rb +0 -3
  174. data/lib/puppet/provider/service/debian.rb +0 -2
  175. data/lib/puppet/provider/service/smf.rb +191 -73
  176. data/lib/puppet/provider/service/systemd.rb +4 -14
  177. data/lib/puppet/provider/service/windows.rb +0 -38
  178. data/lib/puppet/provider/user/aix.rb +2 -2
  179. data/lib/puppet/provider/user/directoryservice.rb +10 -33
  180. data/lib/puppet/provider/user/useradd.rb +8 -62
  181. data/lib/puppet/reference/configuration.rb +8 -7
  182. data/lib/puppet/reference/indirection.rb +1 -1
  183. data/lib/puppet/resource.rb +1 -89
  184. data/lib/puppet/resource/catalog.rb +1 -14
  185. data/lib/puppet/resource/type.rb +3 -119
  186. data/lib/puppet/resource/type_collection.rb +3 -48
  187. data/lib/puppet/runtime.rb +1 -2
  188. data/lib/puppet/settings.rb +80 -96
  189. data/lib/puppet/settings/environment_conf.rb +0 -1
  190. data/lib/puppet/settings/integer_setting.rb +17 -0
  191. data/lib/puppet/settings/port_setting.rb +15 -0
  192. data/lib/puppet/settings/priority_setting.rb +5 -4
  193. data/lib/puppet/ssl.rb +10 -6
  194. data/lib/puppet/ssl/base.rb +3 -5
  195. data/lib/puppet/ssl/certificate.rb +0 -6
  196. data/lib/puppet/ssl/certificate_request.rb +1 -12
  197. data/lib/puppet/ssl/certificate_signer.rb +6 -0
  198. data/lib/puppet/ssl/oids.rb +3 -1
  199. data/lib/puppet/ssl/ssl_provider.rb +17 -0
  200. data/lib/puppet/ssl/state_machine.rb +3 -1
  201. data/lib/puppet/ssl/verifier.rb +2 -0
  202. data/lib/puppet/test/test_helper.rb +1 -3
  203. data/lib/puppet/transaction.rb +1 -7
  204. data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
  205. data/lib/puppet/transaction/report.rb +2 -4
  206. data/lib/puppet/type.rb +0 -76
  207. data/lib/puppet/type/exec.rb +3 -16
  208. data/lib/puppet/type/file.rb +6 -26
  209. data/lib/puppet/type/file/checksum.rb +1 -1
  210. data/lib/puppet/type/file/mode.rb +0 -6
  211. data/lib/puppet/type/file/selcontext.rb +1 -1
  212. data/lib/puppet/type/file/source.rb +1 -1
  213. data/lib/puppet/type/filebucket.rb +3 -3
  214. data/lib/puppet/type/package.rb +8 -16
  215. data/lib/puppet/type/service.rb +38 -18
  216. data/lib/puppet/type/tidy.rb +3 -22
  217. data/lib/puppet/type/user.rb +20 -38
  218. data/lib/puppet/util/autoload.rb +8 -1
  219. data/lib/puppet/util/execution.rb +0 -11
  220. data/lib/puppet/util/http_proxy.rb +2 -215
  221. data/lib/puppet/util/monkey_patches.rb +0 -53
  222. data/lib/puppet/util/posix.rb +5 -54
  223. data/lib/puppet/util/rdoc.rb +0 -7
  224. data/lib/puppet/util/retry_action.rb +1 -1
  225. data/lib/puppet/util/run_mode.rb +9 -1
  226. data/lib/puppet/util/selinux.rb +4 -30
  227. data/lib/puppet/util/symbolic_file_mode.rb +17 -29
  228. data/lib/puppet/util/windows.rb +3 -8
  229. data/lib/puppet/util/windows/adsi.rb +0 -46
  230. data/lib/puppet/util/windows/daemon.rb +360 -0
  231. data/lib/puppet/util/windows/error.rb +1 -0
  232. data/lib/puppet/util/windows/eventlog.rb +4 -9
  233. data/lib/puppet/util/windows/file.rb +8 -242
  234. data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
  235. data/lib/puppet/util/windows/principal.rb +2 -9
  236. data/lib/puppet/util/windows/process.rb +4 -226
  237. data/lib/puppet/util/windows/service.rb +9 -460
  238. data/lib/puppet/util/windows/sid.rb +2 -6
  239. data/lib/puppet/util/windows/string.rb +12 -13
  240. data/lib/puppet/util/yaml.rb +0 -22
  241. data/lib/puppet/vendor/require_vendored.rb +0 -1
  242. data/lib/puppet/version.rb +1 -1
  243. data/lib/puppet/x509.rb +5 -1
  244. data/lib/puppet/x509/cert_provider.rb +29 -1
  245. data/locales/puppet.pot +722 -1527
  246. data/man/man5/puppet.conf.5 +266 -354
  247. data/man/man8/puppet-agent.8 +2 -2
  248. data/man/man8/puppet-apply.8 +2 -2
  249. data/man/man8/puppet-catalog.8 +9 -9
  250. data/man/man8/puppet-config.8 +1 -1
  251. data/man/man8/puppet-describe.8 +1 -1
  252. data/man/man8/puppet-device.8 +2 -2
  253. data/man/man8/puppet-doc.8 +1 -1
  254. data/man/man8/puppet-epp.8 +1 -1
  255. data/man/man8/puppet-facts.8 +8 -51
  256. data/man/man8/puppet-filebucket.8 +4 -4
  257. data/man/man8/puppet-generate.8 +1 -1
  258. data/man/man8/puppet-help.8 +1 -1
  259. data/man/man8/puppet-lookup.8 +1 -1
  260. data/man/man8/puppet-module.8 +1 -58
  261. data/man/man8/puppet-node.8 +5 -5
  262. data/man/man8/puppet-parser.8 +1 -1
  263. data/man/man8/puppet-plugin.8 +1 -1
  264. data/man/man8/puppet-report.8 +5 -5
  265. data/man/man8/puppet-resource.8 +1 -1
  266. data/man/man8/puppet-script.8 +2 -2
  267. data/man/man8/puppet-ssl.8 +1 -5
  268. data/man/man8/puppet.8 +2 -2
  269. data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
  270. data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
  271. data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
  272. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
  273. data/spec/fixtures/ssl/ca.pem +35 -57
  274. data/spec/fixtures/ssl/crl.pem +18 -28
  275. data/spec/fixtures/ssl/ec-key.pem +11 -11
  276. data/spec/fixtures/ssl/ec.pem +24 -33
  277. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  278. data/spec/fixtures/ssl/encrypted-key.pem +58 -108
  279. data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
  280. data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
  281. data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
  282. data/spec/fixtures/ssl/intermediate.pem +36 -57
  283. data/spec/fixtures/ssl/pluto-key.pem +57 -107
  284. data/spec/fixtures/ssl/pluto.pem +30 -52
  285. data/spec/fixtures/ssl/request-key.pem +57 -107
  286. data/spec/fixtures/ssl/request.pem +26 -47
  287. data/spec/fixtures/ssl/revoked-key.pem +57 -107
  288. data/spec/fixtures/ssl/revoked.pem +30 -52
  289. data/spec/fixtures/ssl/signed-key.pem +57 -107
  290. data/spec/fixtures/ssl/signed.pem +30 -52
  291. data/spec/fixtures/ssl/tampered-cert.pem +30 -52
  292. data/spec/fixtures/ssl/tampered-csr.pem +26 -47
  293. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
  294. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
  295. data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
  296. data/spec/fixtures/ssl/unknown-ca.pem +33 -55
  297. data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
  298. data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
  299. data/spec/integration/application/agent_spec.rb +27 -171
  300. data/spec/integration/application/apply_spec.rb +1 -20
  301. data/spec/integration/application/filebucket_spec.rb +16 -27
  302. data/spec/integration/application/help_spec.rb +2 -0
  303. data/spec/integration/application/module_spec.rb +0 -21
  304. data/spec/integration/application/plugin_spec.rb +24 -2
  305. data/spec/integration/defaults_spec.rb +14 -3
  306. data/spec/integration/environments/settings_interpolation_spec.rb +4 -0
  307. data/spec/integration/http/client_spec.rb +0 -12
  308. data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
  309. data/spec/integration/indirector/facts/facter_spec.rb +36 -90
  310. data/spec/integration/network/http_pool_spec.rb +3 -21
  311. data/spec/integration/parser/catalog_spec.rb +0 -38
  312. data/spec/integration/parser/node_spec.rb +0 -9
  313. data/spec/integration/parser/pcore_resource_spec.rb +0 -37
  314. data/spec/integration/resource/type_collection_spec.rb +6 -2
  315. data/spec/integration/transaction_spec.rb +9 -4
  316. data/spec/integration/type/exec_spec.rb +45 -70
  317. data/spec/integration/type/file_spec.rb +5 -4
  318. data/spec/integration/util/windows/adsi_spec.rb +1 -21
  319. data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
  320. data/spec/integration/util/windows/principal_spec.rb +0 -21
  321. data/spec/integration/util/windows/registry_spec.rb +10 -6
  322. data/spec/integration/util/windows/security_spec.rb +1 -1
  323. data/spec/lib/matchers/include.rb +27 -0
  324. data/spec/lib/matchers/include_spec.rb +32 -0
  325. data/spec/lib/puppet/test_ca.rb +2 -7
  326. data/spec/lib/puppet_spec/puppetserver.rb +1 -1
  327. data/spec/lib/puppet_spec/settings.rb +1 -1
  328. data/spec/spec_helper.rb +7 -12
  329. data/spec/unit/agent_spec.rb +6 -10
  330. data/spec/unit/application/agent_spec.rb +3 -7
  331. data/spec/unit/application/facts_spec.rb +12 -456
  332. data/spec/unit/application/filebucket_spec.rb +43 -39
  333. data/spec/unit/application/ssl_spec.rb +2 -25
  334. data/spec/unit/application_spec.rb +9 -51
  335. data/spec/unit/certificate_factory_spec.rb +1 -1
  336. data/spec/unit/configurer/downloader_spec.rb +6 -8
  337. data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
  338. data/spec/unit/configurer_spec.rb +12 -32
  339. data/spec/unit/confine/feature_spec.rb +1 -1
  340. data/spec/unit/confine_spec.rb +2 -8
  341. data/spec/unit/context/trusted_information_spec.rb +2 -6
  342. data/spec/unit/defaults_spec.rb +68 -54
  343. data/spec/unit/environments_spec.rb +68 -259
  344. data/spec/unit/face/node_spec.rb +11 -0
  345. data/spec/unit/face/plugin_spec.rb +73 -33
  346. data/spec/unit/file_bucket/file_spec.rb +1 -1
  347. data/spec/unit/file_serving/configuration/parser_spec.rb +15 -18
  348. data/spec/unit/file_serving/configuration_spec.rb +6 -12
  349. data/spec/unit/file_serving/fileset_spec.rb +0 -60
  350. data/spec/unit/file_serving/metadata_spec.rb +3 -3
  351. data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
  352. data/spec/unit/file_system_spec.rb +0 -15
  353. data/spec/unit/forge/module_release_spec.rb +7 -2
  354. data/spec/unit/functions/assert_type_spec.rb +1 -1
  355. data/spec/unit/functions/camelcase_spec.rb +1 -1
  356. data/spec/unit/functions/capitalize_spec.rb +1 -1
  357. data/spec/unit/functions/downcase_spec.rb +1 -1
  358. data/spec/unit/functions/empty_spec.rb +0 -10
  359. data/spec/unit/functions/unwrap_spec.rb +0 -8
  360. data/spec/unit/functions/upcase_spec.rb +1 -1
  361. data/spec/unit/functions4_spec.rb +2 -2
  362. data/spec/unit/gettext/config_spec.rb +0 -12
  363. data/spec/unit/http/client_spec.rb +7 -8
  364. data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
  365. data/spec/unit/http/external_client_spec.rb +4 -4
  366. data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
  367. data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
  368. data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
  369. data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
  370. data/spec/unit/http/resolver_spec.rb +13 -13
  371. data/spec/unit/http/service/compiler_spec.rb +0 -185
  372. data/spec/unit/http/service/file_server_spec.rb +3 -3
  373. data/spec/unit/http/service/puppetserver_spec.rb +34 -4
  374. data/spec/unit/http/service_spec.rb +0 -1
  375. data/spec/unit/http/session_spec.rb +16 -14
  376. data/spec/unit/{network/http → http}/site_spec.rb +3 -3
  377. data/spec/unit/indirector/catalog/compiler_spec.rb +10 -14
  378. data/spec/unit/indirector/face_spec.rb +1 -0
  379. data/spec/unit/indirector/facts/facter_spec.rb +3 -0
  380. data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
  381. data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
  382. data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
  383. data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
  384. data/spec/unit/indirector/file_server_spec.rb +1 -15
  385. data/spec/unit/indirector/indirection_spec.rb +12 -8
  386. data/spec/unit/indirector/report/rest_spec.rb +2 -17
  387. data/spec/unit/indirector/request_spec.rb +0 -264
  388. data/spec/unit/indirector/resource/ral_spec.rb +75 -40
  389. data/spec/unit/indirector/rest_spec.rb +98 -752
  390. data/spec/unit/indirector_spec.rb +2 -2
  391. data/spec/unit/module_tool/applications/installer_spec.rb +0 -78
  392. data/spec/unit/network/authconfig_spec.rb +2 -129
  393. data/spec/unit/network/authorization_spec.rb +2 -55
  394. data/spec/unit/network/formats_spec.rb +4 -45
  395. data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
  396. data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
  397. data/spec/unit/network/http/api_spec.rb +10 -0
  398. data/spec/unit/network/http/connection_spec.rb +19 -41
  399. data/spec/unit/network/http/handler_spec.rb +0 -1
  400. data/spec/unit/network/http_pool_spec.rb +0 -4
  401. data/spec/unit/node/environment_spec.rb +33 -21
  402. data/spec/unit/node_spec.rb +2 -54
  403. data/spec/unit/parser/compiler_spec.rb +19 -3
  404. data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
  405. data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
  406. data/spec/unit/parser/resource_spec.rb +8 -14
  407. data/spec/unit/parser/templatewrapper_spec.rb +5 -16
  408. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
  409. data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
  410. data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
  411. data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
  412. data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
  413. data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
  414. data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
  415. data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
  416. data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
  417. data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
  418. data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
  419. data/spec/unit/pops/types/type_factory_spec.rb +1 -1
  420. data/spec/unit/pops/validator/validator_spec.rb +61 -46
  421. data/spec/unit/pops/visitor_spec.rb +1 -1
  422. data/spec/unit/property_spec.rb +0 -1
  423. data/spec/unit/provider/group/groupadd_spec.rb +2 -5
  424. data/spec/unit/provider/nameservice_spec.rb +64 -122
  425. data/spec/unit/provider/package/apt_spec.rb +23 -28
  426. data/spec/unit/provider/package/aptitude_spec.rb +1 -1
  427. data/spec/unit/provider/package/base_spec.rb +5 -6
  428. data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
  429. data/spec/unit/provider/package/dpkg_spec.rb +0 -48
  430. data/spec/unit/provider/package/gem_spec.rb +32 -0
  431. data/spec/unit/provider/package/nim_spec.rb +0 -42
  432. data/spec/unit/provider/package/pacman_spec.rb +12 -18
  433. data/spec/unit/provider/package/pip_spec.rb +11 -43
  434. data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
  435. data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
  436. data/spec/unit/provider/parsedfile_spec.rb +0 -10
  437. data/spec/unit/provider/service/init_spec.rb +0 -1
  438. data/spec/unit/provider/service/openwrt_spec.rb +1 -3
  439. data/spec/unit/provider/service/smf_spec.rb +401 -165
  440. data/spec/unit/provider/service/systemd_spec.rb +8 -53
  441. data/spec/unit/provider/service/windows_spec.rb +0 -203
  442. data/spec/unit/provider/user/aix_spec.rb +0 -5
  443. data/spec/unit/provider/user/directoryservice_spec.rb +35 -67
  444. data/spec/unit/provider/user/hpux_spec.rb +1 -1
  445. data/spec/unit/provider/user/pw_spec.rb +0 -2
  446. data/spec/unit/provider/user/useradd_spec.rb +3 -71
  447. data/spec/unit/provider_spec.rb +8 -18
  448. data/spec/unit/resource/catalog_spec.rb +1 -1
  449. data/spec/unit/resource/type_collection_spec.rb +2 -22
  450. data/spec/unit/resource/type_spec.rb +1 -1
  451. data/spec/unit/resource_spec.rb +10 -67
  452. data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
  453. data/spec/unit/settings/integer_setting_spec.rb +42 -0
  454. data/spec/unit/settings/port_setting_spec.rb +31 -0
  455. data/spec/unit/settings/priority_setting_spec.rb +4 -4
  456. data/spec/unit/settings_spec.rb +79 -110
  457. data/spec/unit/ssl/base_spec.rb +37 -3
  458. data/spec/unit/ssl/certificate_request_spec.rb +15 -45
  459. data/spec/unit/ssl/certificate_spec.rb +2 -11
  460. data/spec/unit/ssl/ssl_provider_spec.rb +2 -5
  461. data/spec/unit/ssl/state_machine_spec.rb +5 -20
  462. data/spec/unit/ssl/verifier_spec.rb +0 -21
  463. data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
  464. data/spec/unit/transaction/event_manager_spec.rb +11 -14
  465. data/spec/unit/transaction/report_spec.rb +0 -2
  466. data/spec/unit/transaction/resource_harness_spec.rb +2 -2
  467. data/spec/unit/transaction_spec.rb +55 -96
  468. data/spec/unit/type/exec_spec.rb +29 -76
  469. data/spec/unit/type/file/checksum_spec.rb +6 -6
  470. data/spec/unit/type/file/content_spec.rb +2 -1
  471. data/spec/unit/type/file/ensure_spec.rb +1 -1
  472. data/spec/unit/type/file/mode_spec.rb +1 -1
  473. data/spec/unit/type/file/selinux_spec.rb +5 -3
  474. data/spec/unit/type/file/source_spec.rb +4 -5
  475. data/spec/unit/type/file_spec.rb +18 -6
  476. data/spec/unit/type/group_spec.rb +6 -13
  477. data/spec/unit/type/package_spec.rb +1 -1
  478. data/spec/unit/type/resources_spec.rb +7 -7
  479. data/spec/unit/type/service_spec.rb +189 -60
  480. data/spec/unit/type/tidy_spec.rb +8 -24
  481. data/spec/unit/type/user_spec.rb +0 -45
  482. data/spec/unit/type_spec.rb +22 -2
  483. data/spec/unit/util/at_fork_spec.rb +2 -2
  484. data/spec/unit/util/autoload_spec.rb +1 -5
  485. data/spec/unit/util/backups_spec.rb +2 -3
  486. data/spec/unit/util/execution_spec.rb +11 -44
  487. data/spec/unit/util/inifile_spec.rb +14 -6
  488. data/spec/unit/util/log_spec.rb +7 -8
  489. data/spec/unit/util/logging_spec.rb +3 -3
  490. data/spec/unit/util/monkey_patches_spec.rb +0 -6
  491. data/spec/unit/util/posix_spec.rb +15 -363
  492. data/spec/unit/util/run_mode_spec.rb +21 -121
  493. data/spec/unit/util/selinux_spec.rb +68 -163
  494. data/spec/unit/util/storage_spec.rb +1 -3
  495. data/spec/unit/util/suidmanager_spec.rb +41 -44
  496. data/spec/unit/util/windows/sid_spec.rb +0 -41
  497. data/spec/unit/util/windows/string_spec.rb +1 -3
  498. data/spec/unit/util/yaml_spec.rb +0 -54
  499. data/spec/unit/util_spec.rb +6 -31
  500. data/tasks/generate_cert_fixtures.rake +3 -12
  501. metadata +45 -253
  502. data/conf/auth.conf +0 -150
  503. data/lib/puppet/application/cert.rb +0 -76
  504. data/lib/puppet/application/key.rb +0 -4
  505. data/lib/puppet/application/man.rb +0 -4
  506. data/lib/puppet/application/status.rb +0 -4
  507. data/lib/puppet/face/key.rb +0 -16
  508. data/lib/puppet/face/man.rb +0 -145
  509. data/lib/puppet/face/module/build.rb +0 -14
  510. data/lib/puppet/face/module/generate.rb +0 -14
  511. data/lib/puppet/face/module/search.rb +0 -103
  512. data/lib/puppet/face/status.rb +0 -51
  513. data/lib/puppet/ffi/posix.rb +0 -10
  514. data/lib/puppet/ffi/posix/constants.rb +0 -14
  515. data/lib/puppet/ffi/posix/functions.rb +0 -24
  516. data/lib/puppet/indirector/certificate/file.rb +0 -9
  517. data/lib/puppet/indirector/certificate/rest.rb +0 -18
  518. data/lib/puppet/indirector/certificate_request/file.rb +0 -9
  519. data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
  520. data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
  521. data/lib/puppet/indirector/file_content/http.rb +0 -22
  522. data/lib/puppet/indirector/key/file.rb +0 -46
  523. data/lib/puppet/indirector/key/memory.rb +0 -7
  524. data/lib/puppet/indirector/ssl_file.rb +0 -162
  525. data/lib/puppet/indirector/status.rb +0 -3
  526. data/lib/puppet/indirector/status/local.rb +0 -12
  527. data/lib/puppet/indirector/status/rest.rb +0 -27
  528. data/lib/puppet/module_tool/applications/searcher.rb +0 -29
  529. data/lib/puppet/network/auth_config_parser.rb +0 -90
  530. data/lib/puppet/network/authstore.rb +0 -283
  531. data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
  532. data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
  533. data/lib/puppet/network/http/base_pool.rb +0 -36
  534. data/lib/puppet/network/http/compression.rb +0 -127
  535. data/lib/puppet/network/http/connection_adapter.rb +0 -184
  536. data/lib/puppet/network/http/nocache_pool.rb +0 -28
  537. data/lib/puppet/network/rest_controller.rb +0 -2
  538. data/lib/puppet/network/rights.rb +0 -210
  539. data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
  540. data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
  541. data/lib/puppet/parser/environment_compiler.rb +0 -202
  542. data/lib/puppet/pops/types/enumeration.rb +0 -16
  543. data/lib/puppet/resource/capability_finder.rb +0 -154
  544. data/lib/puppet/rest/errors.rb +0 -15
  545. data/lib/puppet/rest/response.rb +0 -35
  546. data/lib/puppet/rest/route.rb +0 -85
  547. data/lib/puppet/rest/routes.rb +0 -135
  548. data/lib/puppet/settings/alias_setting.rb +0 -37
  549. data/lib/puppet/ssl/host.rb +0 -505
  550. data/lib/puppet/ssl/key.rb +0 -61
  551. data/lib/puppet/ssl/validator.rb +0 -61
  552. data/lib/puppet/ssl/validator/default_validator.rb +0 -209
  553. data/lib/puppet/ssl/validator/no_validator.rb +0 -22
  554. data/lib/puppet/ssl/verifier_adapter.rb +0 -58
  555. data/lib/puppet/status.rb +0 -40
  556. data/lib/puppet/util/connection.rb +0 -88
  557. data/lib/puppet/util/fact_dif.rb +0 -81
  558. data/lib/puppet/util/ssl.rb +0 -83
  559. data/lib/puppet/util/windows/api_types.rb +0 -309
  560. data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
  561. data/lib/puppet/vendor/load_pathspec.rb +0 -1
  562. data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
  563. data/lib/puppet/vendor/pathspec/LICENSE +0 -201
  564. data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
  565. data/lib/puppet/vendor/pathspec/README.md +0 -53
  566. data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
  567. data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
  568. data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
  569. data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
  570. data/man/man8/puppet-key.8 +0 -126
  571. data/man/man8/puppet-man.8 +0 -76
  572. data/man/man8/puppet-status.8 +0 -108
  573. data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -91
  574. data/spec/fixtures/ssl/oid-key.pem +0 -117
  575. data/spec/fixtures/ssl/oid.pem +0 -69
  576. data/spec/fixtures/ssl/trusted_oid_mapping.yaml +0 -5
  577. data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
  578. data/spec/integration/application/resource_spec.rb +0 -64
  579. data/spec/integration/application/ssl_spec.rb +0 -20
  580. data/spec/integration/network/authconfig_spec.rb +0 -256
  581. data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
  582. data/spec/unit/application/man_spec.rb +0 -52
  583. data/spec/unit/capability_spec.rb +0 -414
  584. data/spec/unit/face/key_spec.rb +0 -9
  585. data/spec/unit/face/module/search_spec.rb +0 -231
  586. data/spec/unit/face/status_spec.rb +0 -9
  587. data/spec/unit/indirector/certificate/file_spec.rb +0 -14
  588. data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
  589. data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
  590. data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
  591. data/spec/unit/indirector/key/file_spec.rb +0 -78
  592. data/spec/unit/indirector/ssl_file_spec.rb +0 -305
  593. data/spec/unit/indirector/status/local_spec.rb +0 -10
  594. data/spec/unit/indirector/status/rest_spec.rb +0 -50
  595. data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
  596. data/spec/unit/network/auth_config_parser_spec.rb +0 -115
  597. data/spec/unit/network/authstore_spec.rb +0 -422
  598. data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
  599. data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
  600. data/spec/unit/network/http/compression_spec.rb +0 -240
  601. data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
  602. data/spec/unit/network/http_spec.rb +0 -9
  603. data/spec/unit/network/rights_spec.rb +0 -439
  604. data/spec/unit/parser/environment_compiler_spec.rb +0 -730
  605. data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
  606. data/spec/unit/pops/types/enumeration_spec.rb +0 -51
  607. data/spec/unit/resource/capability_finder_spec.rb +0 -148
  608. data/spec/unit/rest/route_spec.rb +0 -132
  609. data/spec/unit/ssl/host_spec.rb +0 -645
  610. data/spec/unit/ssl/key_spec.rb +0 -173
  611. data/spec/unit/ssl/validator_spec.rb +0 -278
  612. data/spec/unit/status_spec.rb +0 -45
  613. data/spec/unit/util/ssl_spec.rb +0 -91
@@ -1,64 +0,0 @@
1
- require 'spec_helper'
2
-
3
- require 'puppet/network/http'
4
- require 'puppet/network/http/connection'
5
-
6
- describe Puppet::Network::HTTP::NoCachePool do
7
- let(:site) { Puppet::Network::HTTP::Site.new('https', 'rubygems.org', 443) }
8
- let(:verifier) { double('verifier', :setup_connection => nil) }
9
-
10
- it 'yields a started connection' do
11
- http = double('http', start: nil, finish: nil, started?: true)
12
-
13
- factory = Puppet::Network::HTTP::Factory.new
14
- allow(factory).to receive(:create_connection).and_return(http)
15
- pool = Puppet::Network::HTTP::NoCachePool.new(factory)
16
-
17
- expect { |b|
18
- pool.with_connection(site, verifier, &b)
19
- }.to yield_with_args(http)
20
- end
21
-
22
- it 'yields a new connection each time' do
23
- http1 = double('http1', start: nil, finish: nil, started?: true)
24
- http2 = double('http2', start: nil, finish: nil, started?: true)
25
-
26
- factory = Puppet::Network::HTTP::Factory.new
27
- allow(factory).to receive(:create_connection).and_return(http1, http2)
28
- pool = Puppet::Network::HTTP::NoCachePool.new(factory)
29
-
30
- expect { |b|
31
- pool.with_connection(site, verifier, &b)
32
- }.to yield_with_args(http1)
33
-
34
- expect { |b|
35
- pool.with_connection(site, verifier, &b)
36
- }.to yield_with_args(http2)
37
- end
38
-
39
- it 'has a close method' do
40
- Puppet::Network::HTTP::NoCachePool.new.close
41
- end
42
-
43
- it 'logs a deprecation warning' do
44
- http = double('http', start: nil, finish: nil, started?: true)
45
-
46
- factory = Puppet::Network::HTTP::Factory.new
47
- allow(factory).to receive(:create_connection).and_return(http)
48
- Puppet::Network::HTTP::NoCachePool.new(factory)
49
-
50
- expect(@logs).to include(an_object_having_attributes(level: :warning, message: /Puppet::Network::HTTP::NoCachePool is deprecated/))
51
- end
52
-
53
- it 'omits the warning when deprecations are disabled' do
54
- Puppet[:disable_warnings] = 'deprecations'
55
-
56
- http = double('http', start: nil, finish: nil, started?: true)
57
-
58
- factory = Puppet::Network::HTTP::Factory.new
59
- allow(factory).to receive(:create_connection).and_return(http)
60
- Puppet::Network::HTTP::NoCachePool.new(factory)
61
-
62
- expect(@logs).to eq([])
63
- end
64
- end
@@ -1,9 +0,0 @@
1
- require 'spec_helper'
2
- require 'puppet/network/http'
3
-
4
- describe Puppet::Network::HTTP do
5
- it 'defines an http_pool context' do
6
- pool = Puppet.lookup(:http_pool)
7
- expect(pool).to be_a(Puppet::Network::HTTP::Pool)
8
- end
9
- end
@@ -1,439 +0,0 @@
1
- require 'spec_helper'
2
-
3
- require 'puppet/network/rights'
4
-
5
- describe Puppet::Network::Rights do
6
- before do
7
- @right = Puppet::Network::Rights.new
8
- end
9
-
10
- describe "when validating a :head request" do
11
- [:find, :save].each do |allowed_method|
12
- it "should allow the request if only #{allowed_method} is allowed" do
13
- rights = Puppet::Network::Rights.new
14
- right = rights.newright("/")
15
- right.allow("*")
16
- right.restrict_method(allowed_method)
17
- right.restrict_authenticated(:any)
18
- expect(rights.is_request_forbidden_and_why?(:head, "/indirection_name/key", {})).to eq(nil)
19
- end
20
- end
21
-
22
- it "should disallow the request if neither :find nor :save is allowed" do
23
- rights = Puppet::Network::Rights.new
24
- why_forbidden = rights.is_request_forbidden_and_why?(:head, "/indirection_name/key", {})
25
- expect(why_forbidden).to be_instance_of(Puppet::Network::AuthorizationError)
26
- expect(why_forbidden.to_s).to eq("Forbidden request: /indirection_name/key [find]")
27
- end
28
- end
29
-
30
- it "should throw an error if type can't be determined" do
31
- expect { @right.newright("name") }.to raise_error(ArgumentError, /Unknown right type/)
32
- end
33
-
34
- describe "when creating new path ACLs" do
35
- it "should not throw an error if the ACL already exists" do
36
- @right.newright("/name")
37
-
38
- expect { @right.newright("/name")}.not_to raise_error
39
- end
40
-
41
- it "should throw an error if the acl uri path is not absolute" do
42
- expect { @right.newright("name")}.to raise_error(ArgumentError, /Unknown right type/)
43
- end
44
-
45
- it "should create a new ACL with the correct path" do
46
- @right.newright("/name")
47
-
48
- expect(@right["/name"]).not_to be_nil
49
- end
50
-
51
- it "should create an ACL of type Puppet::Network::AuthStore" do
52
- @right.newright("/name")
53
-
54
- expect(@right["/name"]).to be_a_kind_of(Puppet::Network::AuthStore)
55
- end
56
- end
57
-
58
- describe "when creating new regex ACLs" do
59
- it "should not throw an error if the ACL already exists" do
60
- @right.newright("~ .rb$")
61
-
62
- expect { @right.newright("~ .rb$")}.not_to raise_error
63
- end
64
-
65
- it "should create a new ACL with the correct regex" do
66
- @right.newright("~ .rb$")
67
-
68
- expect(@right.include?(".rb$")).not_to be_nil
69
- end
70
-
71
- it "should be able to lookup the regex" do
72
- @right.newright("~ .rb$")
73
-
74
- expect(@right[".rb$"]).not_to be_nil
75
- end
76
-
77
- it "should be able to lookup the regex by its full name" do
78
- @right.newright("~ .rb$")
79
-
80
- expect(@right["~ .rb$"]).not_to be_nil
81
- end
82
-
83
- it "should create an ACL of type Puppet::Network::AuthStore" do
84
- expect(@right.newright("~ .rb$")).to be_a_kind_of(Puppet::Network::AuthStore)
85
- end
86
- end
87
-
88
- describe "when checking ACLs existence" do
89
- it "should return false if there are no matching rights" do
90
- expect(@right.include?("name")).to be_falsey
91
- end
92
-
93
- it "should return true if a path right exists" do
94
- @right.newright("/name")
95
-
96
- expect(@right.include?("/name")).to be_truthy
97
- end
98
-
99
- it "should return false if no matching path rights exist" do
100
- @right.newright("/name")
101
-
102
- expect(@right.include?("/differentname")).to be_falsey
103
- end
104
-
105
- it "should return true if a regex right exists" do
106
- @right.newright("~ .rb$")
107
-
108
- expect(@right.include?(".rb$")).to be_truthy
109
- end
110
-
111
- it "should return false if no matching path rights exist" do
112
- @right.newright("~ .rb$")
113
-
114
- expect(@right.include?(".pp$")).to be_falsey
115
- end
116
- end
117
-
118
- describe "when checking if right is allowed" do
119
- before :each do
120
- allow(@right).to receive(:right).and_return(nil)
121
-
122
- @pathacl = double('pathacl', :"<=>" => 1, :line => 0, :file => 'dummy')
123
- allow(Puppet::Network::Rights::Right).to receive(:new).and_return(@pathacl)
124
- end
125
-
126
- it "should delegate to is_forbidden_and_why?" do
127
- expect(@right).to receive(:is_forbidden_and_why?).with("namespace", :node => "host.domain.com", :ip => "127.0.0.1").and_return(nil)
128
-
129
- @right.allowed?("namespace", "host.domain.com", "127.0.0.1")
130
- end
131
-
132
- it "should return true if is_forbidden_and_why? returns nil" do
133
- allow(@right).to receive(:is_forbidden_and_why?).and_return(nil)
134
- expect(@right.allowed?("namespace", :args)).to be_truthy
135
- end
136
-
137
- it "should return false if is_forbidden_and_why? returns an AuthorizationError" do
138
- allow(@right).to receive(:is_forbidden_and_why?).and_return(Puppet::Network::AuthorizationError.new("forbidden"))
139
- expect(@right.allowed?("namespace", :args1, :args2)).to be_falsey
140
- end
141
-
142
- it "should pass the match? return to allowed?" do
143
- @right.newright("/path/to/there")
144
-
145
- expect(@pathacl).to receive(:match?).and_return(:match)
146
- expect(@pathacl).to receive(:allowed?).with(anything, anything, hash_including(match: :match)).and_return(true)
147
-
148
- expect(@right.is_forbidden_and_why?("/path/to/there", {})).to eq(nil)
149
- end
150
-
151
- describe "with path acls" do
152
- before :each do
153
- @long_acl = double('longpathacl', :name => "/path/to/there", :line => 0, :file => 'dummy')
154
- allow(Puppet::Network::Rights::Right).to receive(:new).with("/path/to/there", 0, nil).and_return(@long_acl)
155
-
156
- @short_acl = double('shortpathacl', :name => "/path/to", :line => 0, :file => 'dummy')
157
- allow(Puppet::Network::Rights::Right).to receive(:new).with("/path/to", 0, nil).and_return(@short_acl)
158
-
159
- allow(@long_acl).to receive(:"<=>").with(@short_acl).and_return(0)
160
- allow(@short_acl).to receive(:"<=>").with(@long_acl).and_return(0)
161
- end
162
-
163
- it "should select the first match" do
164
- @right.newright("/path/to", 0)
165
- @right.newright("/path/to/there", 0)
166
-
167
- allow(@long_acl).to receive(:match?).and_return(true)
168
- allow(@short_acl).to receive(:match?).and_return(true)
169
-
170
- expect(@short_acl).to receive(:allowed?).and_return(true)
171
- expect(@long_acl).not_to receive(:allowed?)
172
-
173
- expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
174
- end
175
-
176
- it "should select the first match that doesn't return :dunno" do
177
- @right.newright("/path/to/there", 0, nil)
178
- @right.newright("/path/to", 0, nil)
179
-
180
- allow(@long_acl).to receive(:match?).and_return(true)
181
- allow(@short_acl).to receive(:match?).and_return(true)
182
-
183
- expect(@long_acl).to receive(:allowed?).and_return(:dunno)
184
- expect(@short_acl).to receive(:allowed?).and_return(true)
185
-
186
- expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
187
- end
188
-
189
- it "should not select an ACL that doesn't match" do
190
- @right.newright("/path/to/there", 0)
191
- @right.newright("/path/to", 0)
192
-
193
- allow(@long_acl).to receive(:match?).and_return(false)
194
- allow(@short_acl).to receive(:match?).and_return(true)
195
-
196
- expect(@long_acl).not_to receive(:allowed?)
197
- expect(@short_acl).to receive(:allowed?).and_return(true)
198
-
199
- expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
200
- end
201
-
202
- it "should not raise an AuthorizationError if allowed" do
203
- @right.newright("/path/to/there", 0)
204
-
205
- allow(@long_acl).to receive(:match?).and_return(true)
206
- allow(@long_acl).to receive(:allowed?).and_return(true)
207
-
208
- expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
209
- end
210
-
211
- it "should raise an AuthorizationError if the match is denied" do
212
- @right.newright("/path/to/there", 0, nil)
213
-
214
- allow(@long_acl).to receive(:match?).and_return(true)
215
- allow(@long_acl).to receive(:allowed?).and_return(false)
216
-
217
- expect(@right.is_forbidden_and_why?("/path/to/there", {})).to be_instance_of(Puppet::Network::AuthorizationError)
218
- end
219
-
220
- it "should raise an AuthorizationError if no path match" do
221
- expect(@right.is_forbidden_and_why?("/nomatch", {})).to be_instance_of(Puppet::Network::AuthorizationError)
222
- end
223
- end
224
-
225
- describe "with regex acls" do
226
- before :each do
227
- @regex_acl1 = double('regex_acl1', :name => "/files/(.*)/myfile", :line => 0, :file => 'dummy')
228
- allow(Puppet::Network::Rights::Right).to receive(:new).with("~ /files/(.*)/myfile", 0, nil).and_return(@regex_acl1)
229
-
230
- @regex_acl2 = double('regex_acl2', :name => "/files/(.*)/myfile/", :line => 0, :file => 'dummy')
231
- allow(Puppet::Network::Rights::Right).to receive(:new).with("~ /files/(.*)/myfile/", 0, nil).and_return(@regex_acl2)
232
-
233
- allow(@regex_acl1).to receive(:"<=>").with(@regex_acl2).and_return(0)
234
- allow(@regex_acl2).to receive(:"<=>").with(@regex_acl1).and_return(0)
235
- end
236
-
237
- it "should select the first match" do
238
- @right.newright("~ /files/(.*)/myfile", 0)
239
- @right.newright("~ /files/(.*)/myfile/", 0)
240
-
241
- allow(@regex_acl1).to receive(:match?).and_return(true)
242
- allow(@regex_acl2).to receive(:match?).and_return(true)
243
-
244
- expect(@regex_acl1).to receive(:allowed?).and_return(true)
245
- expect(@regex_acl2).not_to receive(:allowed?)
246
-
247
- expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
248
- end
249
-
250
- it "should select the first match that doesn't return :dunno" do
251
- @right.newright("~ /files/(.*)/myfile", 0)
252
- @right.newright("~ /files/(.*)/myfile/", 0)
253
-
254
- allow(@regex_acl1).to receive(:match?).and_return(true)
255
- allow(@regex_acl2).to receive(:match?).and_return(true)
256
-
257
- expect(@regex_acl1).to receive(:allowed?).and_return(:dunno)
258
- expect(@regex_acl2).to receive(:allowed?).and_return(true)
259
-
260
- expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
261
- end
262
-
263
- it "should not select an ACL that doesn't match" do
264
- @right.newright("~ /files/(.*)/myfile", 0)
265
- @right.newright("~ /files/(.*)/myfile/", 0)
266
-
267
- allow(@regex_acl1).to receive(:match?).and_return(false)
268
- allow(@regex_acl2).to receive(:match?).and_return(true)
269
-
270
- expect(@regex_acl1).not_to receive(:allowed?)
271
- expect(@regex_acl2).to receive(:allowed?).and_return(true)
272
-
273
- expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
274
- end
275
-
276
- it "should not raise an AuthorizationError if allowed" do
277
- @right.newright("~ /files/(.*)/myfile", 0)
278
-
279
- allow(@regex_acl1).to receive(:match?).and_return(true)
280
- allow(@regex_acl1).to receive(:allowed?).and_return(true)
281
-
282
- expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
283
- end
284
-
285
- it "should raise an error if no regex acl match" do
286
- expect(@right.is_forbidden_and_why?("/path", {})).to be_instance_of(Puppet::Network::AuthorizationError)
287
- end
288
-
289
- it "should raise an AuthorizedError on deny" do
290
- expect(@right.is_forbidden_and_why?("/path", {})).to be_instance_of(Puppet::Network::AuthorizationError)
291
- end
292
-
293
- end
294
- end
295
-
296
- describe Puppet::Network::Rights::Right do
297
- before :each do
298
- @acl = Puppet::Network::Rights::Right.new("/path",0, nil)
299
- end
300
-
301
- describe "with path" do
302
- it "should match up to its path length" do
303
- expect(@acl.match?("/path/that/works")).not_to be_nil
304
- end
305
-
306
- it "should match up to its path length" do
307
- expect(@acl.match?("/paththatalsoworks")).not_to be_nil
308
- end
309
-
310
- it "should return nil if no match" do
311
- expect(@acl.match?("/notpath")).to be_nil
312
- end
313
- end
314
-
315
- describe "with regex" do
316
- before :each do
317
- @acl = Puppet::Network::Rights::Right.new("~ .rb$",0, nil)
318
- end
319
-
320
- it "should match as a regex" do
321
- expect(@acl.match?("this should work.rb")).not_to be_nil
322
- end
323
-
324
- it "should return nil if no match" do
325
- expect(@acl.match?("do not match")).to be_nil
326
- end
327
- end
328
-
329
- it "should allow all rest methods by default" do
330
- expect(@acl.methods).to eq(Puppet::Network::Rights::Right::ALL)
331
- end
332
-
333
- it "should allow only authenticated request by default" do
334
- expect(@acl.authentication).to be_truthy
335
- end
336
-
337
- it "should allow modification of the methods filters" do
338
- @acl.restrict_method(:save)
339
-
340
- expect(@acl.methods).to eq([:save])
341
- end
342
-
343
- it "should stack methods filters" do
344
- @acl.restrict_method(:save)
345
- @acl.restrict_method(:destroy)
346
-
347
- expect(@acl.methods).to eq([:save, :destroy])
348
- end
349
-
350
- it "should raise an error if the method is already filtered" do
351
- @acl.restrict_method(:save)
352
-
353
- expect { @acl.restrict_method(:save) }.to raise_error(ArgumentError, /'save' is already in the '\/path'/)
354
- end
355
-
356
- it "should allow setting an environment filters" do
357
- env = Puppet::Node::Environment.create(:acltest, [])
358
- Puppet.override(:environments => Puppet::Environments::Static.new(env)) do
359
- @acl.restrict_environment(:acltest)
360
-
361
- expect(@acl.environment).to eq([env])
362
- end
363
- end
364
-
365
- ["on", "yes", "true", true].each do |auth|
366
- it "should allow filtering on authenticated requests with '#{auth}'" do
367
- @acl.restrict_authenticated(auth)
368
-
369
- expect(@acl.authentication).to be_truthy
370
- end
371
- end
372
-
373
- ["off", "no", "false", false, "all", "any", :all, :any].each do |auth|
374
- it "should allow filtering on authenticated or unauthenticated requests with '#{auth}'" do
375
- @acl.restrict_authenticated(auth)
376
- expect(@acl.authentication).to be_falsey
377
- end
378
- end
379
-
380
- describe "when checking right authorization" do
381
- it "should return :dunno if this right is not restricted to the given method" do
382
- @acl.restrict_method(:destroy)
383
-
384
- expect(@acl.allowed?("me","127.0.0.1", { :method => :save } )).to eq(:dunno)
385
- end
386
-
387
- it "should return true if this right is restricted to the given method" do
388
- @acl.restrict_method(:save)
389
- @acl.allow("me")
390
-
391
- expect(@acl.allowed?("me","127.0.0.1", { :method => :save, :authenticated => true })).to eq true
392
- end
393
-
394
- it "should return :dunno if this right is not restricted to the given environment" do
395
- prod = Puppet::Node::Environment.create(:production, [])
396
- dev = Puppet::Node::Environment.create(:development, [])
397
- Puppet.override(:environments => Puppet::Environments::Static.new(prod, dev)) do
398
- @acl.restrict_environment(:production)
399
-
400
- expect(@acl.allowed?("me","127.0.0.1", { :method => :save, :environment => dev })).to eq(:dunno)
401
- end
402
- end
403
-
404
- it "returns true if the request is permitted for this environment" do
405
- @acl.allow("me")
406
- prod = Puppet::Node::Environment.create(:production, [])
407
- Puppet.override(:environments => Puppet::Environments::Static.new(prod)) do
408
- @acl.restrict_environment(:production)
409
- expect(@acl.allowed?("me", "127.0.0.1", { :method => :save, :authenticated => true, :environment => prod })).to eq true
410
- end
411
- end
412
-
413
- it "should return :dunno if this right is not restricted to the given request authentication state" do
414
- @acl.restrict_authenticated(true)
415
-
416
- expect(@acl.allowed?("me","127.0.0.1", { :method => :save, :authenticated => false })).to eq(:dunno)
417
- end
418
-
419
- it "returns true if this right is restricted to the given request authentication state" do
420
- @acl.restrict_authenticated(false)
421
- @acl.allow("me")
422
-
423
- expect(@acl.allowed?("me","127.0.0.1", {:method => :save, :authenticated => false })).to eq true
424
- end
425
-
426
- it "should interpolate allow/deny patterns with the given match" do
427
- expect(@acl).to receive(:interpolate).with(:match)
428
-
429
- @acl.allowed?("me","127.0.0.1", { :method => :save, :match => :match, :authenticated => true })
430
- end
431
-
432
- it "should reset interpolation after the match" do
433
- expect(@acl).to receive(:reset_interpolation)
434
-
435
- @acl.allowed?("me","127.0.0.1", { :method => :save, :match => :match, :authenticated => true })
436
- end
437
- end
438
- end
439
- end