RubyGems - puppet - Versions diffs - 6.4.5-x64-mingw32 → 6.5.0-x64-mingw32 - Mend

puppet 6.4.5-x64-mingw32 → 6.5.0-x64-mingw32

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (329) hide show

checksums.yaml +4 -4
data/CODEOWNERS +10 -10
data/Gemfile +6 -6
data/Gemfile.lock +46 -52
data/ext/build_defaults.yaml +0 -1
data/ext/project_data.yaml +3 -3
data/ext/regexp_nodes/regexp_nodes.rb +4 -4
data/ext/solaris/smf/puppet.xml +0 -2
data/ext/windows/eventlog/Rakefile +32 -0
data/ext/windows/eventlog/puppetres.dll +0 -0
data/ext/windows/eventlog/puppetres.mc +18 -0
data/ext/windows/service/daemon.rb +8 -38
data/install.rb +24 -6
data/lib/puppet.rb +3 -1
data/lib/puppet/application.rb +1 -1
data/lib/puppet/application/agent.rb +11 -34
data/lib/puppet/application/apply.rb +6 -6
data/lib/puppet/application/describe.rb +9 -3
data/lib/puppet/application/device.rb +4 -14
data/lib/puppet/application/doc.rb +1 -1
data/lib/puppet/application/lookup.rb +2 -2
data/lib/puppet/application/resource.rb +4 -4
data/lib/puppet/application/script.rb +2 -2
data/lib/puppet/application/ssl.rb +10 -9
data/lib/puppet/configurer.rb +30 -86
data/lib/puppet/configurer/downloader.rb +6 -2
data/lib/puppet/defaults.rb +50 -44
data/lib/puppet/error.rb +14 -9
data/lib/puppet/face/catalog.rb +20 -1
data/lib/puppet/face/config.rb +48 -10
data/lib/puppet/face/facts.rb +1 -1
data/lib/puppet/face/help.rb +1 -1
data/lib/puppet/face/module/list.rb +5 -5
data/lib/puppet/face/module/search.rb +1 -1
data/lib/puppet/face/module/uninstall.rb +1 -1
data/lib/puppet/face/module/upgrade.rb +1 -1
data/lib/puppet/face/parser.rb +48 -9
data/lib/puppet/face/plugin.rb +2 -9
data/lib/puppet/file_serving/http_metadata.rb +1 -1
data/lib/puppet/file_system.rb +12 -2
data/lib/puppet/file_system/file_impl.rb +6 -3
data/lib/puppet/file_system/memory_file.rb +1 -1
data/lib/puppet/file_system/posix.rb +2 -3
data/lib/puppet/forge.rb +3 -3
data/lib/puppet/functions.rb +2 -1
data/lib/puppet/functions/camelcase.rb +2 -2
data/lib/puppet/functions/epp.rb +4 -4
data/lib/puppet/functions/find_file.rb +9 -9
data/lib/puppet/functions/inline_epp.rb +5 -5
data/lib/puppet/functions/regsubst.rb +6 -8
data/lib/puppet/gettext/module_translations.rb +1 -1
data/lib/puppet/graph/rb_tree_map.rb +2 -2
data/lib/puppet/graph/simple_graph.rb +3 -4
data/lib/puppet/indirector/catalog/compiler.rb +5 -11
data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
data/lib/puppet/indirector/hiera.rb +0 -2
data/lib/puppet/indirector/resource/ral.rb +3 -1
data/lib/puppet/indirector/resource/validator.rb +1 -1
data/lib/puppet/interface.rb +1 -2
data/lib/puppet/loaders.rb +1 -0
data/lib/puppet/metatype/manager.rb +1 -1
data/lib/puppet/module.rb +1 -1
data/lib/puppet/module/task.rb +4 -20
data/lib/puppet/module_tool/applications/installer.rb +1 -1
data/lib/puppet/module_tool/applications/uninstaller.rb +3 -3
data/lib/puppet/module_tool/metadata.rb +1 -1
data/lib/puppet/module_tool/shared_behaviors.rb +4 -4
data/lib/puppet/module_tool/tar/mini.rb +2 -12
data/lib/puppet/network/http/api/indirected_routes.rb +11 -12
data/lib/puppet/network/http/connection.rb +12 -10
data/lib/puppet/network/http/factory.rb +11 -1
data/lib/puppet/network/http/pool.rb +0 -2
data/lib/puppet/network/http/site.rb +1 -1
data/lib/puppet/network/resolver.rb +2 -2
data/lib/puppet/node/environment.rb +2 -4
data/lib/puppet/pal/pal_impl.rb +2 -2
data/lib/puppet/parser/ast.rb +1 -1
data/lib/puppet/parser/ast/resourceparam.rb +1 -1
data/lib/puppet/parser/functions.rb +1 -1
data/lib/puppet/parser/functions/epp.rb +3 -3
data/lib/puppet/parser/functions/fail.rb +8 -1
data/lib/puppet/parser/functions/inline_epp.rb +5 -5
data/lib/puppet/parser/scope.rb +7 -8
data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +1 -1
data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +1 -1
data/lib/puppet/pops/evaluator/external_syntax_support.rb +2 -3
data/lib/puppet/pops/evaluator/runtime3_support.rb +4 -4
data/lib/puppet/pops/loader/null_loader.rb +60 -0
data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -4
data/lib/puppet/pops/loader/task_instantiator.rb +0 -4
data/lib/puppet/pops/loaders.rb +1 -1
data/lib/puppet/pops/lookup/hiera_config.rb +0 -1
data/lib/puppet/pops/lookup/sub_lookup.rb +1 -1
data/lib/puppet/pops/merge_strategy.rb +18 -22
data/lib/puppet/pops/parser/heredoc_support.rb +1 -1
data/lib/puppet/pops/parser/interpolation_support.rb +4 -4
data/lib/puppet/pops/parser/locator.rb +1 -1
data/lib/puppet/pops/parser/pn_parser.rb +16 -17
data/lib/puppet/pops/puppet_stack.rb +49 -51
data/lib/puppet/pops/types/p_sensitive_type.rb +1 -1
data/lib/puppet/pops/types/string_converter.rb +10 -10
data/lib/puppet/pops/types/types.rb +6 -5
data/lib/puppet/property.rb +1 -1
data/lib/puppet/property/ensure.rb +1 -1
data/lib/puppet/provider/exec.rb +2 -6
data/lib/puppet/provider/file/posix.rb +0 -5
data/lib/puppet/provider/nameservice.rb +3 -10
data/lib/puppet/provider/nameservice/directoryservice.rb +1 -1
data/lib/puppet/provider/nameservice/pw.rb +2 -2
data/lib/puppet/provider/package.rb +0 -2
data/lib/puppet/provider/package/apt.rb +1 -5
data/lib/puppet/provider/package/dnf.rb +1 -1
data/lib/puppet/provider/package/dpkg.rb +18 -34
data/lib/puppet/provider/package/openbsd.rb +1 -1
data/lib/puppet/provider/package/pip.rb +13 -37
data/lib/puppet/provider/package/portage.rb +4 -4
data/lib/puppet/provider/package/puppet_gem.rb +1 -1
data/lib/puppet/provider/package/rpm.rb +18 -56
data/lib/puppet/provider/package/windows/package.rb +1 -1
data/lib/puppet/provider/package/yum.rb +5 -9
data/lib/puppet/provider/package_targetable.rb +4 -7
data/lib/puppet/provider/parsedfile.rb +1 -1
data/lib/puppet/provider/service/daemontools.rb +9 -9
data/lib/puppet/provider/service/launchd.rb +5 -20
data/lib/puppet/provider/service/openbsd.rb +1 -1
data/lib/puppet/provider/service/rcng.rb +2 -2
data/lib/puppet/provider/service/runit.rb +8 -2
data/lib/puppet/provider/service/systemd.rb +19 -14
data/lib/puppet/provider/service/windows.rb +0 -8
data/lib/puppet/provider/user/directoryservice.rb +1 -1
data/lib/puppet/provider/user/hpux.rb +1 -1
data/lib/puppet/provider/user/pw.rb +3 -12
data/lib/puppet/provider/user/user_role_add.rb +1 -5
data/lib/puppet/provider/user/useradd.rb +20 -45
data/lib/puppet/provider/user/windows_adsi.rb +5 -4
data/lib/puppet/reference/configuration.rb +3 -3
data/lib/puppet/reference/indirection.rb +2 -2
data/lib/puppet/reference/metaparameter.rb +3 -1
data/lib/puppet/reference/providers.rb +3 -1
data/lib/puppet/reference/type.rb +9 -3
data/lib/puppet/reports.rb +1 -1
data/lib/puppet/resource.rb +1 -18
data/lib/puppet/resource/catalog.rb +1 -1
data/lib/puppet/rest/routes.rb +30 -17
data/lib/puppet/settings.rb +3 -43
data/lib/puppet/settings/environment_conf.rb +0 -1
data/lib/puppet/ssl/certificate_request.rb +12 -2
data/lib/puppet/ssl/host.rb +2 -2
data/lib/puppet/ssl/oids.rb +1 -1
data/lib/puppet/ssl/ssl_provider.rb +11 -5
data/lib/puppet/ssl/state_machine.rb +102 -98
data/lib/puppet/test/test_helper.rb +1 -0
data/lib/puppet/transaction.rb +11 -33
data/lib/puppet/transaction/report.rb +1 -1
data/lib/puppet/type.rb +4 -2
data/lib/puppet/type/exec.rb +17 -23
data/lib/puppet/type/file.rb +39 -11
data/lib/puppet/type/file/data_sync.rb +1 -5
data/lib/puppet/type/group.rb +2 -4
data/lib/puppet/type/notify.rb +3 -4
data/lib/puppet/type/package.rb +3 -20
data/lib/puppet/type/schedule.rb +1 -1
data/lib/puppet/type/service.rb +3 -8
data/lib/puppet/type/user.rb +2 -4
data/lib/puppet/util.rb +29 -39
data/lib/puppet/util/command_line/trollop.rb +1 -1
data/lib/puppet/util/execution.rb +3 -4
data/lib/puppet/util/http_proxy.rb +19 -27
data/lib/puppet/util/log.rb +2 -2
data/lib/puppet/util/log/destinations.rb +2 -2
data/lib/puppet/util/logging.rb +20 -32
data/lib/puppet/util/metric.rb +2 -2
data/lib/puppet/util/monkey_patches.rb +33 -0
data/lib/puppet/util/pidlock.rb +2 -3
data/lib/puppet/util/provider_features.rb +4 -2
data/lib/puppet/util/rdoc.rb +1 -1
data/lib/puppet/util/reference.rb +1 -1
data/lib/puppet/util/resource_template.rb +1 -1
data/lib/puppet/util/selinux.rb +2 -8
data/lib/puppet/util/skip_tags.rb +4 -0
data/lib/puppet/util/windows/adsi.rb +18 -48
data/lib/puppet/util/windows/process.rb +8 -8
data/lib/puppet/util/windows/registry.rb +5 -7
data/lib/puppet/util/windows/security.rb +0 -2
data/lib/puppet/util/windows/service.rb +4 -149
data/lib/puppet/util/windows/sid.rb +0 -1
data/lib/puppet/vendor.rb +1 -1
data/lib/puppet/version.rb +1 -1
data/lib/puppet/x509/cert_provider.rb +81 -24
data/locales/puppet.pot +462 -482
data/man/man5/puppet.conf.5 +43 -44
data/man/man8/puppet-agent.8 +1 -1
data/man/man8/puppet-apply.8 +3 -3
data/man/man8/puppet-catalog.8 +31 -3
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +1 -1
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +1 -1
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +1 -1
data/man/man8/puppet-node.8 +1 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +1 -1
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +3 -3
data/spec/fixtures/ssl/127.0.0.1-key.pem +56 -56
data/spec/fixtures/ssl/127.0.0.1.pem +27 -27
data/spec/fixtures/ssl/bad-basic-constraints.pem +32 -32
data/spec/fixtures/ssl/bad-int-basic-constraints.pem +30 -30
data/spec/fixtures/ssl/ca.pem +30 -30
data/spec/fixtures/ssl/crl.pem +15 -15
data/spec/fixtures/ssl/ec-key.pem +18 -0
data/spec/fixtures/ssl/ec.pem +40 -0
data/spec/fixtures/ssl/encrypted-ec-key.pem +21 -0
data/spec/fixtures/ssl/encrypted-key.pem +57 -57
data/spec/fixtures/ssl/intermediate-agent-crl.pem +16 -16
data/spec/fixtures/ssl/intermediate-agent.pem +33 -33
data/spec/fixtures/ssl/intermediate-crl.pem +17 -17
data/spec/fixtures/ssl/intermediate.pem +31 -31
data/spec/fixtures/ssl/pluto-key.pem +56 -56
data/spec/fixtures/ssl/pluto.pem +28 -28
data/spec/fixtures/ssl/request-key.pem +56 -56
data/spec/fixtures/ssl/request.pem +24 -24
data/spec/fixtures/ssl/revoked-key.pem +56 -56
data/spec/fixtures/ssl/revoked.pem +25 -25
data/spec/fixtures/ssl/signed-key.pem +56 -56
data/spec/fixtures/ssl/signed.pem +25 -25
data/spec/fixtures/ssl/tampered-cert.pem +27 -27
data/spec/fixtures/ssl/tampered-csr.pem +24 -24
data/spec/fixtures/unit/pops/loaders/loaders/mix_4x_and_3x_functions/usee/lib/puppet/parser/functions/func_with_syntax_error.rb +9 -0
data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_get/should_yield_to_the_block.yml +24 -0
data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_head/should_yield_to_the_block.yml +24 -0
data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_post/should_yield_to_the_block.yml +24 -0
data/spec/integration/configurer_spec.rb +0 -52
data/spec/integration/provider/service/init_spec.rb +1 -0
data/spec/integration/provider/service/systemd_spec.rb +5 -8
data/spec/integration/type/file_spec.rb +38 -28
data/spec/integration/util/execution_spec.rb +0 -27
data/spec/lib/puppet/certificate_factory.rb +2 -2
data/spec/lib/puppet/test_ca.rb +17 -4
data/spec/lib/puppet_spec/fixtures.rb +4 -0
data/spec/spec_helper.rb +0 -28
data/spec/unit/application/agent_spec.rb +34 -67
data/spec/unit/application/device_spec.rb +1 -27
data/spec/unit/application/ssl_spec.rb +60 -35
data/spec/unit/configurer_spec.rb +399 -395
data/spec/unit/defaults_spec.rb +4 -4
data/spec/unit/face/facts_spec.rb +0 -9
data/spec/unit/face/parser_spec.rb +69 -22
data/spec/unit/face/plugin_spec.rb +0 -8
data/spec/unit/file_system_spec.rb +30 -1
data/spec/unit/forge/forge_spec.rb +3 -1
data/spec/unit/forge/repository_spec.rb +3 -1
data/spec/unit/indirector/catalog/compiler_spec.rb +5 -62
data/spec/unit/indirector/resource/ral_spec.rb +4 -4
data/spec/unit/module_tool/tar/mini_spec.rb +1 -1
data/spec/unit/network/http/api/indirected_routes_spec.rb +10 -25
data/spec/unit/network/http/connection_spec.rb +145 -119
data/spec/unit/network/http/factory_spec.rb +5 -27
data/spec/unit/parser/scope_spec.rb +0 -10
data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +3 -8
data/spec/unit/pops/loaders/loaders_spec.rb +4 -0
data/spec/unit/pops/loaders/module_loaders_spec.rb +0 -37
data/spec/unit/pops/types/types_spec.rb +27 -0
data/spec/unit/provider/exec_spec.rb +0 -209
data/spec/unit/provider/package/aptrpm_spec.rb +1 -1
data/spec/unit/provider/package/dnf_spec.rb +0 -7
data/spec/unit/provider/package/dpkg_spec.rb +80 -240
data/spec/unit/provider/package/pip_spec.rb +8 -61
data/spec/unit/provider/package/portage_spec.rb +4 -4
data/spec/unit/provider/package/rpm_spec.rb +16 -150
data/spec/unit/provider/package/yum_spec.rb +0 -7
data/spec/unit/provider/service/daemontools_spec.rb +0 -24
data/spec/unit/provider/service/launchd_spec.rb +0 -28
data/spec/unit/provider/service/runit_spec.rb +0 -24
data/spec/unit/provider/service/systemd_spec.rb +25 -39
data/spec/unit/provider/service/windows_spec.rb +0 -20
data/spec/unit/provider/user/hpux_spec.rb +2 -2
data/spec/unit/provider/user/pw_spec.rb +0 -37
data/spec/unit/provider/user/useradd_spec.rb +0 -88
data/spec/unit/resource_spec.rb +1 -26
data/spec/unit/ssl/host_spec.rb +5 -0
data/spec/unit/ssl/ssl_provider_spec.rb +36 -11
data/spec/unit/ssl/state_machine_spec.rb +233 -158
data/spec/unit/transaction_spec.rb +0 -64
data/spec/unit/type/exec_spec.rb +12 -15
data/spec/unit/type/file/content_spec.rb +3 -9
data/spec/unit/type/file/source_spec.rb +4 -4
data/spec/unit/type/file_spec.rb +15 -11
data/spec/unit/type/package_spec.rb +0 -5
data/spec/unit/type/schedule_spec.rb +1 -3
data/spec/unit/type/service_spec.rb +0 -16
data/spec/unit/util/execution_spec.rb +0 -16
data/spec/unit/util/http_proxy_spec.rb +21 -151
data/spec/unit/util/ldap/manager_spec.rb +0 -15
data/spec/unit/util/log/destinations_spec.rb +3 -7
data/spec/unit/util/log_spec.rb +138 -0
data/spec/unit/util/logging_spec.rb +0 -200
data/spec/unit/util/pidlock_spec.rb +0 -26
data/spec/unit/util/skip_tags_spec.rb +14 -0
data/spec/unit/util/windows/adsi_spec.rb +0 -51
data/spec/unit/util/windows/service_spec.rb +0 -9
data/spec/unit/util_spec.rb +10 -0
data/spec/unit/x509/cert_provider_spec.rb +82 -43
data/tasks/generate_cert_fixtures.rake +13 -1
data/tasks/manpages.rake +0 -1
metadata +28 -22
data/ext/cert_inspector +0 -140
data/ext/envpuppet +0 -139
data/ext/envpuppet.bat +0 -14
data/ext/puppet-test +0 -476
data/ext/pure_ruby_dsl/dsl_test.rb +0 -7
data/ext/upload_facts.rb +0 -119
data/lib/puppet/provider/package/dnfmodule.rb +0 -87
data/spec/fixtures/unit/provider/package/dnfmodule/dnf-module-list-installed.txt +0 -11
data/spec/integration/type/notify_spec.rb +0 -46
data/spec/unit/provider/package/dnfmodule_spec.rb +0 -186
data/spec/unit/provider/package_targetable_spec.rb +0 -60

data/spec/integration/configurer_spec.rb CHANGED

@@ -59,57 +59,5 @@ describe Puppet::Configurer do
       expect(summary["time"]).to be_key("notify")
       expect(summary["time"]["last_run"]).to be_between(t1, t2)
     end
-    describe 'resubmitting facts' do
-      context 'when resubmit_facts is set to false' do
-        it 'should not send data' do
-          expect(@configurer).to receive(:resubmit_facts).never
-          @configurer.run(catalog: @catalog)
-        end
-      end
-      context 'when resubmit_facts is set to true' do
-        let(:test_facts) { Puppet::Node::Facts.new('configurer.test') }
-        let(:fact_rest_terminus) { Puppet::Node::Facts.indirection.terminus(:rest) }
-        before(:each) do
-          Puppet[:resubmit_facts] = true
-          allow(@configurer).to receive(:find_facts).and_return(test_facts)
-          allow(fact_rest_terminus).to receive(:save)
-        end
-        it 'sends fact data using the rest terminus' do
-          expect(fact_rest_terminus).to receive(:save)
-          @configurer.run(catalog: @catalog)
-        end
-        it 'logs errors that occur during fact generation' do
-          allow(@configurer).to receive(:find_facts).and_raise('error generating facts')
-          expect(Puppet).to receive(:log_exception).with(instance_of(RuntimeError),
-                                                         /^Failed to submit facts/)
-          @configurer.run(catalog: @catalog)
-        end
-        it 'logs errors that occur during fact submission' do
-          allow(fact_rest_terminus).to receive(:save).and_raise('error sending facts')
-          expect(Puppet).to receive(:log_exception).with(instance_of(RuntimeError),
-                                                         /^Failed to submit facts/)
-          @configurer.run(catalog: @catalog)
-        end
-        it 'records time spent resubmitting facts' do
-          report = Puppet::Transaction::Report.new
-          @configurer.run(catalog: @catalog, report: report)
-          expect(report.metrics['time'].values).to include(["resubmit_facts", anything, Numeric])
-        end
-      end
-    end
   end
 end

data/spec/integration/provider/service/init_spec.rb CHANGED

@@ -8,6 +8,7 @@ describe test_title, unless: Puppet::Util::Platform.jruby? do
   describe "when running on FreeBSD" do
     before :each do
       allow(Facter).to receive(:value).with(:operatingsystem).and_return('FreeBSD')
+      allow(Facter).to receive(:value).with(:osfamily).and_return('FreeBSD')
     end
     it "should set its default path to include /etc/rc.d and /usr/local/etc/rc.d" do

data/spec/integration/provider/service/systemd_spec.rb CHANGED

@@ -7,19 +7,16 @@ describe test_title, unless: Puppet::Util::Platform.jruby? do
   # TODO: Unfortunately there does not seem a way to stub the executable
   #       checks in the systemd provider because they happen at load time.
-  it "should be considered suitable if /proc/1/comm is present and contains 'systemd'",
-    :if => File.exist?('/proc/1/comm') && Puppet::FileSystem.read('/proc/1/comm').include?('systemd') do
+  it "should be considered suitable if /bin/systemctl is present", :if => File.executable?('/bin/systemctl') do
     expect(provider_class).to be_suitable
   end
-  it "should not be considered suitable if /proc/1/comm is present it does not contain 'systemd'",
-    :if => File.exist?('/proc/1/comm') && !Puppet::FileSystem.read('/proc/1/comm').include?('systemd') do
-    expect(provider_class).not_to be_suitable
+  it "should be considered suitable if /usr/bin/systemctl is present", :if => File.executable?('/usr/bin/systemctl')  do
+    expect(provider_class).to be_suitable
   end
-  it "should not be considered suitable if /proc/1/comm is absent",
-    :if => !File.exist?('/proc/1/comm') do
+  it "should not be cosidered suitable if systemctl is absent",
+    :unless => (File.executable?('/bin/systemctl') or File.executable?('/usr/bin/systemctl')) do
     expect(provider_class).not_to be_suitable
   end
 end

data/spec/integration/type/file_spec.rb CHANGED

@@ -21,13 +21,6 @@ describe Puppet::Type.type(:file), :uses_checksums => true do
     File.join(parent, 'file_testing')
   end
-  let(:path_protected) do
-    # we create a file inside windows protected folders (C:\Windows, C:\Windows\system32, etc)
-    # the file will also be removed after the tests
-    parent = 'C:\Windows'
-    File.join(parent, 'file_testing')
-  end
   let(:dir) do
     # we create a directory first so backups of :path that are stored in
     # the same directory will also be removed after the tests
@@ -275,27 +268,6 @@ describe Puppet::Type.type(:file), :uses_checksums => true do
           expect(get_mode(path) & 07777).to eq(0666)
         end
-        context "file is in protected windows directory", :if => Puppet.features.microsoft_windows? do
-          after { FileUtils.rm(path_protected) }
-          it "should set and get the correct mode for files inside protected windows folders" do
-            catalog.add_resource described_class.new(:path => path_protected, :ensure => :file, :mode => '0640')
-            catalog.apply
-            expect(get_mode(path_protected) & 07777).to eq(0640)
-          end
-          it "should not change resource's status inside protected windows folders if mode is the same" do
-            FileUtils.touch(path_protected)
-            set_mode(0644, path_protected)
-            catalog.add_resource described_class.new(:path => path_protected, :ensure => :file, :mode => '0644')
-            result = catalog.apply
-            status = result.report.resource_statuses["File[#{path_protected}]"]
-            expect(status).not_to be_failed
-            expect(status).not_to be_changed
-          end
-        end
         it "should not set executable bits when replacing an executable directory (#10365)" do
           pending("bug #10365")
@@ -1708,6 +1680,44 @@ describe Puppet::Type.type(:file), :uses_checksums => true do
   end
   describe "when using validate_cmd" do
+    test_cmd = '/bin/test'
+    if Facter.value(:osfamily) == 'Debian'
+      test_cmd = '/usr/bin/test'
+    end
+    if Facter.value(:operatingsystem) == 'Darwin'
+      stat_cmd = "stat -f '%Lp'"
+    else
+      stat_cmd = "stat --format=%a"
+    end
+    it "sets the default mode of the temporary file to '0644'", :unless => Puppet::Util::Platform.windows? || Puppet::Util::Platform.jruby? do
+      catalog.add_resource(described_class.new(:path => path, :content => "foo",
+                                               :validate_replacement => '^',
+                                               :validate_cmd => %Q{
+                                               echo "The permissions of the file ($(#{stat_cmd} ^)) should equal 644";
+                                               #{test_cmd} "644" == "$(#{stat_cmd} ^)"
+                                               }))
+      report = catalog.apply.report
+      expect(report.resource_statuses["File[#{path}]"].events.first.message).to match(/defined content as '{md5}/)
+      expect(report.resource_statuses["File[#{path}]"]).not_to be_failed
+      expect(Puppet::FileSystem.exist?(path)).to be_truthy
+    end
+    it "should change the permissions of the temp file to match the final file permissions", :unless => Puppet::Util::Platform.windows? || Puppet::Util::Platform.jruby?do
+      catalog.add_resource(described_class.new(:path => path, :content => "foo",
+                                               :mode => '0555',
+                                               :validate_replacement => '^',
+                                               :validate_cmd => %Q{
+                                               echo "The permissions of the file ($(#{stat_cmd} ^)) should equal 555";
+                                               #{test_cmd} "555" == "$(#{stat_cmd} ^)"
+                                               }))
+      report = catalog.apply.report
+      expect(report.resource_statuses["File[#{path}]"].events.first.message).to match(/defined content as '{md5}/)
+      expect(report.resource_statuses["File[#{path}]"]).not_to be_failed
+      expect(Puppet::FileSystem.exist?(path)).to be_truthy
+    end
     it "should fail the file resource if command fails" do
       catalog.add_resource(described_class.new(:path => path, :content => "foo", :validate_cmd => "/usr/bin/env false"))
       expect(Puppet::Util::Execution).to receive(:execute).with("/usr/bin/env false", {:combine => true, :failonfail => true}).and_raise(Puppet::ExecutionFailure, "Failed")

data/spec/integration/util/execution_spec.rb CHANGED

@@ -25,33 +25,6 @@ describe Puppet::Util::Execution, unless: Puppet::Util::Platform.jruby? do
     end
   end
-  describe "#execute" do
-    if Puppet::Util::Platform.windows?
-      let(:argv) { ["cmd", "/c", "echo", 123] }
-    else
-      let(:argv) { ["echo", 123] }
-    end
-    it 'stringifies sensitive arguments when given an array containing integers' do
-      result = Puppet::Util::Execution.execute(argv, sensitive: true)
-      expect(result.to_s.strip).to eq("123")
-      expect(result.exitstatus).to eq(0)
-    end
-    it 'redacts sensitive arguments when given an array' do
-      Puppet[:log_level] = :debug
-      Puppet::Util::Execution.execute(argv, sensitive: true)
-      expect(@logs).to include(an_object_having_attributes(level: :debug, message: "Executing: '[redacted]'"))
-    end
-    it 'redacts sensitive arguments when given a string' do
-      Puppet[:log_level] = :debug
-      str = argv.map(&:to_s).join(' ')
-      Puppet::Util::Execution.execute(str, sensitive: true)
-      expect(@logs).to include(an_object_having_attributes(level: :debug, message: "Executing: '[redacted]'"))
-    end
-  end
   describe "#execute (non-Windows)", :if => !Puppet::Util::Platform.windows? do
     it "should execute basic shell command" do
       result = Puppet::Util::Execution.execute("ls /tmp", :failonfail => true)

data/spec/lib/puppet/certificate_factory.rb CHANGED

@@ -25,9 +25,9 @@ module Puppet::CertificateFactory
   # @return [OpenSSL::X509::Certificate]
   def self.build(cert_type, csr, issuer, serial, ttl = 3600)
     # Work out if we can even build the requested type of certificate.
-    build_extensions = "build_#{cert_type}_extensions"
+    build_extensions = "build_#{cert_type.to_s}_extensions"
     respond_to?(build_extensions) or
-      raise ArgumentError, _("%{cert_type} is an invalid certificate type!") % { cert_type: cert_type }
+      raise ArgumentError, _("%{cert_type} is an invalid certificate type!") % { cert_type: cert_type.to_s }
     raise ArgumentError, _("Certificate TTL must be an integer") unless ttl.nil? || ttl.is_a?(Integer)

data/spec/lib/puppet/test_ca.rb CHANGED

@@ -40,7 +40,7 @@ module Puppet
     end
     def create_cert(name, issuer_cert, issuer_key, opts = {})
-      key, cert = build_cert(name, issuer_cert.subject)
+      key, cert = build_cert(name, issuer_cert.subject, opts)
       ef = extension_factory_for(issuer_cert, cert)
       if opts[:subject_alt_names]
         ext = ef.create_extension(["subjectAltName", opts[:subject_alt_names], false])
@@ -123,10 +123,23 @@ module Puppet
     private
-    def build_cert(name, issuer)
-      key = OpenSSL::PKey::RSA.new(1024)
+    def build_cert(name, issuer, opts = {})
+      key = if opts[:key_type] == :ec
+              key = OpenSSL::PKey::EC.generate('prime256v1')
+            else
+              key = OpenSSL::PKey::RSA.new(1024)
+            end
       cert = OpenSSL::X509::Certificate.new
-      cert.public_key = key.public_key
+      cert.public_key = if key.is_a?(OpenSSL::PKey::EC)
+                         # EC#public_key doesn't following the PKey API,
+                         # see https://github.com/ruby/openssl/issues/29
+                         point = key.public_key
+                         pubkey = OpenSSL::PKey::EC.new(point.group)
+                         pubkey.public_key = point
+                         pubkey
+                       else
+                         key.public_key
+                       end
       cert.subject = OpenSSL::X509::Name.new([["CN", name]])
       cert.issuer = issuer
       cert.version = 2

data/spec/lib/puppet_spec/fixtures.rb CHANGED

@@ -42,6 +42,10 @@ module PuppetSpec::Fixtures
     OpenSSL::PKey::RSA.new(pem_content(name))
   end
+  def ec_key_fixture(name)
+    OpenSSL::PKey::EC.new(pem_content(name))
+  end
   def request_fixture(name)
     OpenSSL::X509::Request.new(pem_content(name))
   end

data/spec/spec_helper.rb CHANGED

@@ -54,19 +54,13 @@ Pathname.glob("#{dir}/shared_examples/**/*.rb") do |behaviour|
   require behaviour.relative_path_from(Pathname.new(dir))
 end
-require 'webmock/rspec'
 require 'vcr'
 VCR.configure do |vcr|
   vcr.cassette_library_dir = File.expand_path('vcr/cassettes', PuppetSpec::FIXTURE_DIR)
   vcr.hook_into :webmock
   vcr.configure_rspec_metadata!
-  # Uncomment next line to debug vcr
-  # vcr.debug_logger = $stderr
 end
-# Disable VCR by default
-VCR.turn_off!
 RSpec.configure do |config|
   include PuppetSpec::Fixtures
@@ -161,28 +155,6 @@ RSpec.configure do |config|
     Puppet::Test::TestHelper.before_each_test()
   end
-  # Facter 2 uses two versions of the GCE API, so match using regex
-  PUPPET_FACTER_2_GCE_URL = %r{^http://metadata/computeMetadata/v1(beta1)?}.freeze
-  PUPPET_FACTER_3_GCE_URL = "http://metadata.google.internal/computeMetadata/v1/?recursive=true&alt=json".freeze
-  config.around :each do |example|
-    # Ignore requests from Facter GCE fact in Travis
-    stub_request(:get, PUPPET_FACTER_2_GCE_URL)
-    stub_request(:get, PUPPET_FACTER_3_GCE_URL)
-    # Enable VCR if the example is tagged with `:vcr` metadata.
-    if example.metadata[:vcr]
-      VCR.turn_on!
-      begin
-        example.run
-      ensure
-        VCR.turn_off!
-      end
-    else
-      example.run
-    end
-  end
   config.after :each do
     Puppet::Test::TestHelper.after_each_test()

data/spec/unit/application/agent_spec.rb CHANGED

@@ -7,8 +7,6 @@ require 'puppet/daemon'
 describe Puppet::Application::Agent do
   include PuppetSpec::Files
-  let(:machine) { double(ensure_client_certificate: nil) }
   before :each do
     @puppetd = Puppet::Application[:agent]
@@ -29,8 +27,9 @@ describe Puppet::Application::Agent do
     allow(Puppet::Node.indirection).to receive(:cache_class=)
     allow(Puppet::Node::Facts.indirection).to receive(:terminus_class=)
+    expect($stderr).not_to receive(:puts)
     allow(Puppet.settings).to receive(:use)
-    allow(Puppet::SSL::StateMachine).to receive(:new).and_return(machine)
   end
   it "should operate in agent run_mode" do
@@ -126,7 +125,7 @@ describe Puppet::Application::Agent do
       allow(@agent).to receive(:run).and_return(2)
       Puppet[:onetime] = true
-      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 0).and_return(machine)
+      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 0).and_return(double(ensure_client_certificate: nil))
       expect { execute_agent }.to exit_with 0
     end
@@ -136,20 +135,13 @@ describe Puppet::Application::Agent do
       Puppet[:onetime] = true
       @puppetd.handle_waitforcert(60)
-      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 60).and_return(machine)
+      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 60).and_return(double(ensure_client_certificate: nil))
       expect { execute_agent }.to exit_with 0
     end
     it "should use a default value for waitforcert when --onetime and --waitforcert are not specified" do
-      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 120).and_return(machine)
-      execute_agent
-    end
-    it "should register ssl OIDs" do
       expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 120).and_return(double(ensure_client_certificate: nil))
-      expect(Puppet::SSL::Oids).to receive(:register_puppet_oids)
       execute_agent
     end
@@ -157,7 +149,7 @@ describe Puppet::Application::Agent do
     it "should use the waitforcert setting when checking for a signed certificate" do
       Puppet[:waitforcert] = 10
-      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 10).and_return(machine)
+      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 10).and_return(double(ensure_client_certificate: nil))
       execute_agent
     end
@@ -394,6 +386,8 @@ describe Puppet::Application::Agent do
     it "should inform the daemon about our agent if :client is set to 'true'" do
       @puppetd.options[:client] = true
+      allow(Puppet::SSL::StateMachine).to receive(:new).and_return(double(ensure_client_certificate: nil))
       execute_agent
       expect(@daemon.agent).to eq(@agent)
@@ -404,6 +398,8 @@ describe Puppet::Application::Agent do
       Puppet[:daemonize] = true
       allow(Signal).to receive(:trap)
+      allow(Puppet::SSL::StateMachine).to receive(:new).and_return(double(ensure_client_certificate: nil))
       expect(@daemon).to receive(:daemonize)
       execute_agent
@@ -412,7 +408,22 @@ describe Puppet::Application::Agent do
     it "should wait for a certificate" do
       @puppetd.options[:waitforcert] = 123
-      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 123).and_return(machine)
+      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 123).and_return(double(ensure_client_certificate: nil))
+      execute_agent
+    end
+    it "should not wait for a certificate in fingerprint mode" do
+      @puppetd.options[:fingerprint] = true
+      @puppetd.options[:waitforcert] = 123
+      @puppetd.options[:digest] = 'MD5'
+      certificate = double('certificate')
+      allow(certificate).to receive(:to_der).and_return('ABCDE')
+      ssl_context = double('ssl_context', client_cert: certificate)
+      allow(Puppet::SSL::StateMachine).to receive(:new).with(onetime: true).and_return(double(ensure_client_certificate: ssl_context))
+      expect(@puppetd).to receive(:puts).with('(MD5) 2E:CD:DE:39:59:05:1D:91:3F:61:B1:45:79:EA:13:6D')
       execute_agent
     end
@@ -467,6 +478,7 @@ describe Puppet::Application::Agent do
     it "should dispatch to onetime if --onetime is used" do
       Puppet[:onetime] = true
+      allow(Puppet::SSL::StateMachine).to receive(:new).and_return(double(ensure_client_certificate: nil))
       expect(@puppetd).to receive(:onetime)
@@ -475,6 +487,7 @@ describe Puppet::Application::Agent do
     it "should dispatch to main if --onetime and --fingerprint are not used" do
       Puppet[:onetime] = false
+      allow(Puppet::SSL::StateMachine).to receive(:new).and_return(double(ensure_client_certificate: nil))
       expect(@puppetd).to receive(:main)
@@ -488,7 +501,7 @@ describe Puppet::Application::Agent do
         @puppetd.options[:client] = :client
         @puppetd.options[:detailed_exitcodes] = false
+        allow(Puppet::SSL::StateMachine).to receive(:new).and_return(double(ensure_client_certificate: nil))
       end
       it "should setup traps" do
@@ -539,54 +552,26 @@ describe Puppet::Application::Agent do
     describe "with --fingerprint" do
       before :each do
+        @cert = double('cert')
         @puppetd.options[:fingerprint] = true
         @puppetd.options[:digest] = :MD5
       end
       it "should fingerprint the certificate if it exists" do
-        cert = cert_fixture('signed.pem')
-        allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_client_cert).and_return(cert)
-        expect(@puppetd).to receive(:puts).with('(MD5) A6:00:3E:C1:DF:CF:E8:44:A6:4F:8D:92:E8:B2:D9:47')
-        @puppetd.fingerprint
-      end
-      it "should fingerprint the request if it exists" do
-        request = request_fixture('request.pem')
-        allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_client_cert).and_return(nil)
-        allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_request).and_return(request)
+        allow(@cert).to receive(:to_der).and_return('ABCDE')
+        ssl_context = double('ssl_context', client_cert: @cert)
+        allow(Puppet::SSL::StateMachine).to receive(:new).with(onetime: true).and_return(double(ensure_client_certificate: ssl_context))
-        expect(@puppetd).to receive(:puts).with('(MD5) 04:D0:69:23:32:2F:48:77:FE:2F:F2:0C:4E:90:BE:AC')
+        expect(@puppetd).to receive(:puts).with('(MD5) 2E:CD:DE:39:59:05:1D:91:3F:61:B1:45:79:EA:13:6D')
         @puppetd.fingerprint
       end
-      it "should print an error to stderr if neither exist" do
-        allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_client_cert).and_return(nil)
-        allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_request).and_return(nil)
-        expect {
-          expect {
-            @puppetd.fingerprint
-          }.to exit_with(1)
-        }.to output(/Fingerprint asked but neither the certificate, nor the certificate request have been issued/).to_stderr
-      end
-      it "should log an error if an exception occurs" do
-        allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_client_cert).and_raise(Puppet::Error, "Invalid PEM")
-        expect {
-          @puppetd.fingerprint
-        }.to exit_with(1)
-        expect(@logs).to include(an_object_having_attributes(message: /Failed to generate fingerprint: Invalid PEM/))
-      end
     end
     describe "without --onetime and --fingerprint" do
       before :each do
         allow(Puppet).to receive(:notice)
+        allow(Puppet::SSL::StateMachine).to receive(:new).and_return(double(ensure_client_certificate: nil))
       end
       it "should start our daemon" do
@@ -597,24 +582,6 @@ describe Puppet::Application::Agent do
     end
   end
-  describe "when starting in daemon mode on non-windows", :unless => Puppet.features.microsoft_windows? do
-    before :each do
-      allow(Puppet).to receive(:notice)
-      Puppet[:daemonize] = true
-    end
-    it "should not print config in default mode" do
-      execute_agent
-      expect(@logs).to be_empty
-    end
-    it "should print config in debug mode" do
-      @puppetd.options[:debug] = true
-      execute_agent
-      expect(@logs).to include(an_object_having_attributes(level: :debug, message: /agent_catalog_run_lockfile=/))
-    end
-  end
   def execute_agent
     @puppetd.setup
     @puppetd.run_command