RubyGems - puppet - Versions diffs - 6.6.0 → 6.7.0 - Mend

puppet 6.6.0 → 6.7.0

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (254) hide show

checksums.yaml +4 -4
data/Gemfile.lock +8 -8
data/ext/solaris/smf/puppet.xml +2 -0
data/ext/yaml_nodes.rb +7 -7
data/lib/hiera_puppet.rb +2 -1
data/lib/puppet/application/apply.rb +2 -3
data/lib/puppet/application/doc.rb +2 -1
data/lib/puppet/application/face_base.rb +22 -15
data/lib/puppet/application/script.rb +4 -6
data/lib/puppet/configurer.rb +10 -5
data/lib/puppet/confine_collection.rb +2 -1
data/lib/puppet/daemon.rb +3 -2
data/lib/puppet/defaults.rb +8 -0
data/lib/puppet/environments.rb +9 -7
data/lib/puppet/etc.rb +1 -1
data/lib/puppet/external/pson/pure/parser.rb +2 -1
data/lib/puppet/face/epp.rb +4 -2
data/lib/puppet/face/help.rb +3 -2
data/lib/puppet/face/module/changes.rb +2 -1
data/lib/puppet/file_bucket/dipper.rb +2 -1
data/lib/puppet/file_serving/configuration.rb +2 -1
data/lib/puppet/file_serving/fileset.rb +1 -1
data/lib/puppet/file_serving/http_metadata.rb +4 -2
data/lib/puppet/file_serving/metadata.rb +2 -1
data/lib/puppet/file_serving/mount/file.rb +2 -1
data/lib/puppet/file_serving/mount/locales.rb +2 -1
data/lib/puppet/file_serving/mount/modules.rb +4 -2
data/lib/puppet/file_serving/mount/pluginfacts.rb +2 -1
data/lib/puppet/file_serving/mount/plugins.rb +2 -1
data/lib/puppet/file_serving/mount/tasks.rb +4 -2
data/lib/puppet/file_system/uniquefile.rb +4 -2
data/lib/puppet/functions/match.rb +2 -3
data/lib/puppet/generate/type.rb +2 -1
data/lib/puppet/graph/relationship_graph.rb +2 -1
data/lib/puppet/graph/simple_graph.rb +3 -2
data/lib/puppet/indirector/catalog/compiler.rb +16 -8
data/lib/puppet/indirector/certificate/rest.rb +2 -1
data/lib/puppet/indirector/face.rb +2 -2
data/lib/puppet/indirector/file_server.rb +4 -2
data/lib/puppet/indirector/indirection.rb +12 -6
data/lib/puppet/indirector/node/exec.rb +2 -1
data/lib/puppet/indirector/report/processor.rb +2 -1
data/lib/puppet/indirector/request.rb +9 -5
data/lib/puppet/indirector/ssl_file.rb +10 -8
data/lib/puppet/indirector/terminus.rb +6 -3
data/lib/puppet/info_service.rb +9 -0
data/lib/puppet/info_service/plan_information_service.rb +36 -0
data/lib/puppet/interface.rb +2 -1
data/lib/puppet/interface/action.rb +10 -5
data/lib/puppet/interface/action_manager.rb +2 -1
data/lib/puppet/interface/documentation.rb +10 -7
data/lib/puppet/interface/face_collection.rb +6 -3
data/lib/puppet/interface/option.rb +4 -2
data/lib/puppet/interface/option_manager.rb +4 -2
data/lib/puppet/module.rb +35 -1
data/lib/puppet/module/plan.rb +160 -0
data/lib/puppet/module_tool.rb +2 -1
data/lib/puppet/module_tool/applications/application.rb +2 -1
data/lib/puppet/module_tool/applications/installer.rb +4 -2
data/lib/puppet/module_tool/applications/upgrader.rb +4 -2
data/lib/puppet/module_tool/contents_description.rb +2 -1
data/lib/puppet/module_tool/metadata.rb +2 -3
data/lib/puppet/module_tool/shared_behaviors.rb +2 -1
data/lib/puppet/network/authconfig.rb +4 -2
data/lib/puppet/network/authstore.rb +2 -1
data/lib/puppet/network/formats.rb +2 -1
data/lib/puppet/network/http/api/indirected_routes.rb +6 -4
data/lib/puppet/network/http/handler.rb +2 -1
data/lib/puppet/network/http/request.rb +2 -1
data/lib/puppet/network/http/route.rb +2 -1
data/lib/puppet/network/resolver.rb +3 -2
data/lib/puppet/network/rights.rb +2 -1
data/lib/puppet/node.rb +8 -4
data/lib/puppet/pal/catalog_compiler.rb +8 -1
data/lib/puppet/pal/compiler.rb +2 -1
data/lib/puppet/pal/pal_impl.rb +8 -0
data/lib/puppet/pal/script_compiler.rb +4 -2
data/lib/puppet/parameter.rb +4 -2
data/lib/puppet/parameter/value_collection.rb +8 -8
data/lib/puppet/parser/ast/pops_bridge.rb +2 -1
data/lib/puppet/parser/compiler.rb +10 -5
data/lib/puppet/parser/files.rb +2 -1
data/lib/puppet/parser/functions.rb +2 -1
data/lib/puppet/parser/relationship.rb +2 -1
data/lib/puppet/parser/resource.rb +6 -3
data/lib/puppet/parser/scope.rb +6 -4
data/lib/puppet/parser/templatewrapper.rb +2 -1
data/lib/puppet/parser/type_loader.rb +2 -1
data/lib/puppet/pops/adaptable.rb +2 -5
data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +2 -1
data/lib/puppet/pops/evaluator/collectors/fixed_set_collector.rb +2 -1
data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +2 -1
data/lib/puppet/pops/evaluator/runtime3_support.rb +8 -4
data/lib/puppet/pops/loader/base_loader.rb +4 -2
data/lib/puppet/pops/loader/dependency_loader.rb +4 -2
data/lib/puppet/pops/loader/gem_support.rb +4 -2
data/lib/puppet/pops/loader/loader.rb +4 -2
data/lib/puppet/pops/loader/loader_paths.rb +2 -1
data/lib/puppet/pops/loader/static_loader.rb +1 -1
data/lib/puppet/pops/lookup/interpolation.rb +2 -1
data/lib/puppet/pops/model/factory.rb +4 -2
data/lib/puppet/pops/parser/epp_support.rb +2 -1
data/lib/puppet/pops/parser/heredoc_support.rb +2 -1
data/lib/puppet/pops/parser/interpolation_support.rb +10 -5
data/lib/puppet/pops/parser/lexer2.rb +6 -3
data/lib/puppet/pops/parser/locator.rb +2 -1
data/lib/puppet/pops/types/type_calculator.rb +1 -1
data/lib/puppet/pops/types/type_parser.rb +4 -2
data/lib/puppet/pops/validation.rb +2 -1
data/lib/puppet/pops/validation/checker4_0.rb +6 -3
data/lib/puppet/pops/visitor.rb +12 -6
data/lib/puppet/property.rb +19 -16
data/lib/puppet/property/ensure.rb +2 -1
data/lib/puppet/property/keyvalue.rb +2 -1
data/lib/puppet/property/list.rb +2 -1
data/lib/puppet/provider.rb +10 -8
data/lib/puppet/provider/exec.rb +7 -4
data/lib/puppet/provider/file/posix.rb +6 -3
data/lib/puppet/provider/group/groupadd.rb +2 -1
data/lib/puppet/provider/group/ldap.rb +7 -4
data/lib/puppet/provider/group/pw.rb +4 -2
data/lib/puppet/provider/ldap.rb +8 -4
data/lib/puppet/provider/nameservice.rb +8 -5
data/lib/puppet/provider/nameservice/directoryservice.rb +8 -4
data/lib/puppet/provider/network_device.rb +4 -2
data/lib/puppet/provider/package.rb +2 -1
data/lib/puppet/provider/package/aix.rb +4 -2
data/lib/puppet/provider/package/appdmg.rb +4 -2
data/lib/puppet/provider/package/apple.rb +2 -1
data/lib/puppet/provider/package/apt.rb +4 -2
data/lib/puppet/provider/package/blastwave.rb +2 -1
data/lib/puppet/provider/package/dpkg.rb +6 -3
data/lib/puppet/provider/package/fink.rb +2 -1
data/lib/puppet/provider/package/gem.rb +4 -2
data/lib/puppet/provider/package/macports.rb +6 -3
data/lib/puppet/provider/package/nim.rb +8 -4
data/lib/puppet/provider/package/openbsd.rb +14 -8
data/lib/puppet/provider/package/opkg.rb +2 -1
data/lib/puppet/provider/package/pacman.rb +2 -1
data/lib/puppet/provider/package/pip.rb +2 -1
data/lib/puppet/provider/package/pkgdmg.rb +4 -2
data/lib/puppet/provider/package/pkgng.rb +4 -2
data/lib/puppet/provider/package/pkgutil.rb +2 -1
data/lib/puppet/provider/package/portupgrade.rb +2 -1
data/lib/puppet/provider/package/rpm.rb +8 -4
data/lib/puppet/provider/package/windows/package.rb +2 -1
data/lib/puppet/provider/parsedfile.rb +14 -7
data/lib/puppet/provider/service/base.rb +7 -4
data/lib/puppet/provider/service/launchd.rb +4 -2
data/lib/puppet/provider/service/service.rb +2 -1
data/lib/puppet/provider/service/upstart.rb +11 -8
data/lib/puppet/provider/user/directoryservice.rb +2 -1
data/lib/puppet/provider/user/hpux.rb +1 -1
data/lib/puppet/provider/user/ldap.rb +8 -4
data/lib/puppet/provider/user/openbsd.rb +2 -1
data/lib/puppet/provider/user/pw.rb +2 -1
data/lib/puppet/provider/user/user_role_add.rb +4 -2
data/lib/puppet/provider/user/useradd.rb +7 -4
data/lib/puppet/reference/providers.rb +2 -3
data/lib/puppet/reference/type.rb +4 -2
data/lib/puppet/relationship.rb +4 -9
data/lib/puppet/resource.rb +16 -9
data/lib/puppet/resource/capability_finder.rb +12 -8
data/lib/puppet/resource/catalog.rb +36 -40
data/lib/puppet/resource/type.rb +7 -3
data/lib/puppet/resource/type_collection.rb +4 -2
data/lib/puppet/settings.rb +36 -19
data/lib/puppet/settings/base_setting.rb +2 -1
data/lib/puppet/settings/config_file.rb +2 -1
data/lib/puppet/settings/file_setting.rb +2 -1
data/lib/puppet/settings/ini_file.rb +2 -1
data/lib/puppet/ssl/base.rb +2 -1
data/lib/puppet/ssl/host.rb +16 -8
data/lib/puppet/ssl/key.rb +2 -2
data/lib/puppet/ssl/state_machine.rb +22 -3
data/lib/puppet/transaction/event.rb +2 -1
data/lib/puppet/transaction/event_manager.rb +4 -2
data/lib/puppet/transaction/report.rb +10 -10
data/lib/puppet/transaction/resource_harness.rb +4 -2
data/lib/puppet/type.rb +84 -48
data/lib/puppet/type/component.rb +2 -1
data/lib/puppet/type/exec.rb +11 -7
data/lib/puppet/type/file.rb +15 -9
data/lib/puppet/type/file/content.rb +7 -3
data/lib/puppet/type/file/ctime.rb +2 -1
data/lib/puppet/type/file/data_sync.rb +2 -1
data/lib/puppet/type/file/ensure.rb +10 -7
data/lib/puppet/type/file/mode.rb +2 -1
data/lib/puppet/type/file/mtime.rb +2 -1
data/lib/puppet/type/file/selcontext.rb +2 -1
data/lib/puppet/type/file/source.rb +6 -7
data/lib/puppet/type/file/target.rb +2 -1
data/lib/puppet/type/file/type.rb +2 -1
data/lib/puppet/type/package.rb +6 -3
data/lib/puppet/type/resources.rb +2 -1
data/lib/puppet/type/service.rb +2 -1
data/lib/puppet/type/tidy.rb +14 -7
data/lib/puppet/type/user.rb +19 -7
data/lib/puppet/util.rb +6 -3
data/lib/puppet/util/checksums.rb +1 -1
data/lib/puppet/util/classgen.rb +12 -6
data/lib/puppet/util/command_line.rb +8 -4
data/lib/puppet/util/connection.rb +4 -2
data/lib/puppet/util/diff.rb +4 -2
data/lib/puppet/util/execution.rb +4 -2
data/lib/puppet/util/feature.rb +7 -4
data/lib/puppet/util/fileparsing.rb +57 -46
data/lib/puppet/util/filetype.rb +2 -1
data/lib/puppet/util/http_proxy.rb +2 -1
data/lib/puppet/util/instance_loader.rb +2 -1
data/lib/puppet/util/ldap/connection.rb +4 -2
data/lib/puppet/util/ldap/manager.rb +6 -3
data/lib/puppet/util/log.rb +6 -3
data/lib/puppet/util/metric.rb +2 -1
data/lib/puppet/util/posix.rb +4 -2
data/lib/puppet/util/rdoc/code_objects.rb +2 -1
data/lib/puppet/util/rdoc/generators/puppet_generator.rb +4 -2
data/lib/puppet/util/selinux.rb +2 -1
data/lib/puppet/version.rb +2 -5
data/locales/puppet.pot +713 -685
data/man/man5/puppet.conf.5 +9 -2
data/man/man8/puppet-agent.8 +1 -1
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +1 -1
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +1 -1
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +1 -1
data/man/man8/puppet-node.8 +1 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +1 -1
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/lib/puppet_spec/modules.rb +16 -2
data/spec/unit/indirector/request_spec.rb +5 -6
data/spec/unit/info_service_spec.rb +48 -0
data/spec/unit/module_spec.rb +73 -0
data/spec/unit/plan_spec.rb +65 -0
data/spec/unit/puppet_pal_catalog_spec.rb +12 -0
data/spec/unit/ssl/state_machine_spec.rb +68 -5
metadata +6 -2

@@ -0,0 +1,65 @@
+require 'spec_helper'
+require 'puppet_spec/files'
+require 'puppet_spec/modules'
+require 'puppet/module/plan'
+describe Puppet::Module::Plan do
+  include PuppetSpec::Files
+  let(:modpath) { tmpdir('plan_modpath') }
+  let(:mymodpath) { File.join(modpath, 'mymod') }
+  let(:othermodpath) { File.join(modpath, 'othermod') }
+  let(:mymod) { Puppet::Module.new('mymod', mymodpath, nil) }
+  let(:othermod) { Puppet::Module.new('othermod', othermodpath, nil) }
+  let(:plans_path) { File.join(mymodpath, 'plans') }
+  let(:other_plans_path) { File.join(othermodpath, 'plans') }
+  let(:plans_glob) { File.join(mymodpath, 'plans', '*') }
+  describe :naming do
+    word = (Puppet::Module::Plan::RESERVED_WORDS - Puppet::Module::Plan::RESERVED_DATA_TYPES).sample
+    datatype = (Puppet::Module::Plan::RESERVED_DATA_TYPES - Puppet::Module::Plan::RESERVED_WORDS).sample
+    test_cases = { 'iLegal.pp'  => 'Plan names must start with a lowercase letter and be composed of only lowercase letters, numbers, and underscores',
+                   'name.md'    => 'Plan name cannot have extension .md, must be .pp or .yaml',
+                   "#{word}.pp"     => "Plan name cannot be a reserved word, but was '#{word}'",
+                   "#{datatype}.pp" => "Plan name cannot be a Puppet data type, but was '#{datatype}'",
+                   'test_1.pp'    => nil,
+                   'test_2.yaml'  => nil }
+    test_cases.each do |filename, error|
+      it "constructs plans when needed with #{filename}" do
+        name = File.basename(filename, '.*')
+        if error
+          expect { Puppet::Module::Plan.new(mymod, name, [File.join(plans_path, filename)]) }
+            .to raise_error(Puppet::Module::Plan::InvalidName,
+                            error)
+        else
+          expect { Puppet::Module::Plan.new(mymod, name, [filename]) }
+            .not_to raise_error
+        end
+      end
+    end
+  end
+  it "finds all plans in module" do
+    og_files = %w{plan1.pp plan2.yaml not-a-plan.ok}.map { |bn| "#{plans_path}/#{bn}" }
+    expect(Dir).to receive(:glob).with(plans_glob).and_return(og_files)
+    plans = Puppet::Module::Plan.plans_in_module(mymod)
+    expect(plans.count).to eq(2)
+  end
+  it "selects .pp file before .yaml" do
+    og_files = %w{plan1.pp plan1.yaml}.map { |bn| "#{plans_path}/#{bn}" }
+    expect(Dir).to receive(:glob).with(plans_glob).and_return(og_files)
+    plans = Puppet::Module::Plan.plans_in_module(mymod)
+    expect(plans.count).to eq(1)
+    expect(plans.first.files.count).to eq(1)
+    expect(plans.first.files.first['name']).to eq('plan1.pp')
+  end
+  it "gives the 'init' plan a name that is just the module's name" do
+    expect(Puppet::Module::Plan.new(mymod, 'init', ["#{plans_path}/init.pp"]).name).to eq('mymod')
+  end
+end

data/spec/unit/puppet_pal_catalog_spec.rb CHANGED

@@ -111,6 +111,18 @@ describe 'Puppet Pal' do
           expect(resource.title).to eq('test')
         end
+        context 'catalog_data_hash' do
+          it 'produces a data_hash encoding of a catalog' do
+            result = Puppet::Pal.in_tmp_environment('pal_env', modulepath: modulepath, facts: node_facts) do |pal|
+              pal.with_catalog_compiler {|c|
+                c.evaluate_string("notify {'test': message => /a regexp/}")
+                c.catalog_data_hash
+              }
+            end
+            expect(result['resources']).to include(include('type' => 'Notify'))
+          end
+        end
         context 'the with_json_encoding()' do
           it 'produces json for a catalog' do

data/spec/unit/ssl/state_machine_spec.rb CHANGED

@@ -17,12 +17,11 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
   let(:cacert_pem) { cacert.to_pem }
   let(:cacert) { cert_fixture('ca.pem') }
-  let(:cacerts) { [cacert] }
+  let(:cacerts) { [cacert, cert_fixture('intermediate.pem')] }
   let(:crl_pem) { crl.to_pem }
   let(:crl) { crl_fixture('crl.pem') }
-  let(:crls) { [crl] }
+  let(:crls) { [crl, crl_fixture('intermediate-crl.pem')] }
   let(:private_key) { key_fixture('signed-key.pem') }
   let(:client_cert) { cert_fixture('signed.pem') }
@@ -38,6 +37,16 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
     allow(Kernel).to receive(:sleep)
   end
+  context 'when passing keyword arguments' do
+    it "accepts digest" do
+      expect(described_class.new(digest: 'SHA512').digest).to eq('SHA512')
+    end
+    it "accepts ca_fingerprint" do
+      expect(described_class.new(ca_fingerprint: 'CAFE').ca_fingerprint).to eq('CAFE')
+    end
+  end
   context 'when ensuring CA certs and CRLs' do
     it 'returns an SSLContext with the loaded CA certs and CRLs' do
       allow(cert_provider).to receive(:load_cacerts).and_return(cacerts)
@@ -109,6 +118,23 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
       expect(ssl_context[:client_cert]).to eq(client_cert)
     end
+    it 'uses the specified digest to log the cert chain fingerprints' do
+      allow(cert_provider).to receive(:load_cacerts).and_return(cacerts)
+      allow(cert_provider).to receive(:load_crls).and_return(crls)
+      allow(cert_provider).to receive(:load_private_key).and_return(private_key)
+      allow(cert_provider).to receive(:load_client_cert).and_return(client_cert)
+      Puppet[:log_level] = :debug
+      machine = described_class.new(cert_provider: cert_provider, digest: 'SHA512')
+      machine.ensure_client_certificate
+      expect(@logs).to include(
+        an_object_having_attributes(message: /Verified CA certificate 'CN=Test CA' fingerprint \(SHA512\)/),
+        an_object_having_attributes(message: /Verified CA certificate 'CN=Test CA Subauthority' fingerprint \(SHA512\)/),
+        an_object_having_attributes(message: /Verified client certificate 'CN=signed' fingerprint \(SHA512\)/)
+      )
+    end
     context 'when exceptions occur' do
       before :each do
         allow(cert_provider).to receive(:load_cacerts).and_return(cacerts)
@@ -269,7 +295,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
       stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: cacert_pem)
       st = state.next_state
-      expect(st.ssl_context[:cacerts].map(&:to_pem)).to eq(cacerts.map(&:to_pem))
+      expect(st.ssl_context[:cacerts].map(&:to_pem)).to eq([cacert_pem])
       expect(File).to be_exist(Puppet[:localcacert])
     end
@@ -318,6 +344,41 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
       expect(File).to_not exist(Puppet[:localcacert])
     end
+    context 'when verifying CA cert bundle' do
+      before :each do
+        allow(cert_provider).to receive(:load_cacerts).and_return(nil)
+        stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: cacert_pem)
+        allow(cert_provider).to receive(:save_cacerts)
+      end
+      it 'verifies CA cert bundle if a ca_fingerprint is given case-insensitively' do
+        Puppet[:log_level] = :info
+        machine = described_class.new(digest: 'SHA256', ca_fingerprint: 'caacf69bbbcdad9dbcda92dd2da3608b639d1aea4c314d6cc6823cdb32d8e0f8')
+        state = Puppet::SSL::StateMachine::NeedCACerts.new(machine)
+        state.next_state
+        expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA256) CA:AC:F6:9B:BB:CD:AD:9D:BC:DA:92:DD:2D:A3:60:8B:63:9D:1A:EA:4C:31:4D:6C:C6:82:3C:DB:32:D8:E0:F8"))
+      end
+      it 'verifies CA cert bundle using non-default fingerprint' do
+        Puppet[:log_level] = :info
+        machine = described_class.new(digest: 'SHA512', ca_fingerprint: '3c9d1482b878913ad95c9631feac5090cb05c6eab9496178d6fd5c14a023da3b1a8650a3cbaac516d9a48caf0b0742e1ed7eebf55105c024c74834a45056a9d9')
+        state = Puppet::SSL::StateMachine::NeedCACerts.new(machine)
+        state.next_state
+        expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA512) 3C:9D:14:82:B8:78:91:3A:D9:5C:96:31:FE:AC:50:90:CB:05:C6:EA:B9:49:61:78:D6:FD:5C:14:A0:23:DA:3B:1A:86:50:A3:CB:AA:C5:16:D9:A4:8C:AF:0B:07:42:E1:ED:7E:EB:F5:51:05:C0:24:C7:48:34:A4:50:56:A9:D9"))
+      end
+      it 'returns an error if verification fails' do
+        machine = described_class.new(digest: 'SHA256', ca_fingerprint: 'wrong!')
+        state = Puppet::SSL::StateMachine::NeedCACerts.new(machine)
+        st = state.next_state
+        expect(st).to be_an_instance_of(Puppet::SSL::StateMachine::Error)
+        expect(st.message).to eq("CA bundle with digest (SHA256) CA:AC:F6:9B:BB:CD:AD:9D:BC:DA:92:DD:2D:A3:60:8B:63:9D:1A:EA:4C:31:4D:6C:C6:82:3C:DB:32:D8:E0:F8 did not match expected digest WR:ON:G!")
+      end
+    end
   end
   context 'NeedCRLs' do
@@ -346,7 +407,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
       stub_request(:get, %r{puppet-ca/v1/certificate_revocation_list/ca}).to_return(status: 200, body: crl_pem)
       st = state.next_state
-      expect(st.ssl_context[:crls].map(&:to_pem)).to eq(crls.map(&:to_pem))
+      expect(st.ssl_context[:crls].map(&:to_pem)).to eq([crl_pem])
       expect(File).to be_exist(Puppet[:hostcrl])
     end
@@ -496,6 +557,8 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
         allow(cert_provider).to receive(:load_private_key).and_return(private_key)
         allow(cert_provider).to receive(:load_client_cert).and_return(cert_fixture('tampered-cert.pem'))
+        ssl_context = Puppet::SSL::SSLContext.new(cacerts: [cacert], crls: [crl])
+        state = Puppet::SSL::StateMachine::NeedKey.new(machine, ssl_context)
         expect {
           state.next_state
         }.to raise_error(Puppet::SSL::SSLError, %r{The certificate for 'CN=signed' does not match its private key})

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppet
 version: !ruby/object:Gem::Version
-  version: 6.6.0
+  version: 6.7.0
 platform: ruby
 authors:
 - Puppet Labs
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-06-26 00:00:00.000000000 Z
+date: 2019-07-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter
@@ -606,6 +606,7 @@ files:
 - lib/puppet/indirector/yaml.rb
 - lib/puppet/info_service.rb
 - lib/puppet/info_service/class_information_service.rb
+- lib/puppet/info_service/plan_information_service.rb
 - lib/puppet/info_service/task_information_service.rb
 - lib/puppet/interface.rb
 - lib/puppet/interface/action.rb
@@ -619,6 +620,7 @@ files:
 - lib/puppet/loaders.rb
 - lib/puppet/metatype/manager.rb
 - lib/puppet/module.rb
+- lib/puppet/module/plan.rb
 - lib/puppet/module/task.rb
 - lib/puppet/module_tool.rb
 - lib/puppet/module_tool/applications.rb
@@ -2195,6 +2197,7 @@ files:
 - spec/unit/parser/scope_spec.rb
 - spec/unit/parser/templatewrapper_spec.rb
 - spec/unit/parser/type_loader_spec.rb
+- spec/unit/plan_spec.rb
 - spec/unit/pops/adaptable_spec.rb
 - spec/unit/pops/benchmark_spec.rb
 - spec/unit/pops/containment_spec.rb
@@ -3437,6 +3440,7 @@ test_files:
 - spec/unit/parser/scope_spec.rb
 - spec/unit/parser/templatewrapper_spec.rb
 - spec/unit/parser/type_loader_spec.rb
+- spec/unit/plan_spec.rb
 - spec/unit/pops/adaptable_spec.rb
 - spec/unit/pops/benchmark_spec.rb
 - spec/unit/pops/containment_spec.rb