puppet 6.7.2-universal-darwin → 6.8.0-universal-darwin

data/man/man8/puppet-man.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MAN" "8" "July 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MAN" "8" "August 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-man\fR \- Display Puppet manual pages\.

data/man/man8/puppet-module.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MODULE" "8" "July 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MODULE" "8" "August 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.

data/man/man8/puppet-node.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-NODE" "8" "July 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-NODE" "8" "August 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-node\fR \- View and manage node definitions\.

data/man/man8/puppet-parser.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PARSER" "8" "July 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PARSER" "8" "August 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-parser\fR \- Interact directly with the parser\.

data/man/man8/puppet-plugin.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PLUGIN" "8" "July 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PLUGIN" "8" "August 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.

data/man/man8/puppet-report.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-REPORT" "8" "July 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-REPORT" "8" "August 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-report\fR \- Create, display, and submit reports\.

data/man/man8/puppet-resource.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-RESOURCE" "8" "July 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-RESOURCE" "8" "August 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-resource\fR \- The resource abstraction layer shell

data/man/man8/puppet-script.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SCRIPT" "8" "July 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SCRIPT" "8" "August 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog

data/man/man8/puppet-ssl.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SSL" "8" "July 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SSL" "8" "August 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients

data/man/man8/puppet-status.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-STATUS" "8" "July 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-STATUS" "8" "August 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-status\fR \- View puppet server status\.

data/man/man8/puppet.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET" "8" "July 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET" "8" "August 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
 catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
 .
 .P
-See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.7\.0
+See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.8\.0

data/spec/integration/provider/service/systemd_spec.rb

@@ -7,16 +7,18 @@ describe test_title, unless: Puppet::Util::Platform.jruby? do
 
   # TODO: Unfortunately there does not seem a way to stub the executable
   #       checks in the systemd provider because they happen at load time.
-  it "should be considered suitable if /bin/systemctl is present", :if => File.executable?('/bin/systemctl') do
+  it "should be considered suitable if /proc/1/exe is present and points to 'systemd'",
+    :if => File.exist?('/proc/1/exe') && Puppet::FileSystem.readlink('/proc/1/exe').include?('systemd') do
     expect(provider_class).to be_suitable
   end
 
-  it "should be considered suitable if /usr/bin/systemctl is present", :if => File.executable?('/usr/bin/systemctl')  do
-    expect(provider_class).to be_suitable
+  it "should not be considered suitable if /proc/1/exe is present it does not point to 'systemd'",
+    :if => File.exist?('/proc/1/exe') && !Puppet::FileSystem.readlink('/proc/1/exe').include?('systemd') do
+    expect(provider_class).not_to be_suitable
   end
 
-  it "should not be cosidered suitable if systemctl is absent",
-    :unless => (File.executable?('/bin/systemctl') or File.executable?('/usr/bin/systemctl')) do
+  it "should not be considered suitable if /proc/1/exe is absent",
+    :if => !File.exist?('/proc/1/exe') do
     expect(provider_class).not_to be_suitable
   end
 end

data/spec/integration/type/file_spec.rb

@@ -21,6 +21,13 @@ describe Puppet::Type.type(:file), :uses_checksums => true do
     File.join(parent, 'file_testing')
   end
 
+  let(:path_protected) do
+    # we create a file inside windows protected folders (C:\Windows, C:\Windows\system32, etc)
+    # the file will also be removed after the tests
+    parent = 'C:\Windows'
+    File.join(parent, 'file_testing')
+  end
+
   let(:dir) do
     # we create a directory first so backups of :path that are stored in
     # the same directory will also be removed after the tests
@@ -268,6 +275,27 @@ describe Puppet::Type.type(:file), :uses_checksums => true do
           expect(get_mode(path) & 07777).to eq(0666)
         end
 
+        context "file is in protected windows directory", :if => Puppet.features.microsoft_windows? do
+          after { FileUtils.rm(path_protected) }
+
+          it "should set and get the correct mode for files inside protected windows folders" do
+            catalog.add_resource described_class.new(:path => path_protected, :ensure => :file, :mode => '0640')
+            catalog.apply
+  
+            expect(get_mode(path_protected) & 07777).to eq(0640)
+          end
+
+          it "should not change resource's status inside protected windows folders if mode is the same" do
+            FileUtils.touch(path_protected)
+            set_mode(0644, path_protected)
+            catalog.add_resource described_class.new(:path => path_protected, :ensure => :file, :mode => '0644')
+            result = catalog.apply
+            status = result.report.resource_statuses["File[#{path_protected}]"]
+            expect(status).not_to be_failed
+            expect(status).not_to be_changed
+          end
+        end
+        
         it "should not set executable bits when replacing an executable directory (#10365)" do
           pending("bug #10365")
 

data/spec/unit/application/device_spec.rb

@@ -370,9 +370,19 @@ describe Puppet::Application::Device do
         allow(configurer).to receive(:run)
         allow(Puppet::Configurer).to receive(:new).and_return(configurer)
 
+        allow(Puppet::FileSystem).to receive(:exist?)
+        allow(Puppet::FileSystem).to receive(:symlink)
+        allow(Puppet::FileSystem).to receive(:dir_mkpath).and_return(true)
+        allow(Puppet::FileSystem).to receive(:dir_exist?).and_return(true)
+
         allow(plugin_handler).to receive(:download_plugins)
       end
 
+      it "sets ssldir relative to the global confdir" do
+        expect(Puppet).to receive(:[]=).with(:ssldir, make_absolute("/dummy/devices/device1/ssl"))
+        expect { device.main }.to exit_with 1
+      end
+
       it "sets vardir to the device vardir" do
         expect(Puppet).to receive(:[]=).with(:vardir, make_absolute("/dummy/devices/device1"))
         expect { device.main }.to exit_with 1
@@ -390,6 +400,22 @@ describe Puppet::Application::Device do
       end
 
       context 'with --target=device1' do
+        it "symlinks the ssl directory if it doesn't exist" do
+          allow(device.options).to receive(:[]).with(:target).and_return('device1')
+          allow(Puppet::FileSystem).to receive(:exist?).and_return(false)
+
+          expect(Puppet::FileSystem).to receive(:symlink).with(Puppet[:ssldir], File.join(Puppet[:confdir], 'ssl')).and_return(true)
+          expect { device.main }.to exit_with 1
+        end
+
+        it "creates the device confdir under the global confdir" do
+          allow(device.options).to receive(:[]).with(:target).and_return('device1')
+          allow(Puppet::FileSystem).to receive(:dir_exist?).and_return(false)
+
+          expect(Puppet::FileSystem).to receive(:dir_mkpath).with(Puppet[:ssldir]).and_return(true)
+          expect { device.main }.to exit_with 1
+        end
+
         it "manages the specified target" do
           allow(device.options).to receive(:[]).with(:target).and_return('device1')
 

data/spec/unit/face/facts_spec.rb

@@ -45,6 +45,15 @@ CONF
       subject.upload
     end
 
+    it "passes the current environment" do
+      env = Puppet::Node::Environment.remote('qa')
+      expect(model.indirection).to receive(:save).with(anything, nil, :environment => env)
+
+      Puppet.override(:current_environment => env) do
+        subject.upload
+      end
+    end
+
     it "uses settings from the agent section of puppet.conf" do
       expect(facter_terminus).to receive(:find).with(have_attributes(key: 'puppet.node.test')).and_return(test_data)
 

data/spec/unit/face/parser_spec.rb

@@ -105,13 +105,25 @@ describe Puppet::Face[:parser, :current] do
       end
     end
 
-    it "validates the contents of STDIN when no files given and STDIN is not a tty" do
-      from_a_piped_input_of("{ invalid =>")
+    context "when no files given and STDIN is not a tty" do
+      it "validates the contents of STDIN" do
+        from_a_piped_input_of("{ invalid =>")
 
-      Puppet.override(:current_environment => Puppet::Node::Environment.create(:special, [])) do
-        parse_errors = parser.validate()
+        Puppet.override(:current_environment => Puppet::Node::Environment.create(:special, [])) do
+          parse_errors = parser.validate()
+
+          expect(parse_errors['STDIN']).to be_a_kind_of(Puppet::ParseErrorWithIssue)
+        end
+      end
 
-        expect(parse_errors['STDIN']).to be_a_kind_of(Puppet::ParseErrorWithIssue)
+      it "runs error free when contents of STDIN is valid" do
+        from_a_piped_input_of("notify { valid: }")
+
+        Puppet.override(:current_environment => Puppet::Node::Environment.create(:special, [])) do
+          parse_errors = parser.validate()
+
+          expect(parse_errors).to be_empty
+        end
       end
     end
 

data/spec/unit/forge/module_release_spec.rb

@@ -15,6 +15,7 @@ describe Puppet::Forge::ModuleRelease do
   let(:module_full_name) { "#{module_author}-#{module_name}" }
   let(:module_full_name_versioned) { "#{module_full_name}-#{module_version}" }
   let(:module_md5) { "bbf919d7ee9d278d2facf39c25578bf8" }
+  let(:module_sha256) { "b4c6f15cec64a9fe16ef0d291e2598fc84f381bc59f0e67198d61706fafedae4" }
   let(:uri) { " "}
   let(:release) { Puppet::Forge::ModuleRelease.new(ssl_repository, JSON.parse(release_json)) }
 
@@ -31,21 +32,6 @@ describe Puppet::Forge::ModuleRelease do
       allow(Digest::MD5).to receive(:file).and_return(double(:hexdigest => md5))
     end
 
-    describe '#prepare' do
-      before :each do
-        allow(release).to receive(:tmpfile).and_return(mock_file)
-        allow(release).to receive(:tmpdir).and_return(mock_dir)
-      end
-
-      it 'should call sub methods with correct params' do
-        expect(release).to receive(:download).with("/#{api_version}/files/#{module_full_name_versioned}.tar.gz", mock_file)
-        expect(release).to receive(:validate_checksum).with(mock_file, module_md5)
-        expect(release).to receive(:unpack).with(mock_file, mock_dir)
-
-        release.prepare
-      end
-    end
-
     describe '#tmpfile' do
       it 'should be opened in binary mode' do
         allow(Puppet::Forge::Cache).to receive(:base_path).and_return(Dir.tmpdir)
@@ -67,21 +53,6 @@ describe Puppet::Forge::ModuleRelease do
       end
     end
 
-    describe '#verify_checksum' do
-      it 'passes md5 check when valid' do
-        # valid hash comes from file_md5 in JSON blob above
-        mock_digest_file_with_md5(module_md5)
-
-        release.send(:validate_checksum, mock_file, module_md5)
-      end
-
-      it 'fails md5 check when invalid' do
-        mock_digest_file_with_md5('ffffffffffffffffffffffffffffffff')
-
-        expect { release.send(:validate_checksum, mock_file, module_md5) }.to raise_error(RuntimeError, /did not match expected checksum/)
-      end
-    end
-
     describe '#unpack' do
       it 'should call unpacker with correct params' do
         expect(Puppet::ModuleTool::Applications::Unpacker).to receive(:unpack).with(mock_file.path, mock_dir).and_return(true)
@@ -130,6 +101,7 @@ describe Puppet::Forge::ModuleRelease do
       "file_uri": "/#{api_version}/files/#{module_full_name_versioned}.tar.gz",
       "file_size": 67586,
       "file_md5": "#{module_md5}",
+      "file_sha256": "#{module_sha256}",
       "downloads": 610751,
       "readme": "",
       "changelog": "",
@@ -142,6 +114,66 @@ describe Puppet::Forge::ModuleRelease do
     end
 
     it_behaves_like 'a module release'
+
+    context 'when verifying checksums' do
+      let(:json) { JSON.parse(release_json) }
+
+      def mock_release(json)
+        release = Puppet::Forge::ModuleRelease.new(ssl_repository, json)
+        allow(release).to receive(:tmpfile).and_return(mock_file)
+        allow(release).to receive(:tmpdir).and_return(mock_dir)
+        allow(release).to receive(:download).with("/#{api_version}/files/#{module_full_name_versioned}.tar.gz", mock_file)
+        allow(release).to receive(:unpack)
+        release
+      end
+
+      it 'verifies using SHA256' do
+        expect(Digest::SHA256).to receive(:file).and_return(double(:hexdigest => module_sha256))
+
+        release = mock_release(json)
+        release.prepare
+      end
+
+      it 'rejects an invalid release with SHA256' do
+        expect(Digest::SHA256).to receive(:file).and_return(double(:hexdigest => 'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'))
+
+        release = mock_release(json)
+        expect {
+          release.prepare
+        }.to raise_error(RuntimeError, /did not match expected checksum/)
+      end
+
+      context 'when `file_sha256` is missing' do
+        before(:each) do
+          json.delete('file_sha256')
+        end
+
+        it 'verifies using MD5 if `file_sha256` is missing' do
+          expect(Digest::MD5).to receive(:file).and_return(double(:hexdigest => module_md5))
+
+          release = mock_release(json)
+          release.prepare
+        end
+
+        it 'rejects an invalid release with MD5' do
+          expect(Digest::MD5).to receive(:file).and_return(double(:hexdigest => 'ffffffffffffffffffffffffffffffff'))
+
+          release = mock_release(json)
+          expect {
+            release.prepare
+          }.to raise_error(RuntimeError, /did not match expected checksum/)
+        end
+
+        it 'raises if FIPS is enabled' do
+          allow(Facter).to receive(:value).with(:fips_enabled).and_return(true)
+
+          release = mock_release(json)
+          expect {
+            release.prepare
+          }.to raise_error(/Module install using MD5 is prohibited in FIPS mode./)
+        end
+      end
+    end
   end
 
   context 'forge module with no dependencies field' do
@@ -180,6 +212,7 @@ describe Puppet::Forge::ModuleRelease do
       "file_uri": "/#{api_version}/files/#{module_full_name_versioned}.tar.gz",
       "file_size": 67586,
       "file_md5": "#{module_md5}",
+      "file_sha256": "#{module_sha256}",
       "downloads": 610751,
       "readme": "",
       "changelog": "",
@@ -208,7 +241,8 @@ describe Puppet::Forge::ModuleRelease do
       },
       "file_uri": "/#{api_version}/files/#{module_full_name_versioned}.tar.gz",
       "file_size": 67586,
-      "file_md5": "#{module_md5}"
+      "file_md5": "#{module_md5}",
+      "file_sha256": "#{module_sha256}"
     }
     }
     end
@@ -256,6 +290,7 @@ describe Puppet::Forge::ModuleRelease do
       "file_uri": "/#{api_version}/files/#{module_full_name_versioned}.tar.gz",
       "file_size": 67586,
       "file_md5": "#{module_md5}",
+      "file_sha256": "#{module_sha256}",
       "downloads": 610751,
       "readme": "",
       "changelog": "",

data/spec/unit/module_tool/applications/installer_spec.rb

@@ -365,14 +365,5 @@ describe Puppet::ModuleTool::Applications::Installer, :unless => RUBY_PLATFORM =
         end
       end
     end
-
-    context 'when in FIPS mode...' do
-      it 'module installer refuses to run' do
-        allow(Facter).to receive(:value).with(:fips_enabled).and_return(true)
-        expect {application.run}.to raise_error(/Module install is prohibited in FIPS mode./)
-      end 
-    end
-
   end
-
 end

data/spec/unit/network/http/factory_spec.rb

@@ -43,10 +43,11 @@ describe Puppet::Network::HTTP::Factory do
   context "proxy settings" do
     let(:proxy_host) { 'myhost' }
     let(:proxy_port) { 432 }
+    let(:proxy_user) { 'mo' }
+    let(:proxy_pass) { 'password' }
 
-    it "should not set a proxy if the value is 'none'" do
+    it "should not set a proxy if the http_proxy_host setting is 'none'" do
       Puppet[:http_proxy_host] = 'none'
-      expect(Puppet::Util::HttpProxy).to receive(:no_proxy?).and_return(false)
       conn = create_connection(site)
 
       expect(conn.proxy_address).to be_nil
@@ -55,7 +56,18 @@ describe Puppet::Network::HTTP::Factory do
     it 'should not set a proxy if a no_proxy env var matches the destination' do
       Puppet[:http_proxy_host] = proxy_host
       Puppet[:http_proxy_port] = proxy_port
-      expect(Puppet::Util::HttpProxy).to receive(:no_proxy?).and_return(true)
+      Puppet::Util.withenv('NO_PROXY' => site.host) do
+        conn = create_connection(site)
+
+        expect(conn.proxy_address).to be_nil
+        expect(conn.proxy_port).to be_nil
+      end
+    end
+
+    it 'should not set a proxy if the no_proxy setting matches the destination' do
+      Puppet[:http_proxy_host] = proxy_host
+      Puppet[:http_proxy_port] = proxy_port
+      Puppet[:no_proxy] = site.host
       conn = create_connection(site)
 
       expect(conn.proxy_address).to be_nil
@@ -64,7 +76,6 @@ describe Puppet::Network::HTTP::Factory do
 
     it 'sets proxy_address' do
       Puppet[:http_proxy_host] = proxy_host
-      expect(Puppet::Util::HttpProxy).to receive(:no_proxy?).and_return(false)
       conn = create_connection(site)
 
       expect(conn.proxy_address).to eq(proxy_host)
@@ -73,11 +84,22 @@ describe Puppet::Network::HTTP::Factory do
     it 'sets proxy address and port' do
       Puppet[:http_proxy_host] = proxy_host
       Puppet[:http_proxy_port] = proxy_port
-      expect(Puppet::Util::HttpProxy).to receive(:no_proxy?).and_return(false)
       conn = create_connection(site)
 
       expect(conn.proxy_port).to eq(proxy_port)
     end
+
+    it 'sets proxy user and password' do
+      Puppet[:http_proxy_host] = proxy_host
+      Puppet[:http_proxy_port] = proxy_port
+      Puppet[:http_proxy_user] = proxy_user
+      Puppet[:http_proxy_password] = proxy_pass
+
+      conn = create_connection(site)
+
+      expect(conn.proxy_user).to eq(proxy_user)
+      expect(conn.proxy_pass).to eq(proxy_pass)
+    end
   end
 
   context 'socket timeouts' do