puppet 6.7.2-universal-darwin → 6.8.0-universal-darwin

data/spec/unit/provider/package/dpkg_spec.rb

@@ -8,6 +8,7 @@ describe Puppet::Type.type(:package).provider(:dpkg) do
   let(:vim_installed_output) { "install ok installed vim 2:7.3.547-6ubuntu5\n" }
   let(:all_installed_io) { StringIO.new([bash_installed_output, vim_installed_output].join) }
   let(:args) { ['-W', '--showformat', %Q{'${Status} ${Package} ${Version}\\n'}] }
+  let(:args_with_provides) { ['/bin/dpkg-query','-W', '--showformat', %Q{'${Status} ${Package} ${Version} [${Provides}]\\n'}]}
   let(:execute_options) do
     {:failonfail => true, :combine => true, :custom_environment => {}}
   end
@@ -31,7 +32,6 @@ describe Puppet::Type.type(:package).provider(:dpkg) do
 
       installed = double('bash')
       expect(described_class).to receive(:new).with(:ensure => "4.2-5ubuntu3", :error => "ok", :desired => "install", :name => "bash", :status => "installed", :provider => :dpkg).and_return(installed)
-
       expect(described_class.instances).to eq([installed])
     end
 
@@ -68,31 +68,59 @@ describe Puppet::Type.type(:package).provider(:dpkg) do
       expect(Puppet::Util::Execution).to receive(:execute).with(query_args, execute_options).and_return(Puppet::Util::Execution::ProcessOutput.new(output, 0))
     end
 
+    def dpkg_query_execution_with_multiple_args_returns(output, *args)
+      args.each do |arg|
+        expect(Puppet::Util::Execution).to receive(:execute).with(arg, execute_options).ordered.and_return(Puppet::Util::Execution::ProcessOutput.new(output, 0))
+      end
+    end
+
     before do
       allow(Puppet::Util).to receive(:which).with('/usr/bin/dpkg-query').and_return(dpkgquery_path)
+      allow(resource).to receive(:allow_virtual?).and_return(false)
     end
 
     it "considers the package purged if dpkg-query fails" do
       allow(Puppet::Util::Execution).to receive(:execute).with(query_args, execute_options).and_raise(Puppet::ExecutionFailure.new("eh"))
+      expect(provider.query[:ensure]).to eq(:purged)
+    end
 
+    it "considers the package purged if dpkg-query fails  with allow_virtual enabled" do
+      allow(resource).to receive(:allow_virtual?).and_return(true)
+      allow(Puppet::Util::Execution).to receive(:execute).with(args_with_provides, execute_options).and_raise(Puppet::ExecutionFailure.new("eh"))
       expect(provider.query[:ensure]).to eq(:purged)
     end
 
     it "returns a hash of the found package status for an installed package" do
       dpkg_query_execution_returns(bash_installed_output)
+      expect(provider.query).to eq({:ensure => "4.2-5ubuntu3", :error => "ok", :desired => "install", :name => "bash", :status => "installed", :provider => :dpkg})
+    end
 
+    it "returns a hash of the found package status for an installed package with allo_virtual enabled" do
+      allow(resource).to receive(:allow_virtual?).and_return(true)
+      dpkg_query_execution_with_multiple_args_returns(bash_installed_output,args_with_provides,query_args)
       expect(provider.query).to eq({:ensure => "4.2-5ubuntu3", :error => "ok", :desired => "install", :name => "bash", :status => "installed", :provider => :dpkg})
     end
 
     it "considers the package absent if the dpkg-query result cannot be interpreted" do
+      allow(resource).to receive(:allow_virtual?).and_return(false)
       dpkg_query_execution_returns('some-bad-data')
+      expect(provider.query[:ensure]).to eq(:absent)
+    end
 
+    it "considers the package absent if the dpkg-query result cannot be interpreted  with allow_virtual enabled" do
+      allow(resource).to receive(:allow_virtual?).and_return(true)
+      dpkg_query_execution_with_multiple_args_returns('some-bad-data',args_with_provides,query_args)
       expect(provider.query[:ensure]).to eq(:absent)
     end
 
     it "fails if an error is discovered" do
       dpkg_query_execution_returns(bash_installed_output.gsub("ok","error"))
+      expect { provider.query }.to raise_error(Puppet::Error)
+    end
 
+    it "fails if an error is discovered with allow_virtual enabled" do
+      allow(resource).to receive(:allow_virtual?).and_return(true)
+      dpkg_query_execution_with_multiple_args_returns(bash_installed_output.gsub("ok","error"),args_with_provides,query_args)
       expect { provider.query }.to raise_error(Puppet::Error)
     end
 
@@ -100,35 +128,74 @@ describe Puppet::Type.type(:package).provider(:dpkg) do
       not_installed_bash = bash_installed_output.gsub("installed", "not-installed")
       not_installed_bash.gsub!(bash_version, "")
       dpkg_query_execution_returns(not_installed_bash)
+      expect(provider.query[:ensure]).to eq(:purged)
+    end
 
+    it "considers the package purged if it is marked 'not-installed' with allow_virtual enabled" do
+      allow(resource).to receive(:allow_virtual?).and_return(true)
+      not_installed_bash = bash_installed_output.gsub("installed", "not-installed")
+      not_installed_bash.gsub!(bash_version, "")
+      dpkg_query_execution_with_multiple_args_returns(not_installed_bash,args_with_provides,query_args)
       expect(provider.query[:ensure]).to eq(:purged)
     end
 
+
     it "considers the package absent if it is marked 'config-files'" do
       dpkg_query_execution_returns(bash_installed_output.gsub("installed","config-files"))
       expect(provider.query[:ensure]).to eq(:absent)
     end
 
+    it "considers the package absent if it is marked 'config-files' with allow_virtual enabled" do
+      allow(resource).to receive(:allow_virtual?).and_return(true)
+      dpkg_query_execution_with_multiple_args_returns(bash_installed_output.gsub("installed","config-files"),args_with_provides,query_args)
+      expect(provider.query[:ensure]).to eq(:absent)
+    end
+
     it "considers the package absent if it is marked 'half-installed'" do
       dpkg_query_execution_returns(bash_installed_output.gsub("installed","half-installed"))
       expect(provider.query[:ensure]).to eq(:absent)
     end
 
+    it "considers the package absent if it is marked 'half-installed' with allow_virtual enabled" do
+      allow(resource).to receive(:allow_virtual?).and_return(true)
+      dpkg_query_execution_with_multiple_args_returns(bash_installed_output.gsub("installed","half-installed"),args_with_provides,query_args)
+      expect(provider.query[:ensure]).to eq(:absent)
+    end
+
     it "considers the package absent if it is marked 'unpacked'" do
       dpkg_query_execution_returns(bash_installed_output.gsub("installed","unpacked"))
       expect(provider.query[:ensure]).to eq(:absent)
     end
 
+
+    it "considers the package absent if it is marked 'unpacked' with allow_virtual enabled" do
+      allow(resource).to receive(:allow_virtual?).and_return(true)
+      dpkg_query_execution_with_multiple_args_returns(bash_installed_output.gsub("installed","unpacked"),args_with_provides,query_args)
+      expect(provider.query[:ensure]).to eq(:absent)
+    end
+
     it "considers the package absent if it is marked 'half-configured'" do
       dpkg_query_execution_returns(bash_installed_output.gsub("installed","half-configured"))
       expect(provider.query[:ensure]).to eq(:absent)
     end
 
+    it "considers the package absent if it is marked 'half-configured' with allow_virtual enabled" do
+      allow(resource).to receive(:allow_virtual?).and_return(true)
+      dpkg_query_execution_with_multiple_args_returns(bash_installed_output.gsub("installed","half-configured"),args_with_provides,query_args)      
+      expect(provider.query[:ensure]).to eq(:absent)
+    end
+
     it "considers the package held if its state is 'hold'" do
       dpkg_query_execution_returns(bash_installed_output.gsub("install","hold"))
       expect(provider.query[:ensure]).to eq(:held)
     end
 
+    it "considers the package held if its state is 'hold' with allow_virtual enabled" do
+      allow(resource).to receive(:allow_virtual?).and_return(true)
+      dpkg_query_execution_with_multiple_args_returns(bash_installed_output.gsub("install","hold"),args_with_provides,query_args)
+      expect(provider.query[:ensure]).to eq(:held)
+    end
+
     context "parsing tests" do
       let(:resource_name) { 'name' }
       let(:package_hash) do
@@ -144,6 +211,7 @@ describe Puppet::Type.type(:package).provider(:dpkg) do
       let(:package_not_found_hash) do
         {:ensure => :purged, :status => 'missing', :name => resource_name, :error => 'ok'}
       end
+      let(:output) {'an unexpected dpkg msg with an exit code of 0'}
 
       def parser_test(dpkg_output_string, gold_hash, number_of_debug_logs = 0)
         dpkg_query_execution_returns(dpkg_output_string)
@@ -157,20 +225,33 @@ describe Puppet::Type.type(:package).provider(:dpkg) do
         no_ensure = 'desired ok status name '
         parser_test(no_ensure, package_hash.merge(:ensure => ''))
       end
+      it "provides debug logging of unparsable lines with allow_virtual enabled" do
+        allow(resource).to receive(:allow_virtual?).and_return(true)
+        dpkg_query_execution_with_multiple_args_returns(output, args_with_provides, query_args)
+        expect(Puppet).not_to receive(:warning)
+        expect(Puppet).to receive(:debug).exactly(1).times
+        expect(provider.query).to eq(package_not_found_hash.merge(:ensure => :absent))
+      end
+      
 
       it "provides debug logging of unparsable lines" do
         parser_test('an unexpected dpkg msg with an exit code of 0', package_not_found_hash.merge(:ensure => :absent), 1)
       end
+      
+      it "does not log if execution returns with non-zero exit code with allow_virtual enabled" do
+        allow(resource).to receive(:allow_virtual?).and_return(true)
+        expect(Puppet::Util::Execution).to receive(:execute).with(args_with_provides, execute_options).ordered.and_raise(Puppet::ExecutionFailure.new("failed"))
+        expect(Puppet).not_to receive(:debug)
+        expect(provider.query).to eq(package_not_found_hash)
+      end
 
       it "does not log if execution returns with non-zero exit code" do
         expect(Puppet::Util::Execution).to receive(:execute).with(query_args, execute_options).and_raise(Puppet::ExecutionFailure.new("failed"))
         expect(Puppet).not_to receive(:debug)
-
         expect(provider.query).to eq(package_not_found_hash)
       end
     end
   end
-
   context "when installing" do
     before do
       allow(resource).to receive(:[]).with(:source).and_return("mypkg")
@@ -292,4 +373,3 @@ describe Puppet::Type.type(:package).provider(:dpkg) do
     expect {provider.package_not_installed?("")}.to raise_error(ArgumentError,"Package name is nil or empty")
   end
 end
-

data/spec/unit/provider/service/launchd_spec.rb

@@ -127,6 +127,8 @@ describe 'Puppet::Type::Service::Provider::Launchd', unless: Puppet::Util::Platf
   end
 
   describe "when starting the service" do
+    let(:services) { "12345 0 #{joblabel}"  }
+
     it "should call any explicit 'start' command" do
       resource[:start] = "/bin/false"
       expect(subject).to receive(:texecute).with(:start, ["/bin/false"], true)
@@ -134,6 +136,7 @@ describe 'Puppet::Type::Service::Provider::Launchd', unless: Puppet::Util::Platf
     end
 
     it "should look for the relevant plist once" do
+      allow(provider).to receive(:launchctl).with(:list).and_return(services)
       expect(subject).to receive(:plist_from_label).and_return([joblabel, {}]).once
       expect(subject).to receive(:enabled?).and_return(:true)
       expect(subject).to receive(:execute).with([:launchctl, :load, "-w", joblabel])
@@ -141,6 +144,7 @@ describe 'Puppet::Type::Service::Provider::Launchd', unless: Puppet::Util::Platf
     end
 
     it "should execute 'launchctl load' once without writing to the plist if the job is enabled" do
+      allow(provider).to receive(:launchctl).with(:list).and_return(services)
       expect(subject).to receive(:plist_from_label).and_return([joblabel, {}])
       expect(subject).to receive(:enabled?).and_return(:true)
       expect(subject).to receive(:execute).with([:launchctl, :load, "-w", joblabel]).once
@@ -244,6 +248,30 @@ describe 'Puppet::Type::Service::Provider::Launchd', unless: Puppet::Util::Platf
     end
   end
 
+  describe "when a service is unavailable" do
+    let(:map) { {"some.random.job" => "/path/to/job.plist"} }
+    
+    before :each do
+      allow(provider).to receive(:make_label_to_path_map).and_return(map)
+    end
+
+    it "should fail when searching for the unavailable service" do
+      expect { provider.jobsearch("NOSUCH") }.to raise_error(Puppet::Error)
+    end
+
+    it "should return false when enabling the service" do
+      expect(subject.enabled?).to eq(:false)
+    end
+
+    it "should fail when starting the service" do
+      expect { subject.start }.to raise_error(Puppet::Error)
+    end
+
+    it "should fail when starting the service" do
+      expect { subject.stop }.to raise_error(Puppet::Error)
+    end
+  end
+
   [[10, "10.6"], [13, "10.9"]].each do |kernel, version|
     describe "when enabling the service on OS X #{version}" do
       it "should write to the global launchd overrides file once" do

data/spec/unit/provider/service/systemd_spec.rb

@@ -120,6 +120,20 @@ describe 'Puppet::Type::Service::Provider::Systemd', unless: Puppet::Util::Platf
     expect(provider_class).to be_default
   end
 
+  it "should be the default provider on debian11" do
+    allow(Facter).to receive(:value).with(:osfamily).and_return(:debian)
+    allow(Facter).to receive(:value).with(:operatingsystem).and_return(:debian)
+    allow(Facter).to receive(:value).with(:operatingsystemmajrelease).and_return("11")
+    expect(provider_class).to be_default
+  end
+
+  it "should be the default provider on debian bookworm/sid" do
+    allow(Facter).to receive(:value).with(:osfamily).and_return(:debian)
+    allow(Facter).to receive(:value).with(:operatingsystem).and_return(:debian)
+    allow(Facter).to receive(:value).with(:operatingsystemmajrelease).and_return("bookworm/sid")
+    expect(provider_class).to be_default
+  end
+
   it "should not be the default provider on ubuntu14.04" do
     allow(Facter).to receive(:value).with(:osfamily).and_return(:debian)
     allow(Facter).to receive(:value).with(:operatingsystem).and_return(:ubuntu)

data/spec/unit/provider/user/pw_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'open3'
 
 RSpec::Matchers.define_negated_matcher :excluding, :include
 
@@ -81,6 +82,23 @@ describe Puppet::Type.type(:user).provider(:pw) do
       provider.create
     end
 
+    it "should call execute with sensitive true when the password property is set" do
+      Puppet::Util::Log.level = :debug
+      resource[:password] = "abc123"
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
+      popen = double("popen", :puts => nil, :close => nil)
+      expect(Open3).to receive(:popen3).and_return(popen)
+      expect(popen).to receive(:puts).with("abc123")
+      provider.create
+      expect(@logs).not_to be_any {|log| log.level == :debug and log.message =~ /abc123/}
+    end
+
+    it "should call execute with sensitive false when a non-sensitive property is set" do
+      resource[:managehome] = true
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
+      provider.create
+    end
+
     it "should use -s with the correct argument when the shell property is set" do
       resource[:shell] = "/bin/sh"
       expect(provider).to receive(:execute).with(include("-s").and(include("/bin/sh")), kind_of(Hash))
@@ -209,5 +227,24 @@ describe Puppet::Type.type(:user).provider(:pw) do
       expect(provider).to receive(:execute).with(include("-u").and(include(54321)), hash_including(custom_environment: {}))
       provider.uid = 54321
     end
+
+    it "should print a debug message with sensitive data redacted when the password property is set" do
+      Puppet::Util::Log.level = :debug
+      resource[:password] = "*"
+      popen = double("popen", :puts => nil, :close => nil)
+      expect(Open3).to receive(:popen3).and_return(popen)
+      expect(popen).to receive(:puts).with("abc123")
+      provider.password = "abc123"
+
+      expect(@logs).not_to be_any {|log| log.level == :debug and log.message =~ /abc123/}
+     end
+
+    it "should call execute with sensitive false when a non-sensitive property is set" do
+      Puppet::Util::Log.level = :debug
+      resource[:home] = "/home/testuser"
+      resource[:managehome] = true
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
+      provider.home = "/newhome/testuser"
+    end
   end
 end

data/spec/unit/provider/user/useradd_spec.rb

@@ -44,6 +44,27 @@ describe Puppet::Type.type(:user).provider(:useradd) do
       allow(provider).to receive(:exists?).and_return(false)
     end
 
+    it "should not redact the command from debug logs if there is no password" do
+      described_class.has_feature :manages_passwords
+      resource[:ensure] = :present
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
+      provider.create
+    end
+
+    it "should redact the command from debug logs if there is a password" do
+      described_class.has_feature :manages_passwords
+      resource2 = Puppet::Type.type(:user).new(
+        :name       => 'myuser',
+        :password   => 'a pass word',
+        :managehome => :false,
+        :system     => :false,
+        :provider   => provider,
+      )
+      resource2[:ensure] = :present
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
+      provider.create
+    end
+
     it "should add -g when no gid is specified and group already exists" do
       allow(Puppet::Util).to receive(:gid).and_return(true)
       resource[:ensure] = :present
@@ -165,6 +186,27 @@ describe Puppet::Type.type(:user).provider(:useradd) do
     end
   end
 
+  describe 'when modifying the password' do
+    before do
+      described_class.has_feature :libuser
+      described_class.has_feature :manages_passwords
+      #Setting any resource value here initializes needed variables and methods in the resource and provider
+      #Setting a password value here initializes the existence and management of the password parameter itself
+      #Otherwise, this value would not need to be initialized for the test
+      resource[:password] = ''
+    end
+
+    it "should not call execute with sensitive if non-sensitive data is changed" do
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
+      provider.home = 'foo/bar'
+    end
+
+    it "should call execute with sensitive if sensitive data is changed" do
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
+      provider.password = 'bird bird bird'
+    end
+  end
+
   describe '#modify' do
     describe "on systems with the libuser and forcelocal=false" do
       before do

data/spec/unit/transaction_spec.rb

@@ -779,6 +779,24 @@ describe Puppet::Transaction do
 
       transaction.evaluate
     end
+
+    it "should call Selinux.matchpathcon_fini in case Selinux is enabled ", :if => Puppet.features.posix? do
+      unless defined?(Selinux)
+        module Selinux
+          def self.is_selinux_enabled
+            true
+          end
+        end
+      end
+
+      resource = Puppet::Type.type(:file).new(:path => make_absolute("/tmp/foo"))
+      transaction = transaction_with_resource(resource)
+
+      expect(Selinux).to receive(:matchpathcon_fini)
+      expect(Puppet::Util::SELinux).to receive(:selinux_support?).and_return(true)
+
+      transaction.evaluate
+    end
   end
 
   describe 'when checking application run state' do

data/spec/unit/util/http_proxy_spec.rb

@@ -129,9 +129,32 @@ describe Puppet::Util::HttpProxy do
 
   end
 
+  describe ".no_proxy" do
+    no_proxy = '127.0.0.1, localhost'
+    it "should use a no_proxy list if set in environment" do
+      Puppet::Util.withenv('NO_PROXY' => no_proxy) do
+        expect(subject.no_proxy).to eq(no_proxy)
+      end
+    end
+
+    it "should use a no_proxy list if set in config" do
+      Puppet.settings[:no_proxy] = no_proxy
+      expect(subject.no_proxy).to eq(no_proxy)
+    end
+
+    it "should use environment variable before puppet settings" do
+      no_proxy_puppet_setting = '10.0.0.1, localhost'
+      Puppet::Util.withenv('NO_PROXY' => no_proxy) do
+        Puppet.settings[:no_proxy] = no_proxy_puppet_setting
+        expect(subject.no_proxy).to eq(no_proxy)
+      end
+    end
+  end
+
   describe ".no_proxy?" do
     no_proxy = '127.0.0.1, localhost, mydomain.com, *.otherdomain.com, oddport.com:8080, *.otheroddport.com:8080, .anotherdomain.com, .anotheroddport.com:8080'
-    it "should return false if no_proxy does not exist in env" do
+
+    it "should return false if no_proxy does not exist in environment or puppet settings" do
       Puppet::Util.withenv('no_proxy' => nil) do
         dest = 'https://puppetlabs.com'
         expect(subject.no_proxy?(dest)).to be false

data/spec/unit/x509/cert_provider_spec.rb

@@ -307,7 +307,7 @@ describe Puppet::X509::CertProvider do
           # password is 74695716c8b6
           expect {
             provider.load_private_key('encrypted-ec-key')
-          }.to raise_error(OpenSSL::PKey::PKeyError, /Could not parse PKey: no start line/)
+          }.to raise_error(OpenSSL::PKey::PKeyError, /(unknown|invalid) curve name|Could not parse PKey: no start line/)
         end
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppet
 version: !ruby/object:Gem::Version
-  version: 6.7.2
+  version: 6.8.0
 platform: universal-darwin
 authors:
 - Puppet Labs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-07-26 00:00:00.000000000 Z
+date: 2019-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter
@@ -286,9 +286,6 @@ files:
 - ext/suse/puppet.spec
 - ext/suse/server.init
 - ext/systemd/puppet.service
-- ext/windows/eventlog/Rakefile
-- ext/windows/eventlog/puppetres.dll
-- ext/windows/eventlog/puppetres.mc
 - ext/windows/puppet_interactive.bat
 - ext/windows/puppet_shell.bat
 - ext/windows/run_puppet_interactive.bat
@@ -870,6 +867,7 @@ files:
 - lib/puppet/pops/lookup/hiera_config.rb
 - lib/puppet/pops/lookup/interpolation.rb
 - lib/puppet/pops/lookup/invocation.rb
+- lib/puppet/pops/lookup/key_recorder.rb
 - lib/puppet/pops/lookup/location_resolver.rb
 - lib/puppet/pops/lookup/lookup_adapter.rb
 - lib/puppet/pops/lookup/lookup_key.rb
@@ -2594,8 +2592,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubyforge_project: puppet
-rubygems_version: 2.7.7
+rubygems_version: 3.0.4
 signing_key: 
 specification_version: 4
 summary: Puppet, an automated configuration management tool

data/ext/windows/eventlog/Rakefile

@@ -1,32 +0,0 @@
-require 'rubygems'
-require 'rake'
-require 'fileutils'
-require 'rbconfig'
-
-BASENAME = "puppetres"
-
-task :default do
-  sh 'rake -T'
-end
-
-desc 'Build puppet eventlog message dll'
-task :dist => ['out', "#{BASENAME}.dll"]
-
-directory 'out'
-
-rule '.rc' => '.mc' do |t|
-  sh "mc -b -r out -h out #{t.source}"
-end
-
-rule '.res' => '.rc' do |t|
-  sh "rc -nologo -r -fo out/#{t.name} out/#{t.source}"
-end
-
-rule '.dll' => '.res' do |t|
-  sh "link -nologo -dll -noentry -machine:x86 -out:out/#{t.name} out/#{t.source}"
-end
-
-desc 'Delete generated files'
-task :clean do
-  FileUtils.rm_rf('out')
-end

data/ext/windows/eventlog/puppetres.mc

@@ -1,18 +0,0 @@
-MessageId=0x1
-SymbolicName=PUPPET_INFO
-Language=English
-%1
-.
-
-MessageId=0x2
-SymbolicName=PUPPET_WARN
-Language=English
-%1
-.
-
-MessageId=0x3
-SymbolicName=PUPPET_ERROR
-Language=English
-%1
-.
-