puppet 6.7.2 → 6.8.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (89) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +9 -9
  3. data/Gemfile +1 -1
  4. data/Gemfile.lock +7 -7
  5. data/install.rb +3 -21
  6. data/lib/puppet/application/agent.rb +17 -13
  7. data/lib/puppet/application/device.rb +10 -0
  8. data/lib/puppet/defaults.rb +21 -6
  9. data/lib/puppet/face/facts.rb +1 -1
  10. data/lib/puppet/face/parser.rb +3 -2
  11. data/lib/puppet/forge.rb +19 -4
  12. data/lib/puppet/indirector/certificate/file.rb +1 -0
  13. data/lib/puppet/indirector/certificate/rest.rb +1 -0
  14. data/lib/puppet/indirector/certificate_request/file.rb +1 -0
  15. data/lib/puppet/indirector/certificate_request/memory.rb +1 -0
  16. data/lib/puppet/indirector/certificate_request/rest.rb +1 -0
  17. data/lib/puppet/indirector/key/file.rb +1 -0
  18. data/lib/puppet/indirector/key/memory.rb +1 -0
  19. data/lib/puppet/module_tool/applications/installer.rb +0 -3
  20. data/lib/puppet/network/http/factory.rb +1 -11
  21. data/lib/puppet/pops/lookup.rb +1 -0
  22. data/lib/puppet/pops/lookup/key_recorder.rb +18 -0
  23. data/lib/puppet/pops/lookup/lookup_adapter.rb +7 -0
  24. data/lib/puppet/provider/file/posix.rb +5 -0
  25. data/lib/puppet/provider/nameservice.rb +10 -3
  26. data/lib/puppet/provider/package/apt.rb +1 -1
  27. data/lib/puppet/provider/package/dpkg.rb +17 -3
  28. data/lib/puppet/provider/service/launchd.rb +20 -5
  29. data/lib/puppet/provider/service/systemd.rb +5 -10
  30. data/lib/puppet/provider/user/pw.rb +12 -3
  31. data/lib/puppet/provider/user/user_role_add.rb +4 -0
  32. data/lib/puppet/provider/user/useradd.rb +25 -11
  33. data/lib/puppet/ssl/certificate.rb +2 -0
  34. data/lib/puppet/ssl/host.rb +3 -0
  35. data/lib/puppet/ssl/key.rb +2 -0
  36. data/lib/puppet/util/http_proxy.rb +17 -3
  37. data/lib/puppet/util/monkey_patches.rb +0 -16
  38. data/lib/puppet/util/selinux.rb +5 -1
  39. data/lib/puppet/util/windows/security.rb +2 -0
  40. data/lib/puppet/util/windows/sid.rb +1 -0
  41. data/lib/puppet/version.rb +1 -1
  42. data/lib/puppet/x509/cert_provider.rb +13 -15
  43. data/locales/puppet.pot +77 -65
  44. data/man/man5/puppet.conf.5 +20 -4
  45. data/man/man8/puppet-agent.8 +24 -7
  46. data/man/man8/puppet-apply.8 +1 -1
  47. data/man/man8/puppet-catalog.8 +1 -1
  48. data/man/man8/puppet-config.8 +1 -1
  49. data/man/man8/puppet-describe.8 +1 -1
  50. data/man/man8/puppet-device.8 +1 -1
  51. data/man/man8/puppet-doc.8 +1 -1
  52. data/man/man8/puppet-epp.8 +1 -1
  53. data/man/man8/puppet-facts.8 +1 -1
  54. data/man/man8/puppet-filebucket.8 +1 -1
  55. data/man/man8/puppet-generate.8 +1 -1
  56. data/man/man8/puppet-help.8 +1 -1
  57. data/man/man8/puppet-key.8 +1 -1
  58. data/man/man8/puppet-lookup.8 +1 -1
  59. data/man/man8/puppet-man.8 +1 -1
  60. data/man/man8/puppet-module.8 +1 -1
  61. data/man/man8/puppet-node.8 +1 -1
  62. data/man/man8/puppet-parser.8 +1 -1
  63. data/man/man8/puppet-plugin.8 +1 -1
  64. data/man/man8/puppet-report.8 +1 -1
  65. data/man/man8/puppet-resource.8 +1 -1
  66. data/man/man8/puppet-script.8 +1 -1
  67. data/man/man8/puppet-ssl.8 +1 -1
  68. data/man/man8/puppet-status.8 +1 -1
  69. data/man/man8/puppet.8 +2 -2
  70. data/spec/integration/provider/service/systemd_spec.rb +7 -5
  71. data/spec/integration/type/file_spec.rb +28 -0
  72. data/spec/unit/application/device_spec.rb +26 -0
  73. data/spec/unit/face/facts_spec.rb +9 -0
  74. data/spec/unit/face/parser_spec.rb +17 -5
  75. data/spec/unit/forge/module_release_spec.rb +66 -31
  76. data/spec/unit/module_tool/applications/installer_spec.rb +0 -9
  77. data/spec/unit/network/http/factory_spec.rb +27 -5
  78. data/spec/unit/provider/package/dpkg_spec.rb +84 -4
  79. data/spec/unit/provider/service/launchd_spec.rb +28 -0
  80. data/spec/unit/provider/service/systemd_spec.rb +14 -0
  81. data/spec/unit/provider/user/pw_spec.rb +37 -0
  82. data/spec/unit/provider/user/useradd_spec.rb +42 -0
  83. data/spec/unit/transaction_spec.rb +18 -0
  84. data/spec/unit/util/http_proxy_spec.rb +24 -1
  85. data/spec/unit/x509/cert_provider_spec.rb +1 -1
  86. metadata +4 -7
  87. data/ext/windows/eventlog/Rakefile +0 -32
  88. data/ext/windows/eventlog/puppetres.dll +0 -0
  89. data/ext/windows/eventlog/puppetres.mc +0 -18
@@ -127,6 +127,8 @@ describe 'Puppet::Type::Service::Provider::Launchd', unless: Puppet::Util::Platf
127
127
  end
128
128
 
129
129
  describe "when starting the service" do
130
+ let(:services) { "12345 0 #{joblabel}" }
131
+
130
132
  it "should call any explicit 'start' command" do
131
133
  resource[:start] = "/bin/false"
132
134
  expect(subject).to receive(:texecute).with(:start, ["/bin/false"], true)
@@ -134,6 +136,7 @@ describe 'Puppet::Type::Service::Provider::Launchd', unless: Puppet::Util::Platf
134
136
  end
135
137
 
136
138
  it "should look for the relevant plist once" do
139
+ allow(provider).to receive(:launchctl).with(:list).and_return(services)
137
140
  expect(subject).to receive(:plist_from_label).and_return([joblabel, {}]).once
138
141
  expect(subject).to receive(:enabled?).and_return(:true)
139
142
  expect(subject).to receive(:execute).with([:launchctl, :load, "-w", joblabel])
@@ -141,6 +144,7 @@ describe 'Puppet::Type::Service::Provider::Launchd', unless: Puppet::Util::Platf
141
144
  end
142
145
 
143
146
  it "should execute 'launchctl load' once without writing to the plist if the job is enabled" do
147
+ allow(provider).to receive(:launchctl).with(:list).and_return(services)
144
148
  expect(subject).to receive(:plist_from_label).and_return([joblabel, {}])
145
149
  expect(subject).to receive(:enabled?).and_return(:true)
146
150
  expect(subject).to receive(:execute).with([:launchctl, :load, "-w", joblabel]).once
@@ -244,6 +248,30 @@ describe 'Puppet::Type::Service::Provider::Launchd', unless: Puppet::Util::Platf
244
248
  end
245
249
  end
246
250
 
251
+ describe "when a service is unavailable" do
252
+ let(:map) { {"some.random.job" => "/path/to/job.plist"} }
253
+
254
+ before :each do
255
+ allow(provider).to receive(:make_label_to_path_map).and_return(map)
256
+ end
257
+
258
+ it "should fail when searching for the unavailable service" do
259
+ expect { provider.jobsearch("NOSUCH") }.to raise_error(Puppet::Error)
260
+ end
261
+
262
+ it "should return false when enabling the service" do
263
+ expect(subject.enabled?).to eq(:false)
264
+ end
265
+
266
+ it "should fail when starting the service" do
267
+ expect { subject.start }.to raise_error(Puppet::Error)
268
+ end
269
+
270
+ it "should fail when starting the service" do
271
+ expect { subject.stop }.to raise_error(Puppet::Error)
272
+ end
273
+ end
274
+
247
275
  [[10, "10.6"], [13, "10.9"]].each do |kernel, version|
248
276
  describe "when enabling the service on OS X #{version}" do
249
277
  it "should write to the global launchd overrides file once" do
@@ -120,6 +120,20 @@ describe 'Puppet::Type::Service::Provider::Systemd', unless: Puppet::Util::Platf
120
120
  expect(provider_class).to be_default
121
121
  end
122
122
 
123
+ it "should be the default provider on debian11" do
124
+ allow(Facter).to receive(:value).with(:osfamily).and_return(:debian)
125
+ allow(Facter).to receive(:value).with(:operatingsystem).and_return(:debian)
126
+ allow(Facter).to receive(:value).with(:operatingsystemmajrelease).and_return("11")
127
+ expect(provider_class).to be_default
128
+ end
129
+
130
+ it "should be the default provider on debian bookworm/sid" do
131
+ allow(Facter).to receive(:value).with(:osfamily).and_return(:debian)
132
+ allow(Facter).to receive(:value).with(:operatingsystem).and_return(:debian)
133
+ allow(Facter).to receive(:value).with(:operatingsystemmajrelease).and_return("bookworm/sid")
134
+ expect(provider_class).to be_default
135
+ end
136
+
123
137
  it "should not be the default provider on ubuntu14.04" do
124
138
  allow(Facter).to receive(:value).with(:osfamily).and_return(:debian)
125
139
  allow(Facter).to receive(:value).with(:operatingsystem).and_return(:ubuntu)
@@ -1,4 +1,5 @@
1
1
  require 'spec_helper'
2
+ require 'open3'
2
3
 
3
4
  RSpec::Matchers.define_negated_matcher :excluding, :include
4
5
 
@@ -81,6 +82,23 @@ describe Puppet::Type.type(:user).provider(:pw) do
81
82
  provider.create
82
83
  end
83
84
 
85
+ it "should call execute with sensitive true when the password property is set" do
86
+ Puppet::Util::Log.level = :debug
87
+ resource[:password] = "abc123"
88
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
89
+ popen = double("popen", :puts => nil, :close => nil)
90
+ expect(Open3).to receive(:popen3).and_return(popen)
91
+ expect(popen).to receive(:puts).with("abc123")
92
+ provider.create
93
+ expect(@logs).not_to be_any {|log| log.level == :debug and log.message =~ /abc123/}
94
+ end
95
+
96
+ it "should call execute with sensitive false when a non-sensitive property is set" do
97
+ resource[:managehome] = true
98
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
99
+ provider.create
100
+ end
101
+
84
102
  it "should use -s with the correct argument when the shell property is set" do
85
103
  resource[:shell] = "/bin/sh"
86
104
  expect(provider).to receive(:execute).with(include("-s").and(include("/bin/sh")), kind_of(Hash))
@@ -209,5 +227,24 @@ describe Puppet::Type.type(:user).provider(:pw) do
209
227
  expect(provider).to receive(:execute).with(include("-u").and(include(54321)), hash_including(custom_environment: {}))
210
228
  provider.uid = 54321
211
229
  end
230
+
231
+ it "should print a debug message with sensitive data redacted when the password property is set" do
232
+ Puppet::Util::Log.level = :debug
233
+ resource[:password] = "*"
234
+ popen = double("popen", :puts => nil, :close => nil)
235
+ expect(Open3).to receive(:popen3).and_return(popen)
236
+ expect(popen).to receive(:puts).with("abc123")
237
+ provider.password = "abc123"
238
+
239
+ expect(@logs).not_to be_any {|log| log.level == :debug and log.message =~ /abc123/}
240
+ end
241
+
242
+ it "should call execute with sensitive false when a non-sensitive property is set" do
243
+ Puppet::Util::Log.level = :debug
244
+ resource[:home] = "/home/testuser"
245
+ resource[:managehome] = true
246
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
247
+ provider.home = "/newhome/testuser"
248
+ end
212
249
  end
213
250
  end
@@ -44,6 +44,27 @@ describe Puppet::Type.type(:user).provider(:useradd) do
44
44
  allow(provider).to receive(:exists?).and_return(false)
45
45
  end
46
46
 
47
+ it "should not redact the command from debug logs if there is no password" do
48
+ described_class.has_feature :manages_passwords
49
+ resource[:ensure] = :present
50
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
51
+ provider.create
52
+ end
53
+
54
+ it "should redact the command from debug logs if there is a password" do
55
+ described_class.has_feature :manages_passwords
56
+ resource2 = Puppet::Type.type(:user).new(
57
+ :name => 'myuser',
58
+ :password => 'a pass word',
59
+ :managehome => :false,
60
+ :system => :false,
61
+ :provider => provider,
62
+ )
63
+ resource2[:ensure] = :present
64
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
65
+ provider.create
66
+ end
67
+
47
68
  it "should add -g when no gid is specified and group already exists" do
48
69
  allow(Puppet::Util).to receive(:gid).and_return(true)
49
70
  resource[:ensure] = :present
@@ -165,6 +186,27 @@ describe Puppet::Type.type(:user).provider(:useradd) do
165
186
  end
166
187
  end
167
188
 
189
+ describe 'when modifying the password' do
190
+ before do
191
+ described_class.has_feature :libuser
192
+ described_class.has_feature :manages_passwords
193
+ #Setting any resource value here initializes needed variables and methods in the resource and provider
194
+ #Setting a password value here initializes the existence and management of the password parameter itself
195
+ #Otherwise, this value would not need to be initialized for the test
196
+ resource[:password] = ''
197
+ end
198
+
199
+ it "should not call execute with sensitive if non-sensitive data is changed" do
200
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
201
+ provider.home = 'foo/bar'
202
+ end
203
+
204
+ it "should call execute with sensitive if sensitive data is changed" do
205
+ expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
206
+ provider.password = 'bird bird bird'
207
+ end
208
+ end
209
+
168
210
  describe '#modify' do
169
211
  describe "on systems with the libuser and forcelocal=false" do
170
212
  before do
@@ -779,6 +779,24 @@ describe Puppet::Transaction do
779
779
 
780
780
  transaction.evaluate
781
781
  end
782
+
783
+ it "should call Selinux.matchpathcon_fini in case Selinux is enabled ", :if => Puppet.features.posix? do
784
+ unless defined?(Selinux)
785
+ module Selinux
786
+ def self.is_selinux_enabled
787
+ true
788
+ end
789
+ end
790
+ end
791
+
792
+ resource = Puppet::Type.type(:file).new(:path => make_absolute("/tmp/foo"))
793
+ transaction = transaction_with_resource(resource)
794
+
795
+ expect(Selinux).to receive(:matchpathcon_fini)
796
+ expect(Puppet::Util::SELinux).to receive(:selinux_support?).and_return(true)
797
+
798
+ transaction.evaluate
799
+ end
782
800
  end
783
801
 
784
802
  describe 'when checking application run state' do
@@ -129,9 +129,32 @@ describe Puppet::Util::HttpProxy do
129
129
 
130
130
  end
131
131
 
132
+ describe ".no_proxy" do
133
+ no_proxy = '127.0.0.1, localhost'
134
+ it "should use a no_proxy list if set in environment" do
135
+ Puppet::Util.withenv('NO_PROXY' => no_proxy) do
136
+ expect(subject.no_proxy).to eq(no_proxy)
137
+ end
138
+ end
139
+
140
+ it "should use a no_proxy list if set in config" do
141
+ Puppet.settings[:no_proxy] = no_proxy
142
+ expect(subject.no_proxy).to eq(no_proxy)
143
+ end
144
+
145
+ it "should use environment variable before puppet settings" do
146
+ no_proxy_puppet_setting = '10.0.0.1, localhost'
147
+ Puppet::Util.withenv('NO_PROXY' => no_proxy) do
148
+ Puppet.settings[:no_proxy] = no_proxy_puppet_setting
149
+ expect(subject.no_proxy).to eq(no_proxy)
150
+ end
151
+ end
152
+ end
153
+
132
154
  describe ".no_proxy?" do
133
155
  no_proxy = '127.0.0.1, localhost, mydomain.com, *.otherdomain.com, oddport.com:8080, *.otheroddport.com:8080, .anotherdomain.com, .anotheroddport.com:8080'
134
- it "should return false if no_proxy does not exist in env" do
156
+
157
+ it "should return false if no_proxy does not exist in environment or puppet settings" do
135
158
  Puppet::Util.withenv('no_proxy' => nil) do
136
159
  dest = 'https://puppetlabs.com'
137
160
  expect(subject.no_proxy?(dest)).to be false
@@ -307,7 +307,7 @@ describe Puppet::X509::CertProvider do
307
307
  # password is 74695716c8b6
308
308
  expect {
309
309
  provider.load_private_key('encrypted-ec-key')
310
- }.to raise_error(OpenSSL::PKey::PKeyError, /Could not parse PKey: no start line/)
310
+ }.to raise_error(OpenSSL::PKey::PKeyError, /(unknown|invalid) curve name|Could not parse PKey: no start line/)
311
311
  end
312
312
  end
313
313
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puppet
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.7.2
4
+ version: 6.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Puppet Labs
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-07-26 00:00:00.000000000 Z
11
+ date: 2019-08-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: facter
@@ -272,9 +272,6 @@ files:
272
272
  - ext/suse/puppet.spec
273
273
  - ext/suse/server.init
274
274
  - ext/systemd/puppet.service
275
- - ext/windows/eventlog/Rakefile
276
- - ext/windows/eventlog/puppetres.dll
277
- - ext/windows/eventlog/puppetres.mc
278
275
  - ext/windows/puppet_interactive.bat
279
276
  - ext/windows/puppet_shell.bat
280
277
  - ext/windows/run_puppet_interactive.bat
@@ -856,6 +853,7 @@ files:
856
853
  - lib/puppet/pops/lookup/hiera_config.rb
857
854
  - lib/puppet/pops/lookup/interpolation.rb
858
855
  - lib/puppet/pops/lookup/invocation.rb
856
+ - lib/puppet/pops/lookup/key_recorder.rb
859
857
  - lib/puppet/pops/lookup/location_resolver.rb
860
858
  - lib/puppet/pops/lookup/lookup_adapter.rb
861
859
  - lib/puppet/pops/lookup/lookup_key.rb
@@ -2580,8 +2578,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
2580
2578
  - !ruby/object:Gem::Version
2581
2579
  version: 1.3.1
2582
2580
  requirements: []
2583
- rubyforge_project: puppet
2584
- rubygems_version: 2.7.7
2581
+ rubygems_version: 3.0.4
2585
2582
  signing_key:
2586
2583
  specification_version: 4
2587
2584
  summary: Puppet, an automated configuration management tool
@@ -1,32 +0,0 @@
1
- require 'rubygems'
2
- require 'rake'
3
- require 'fileutils'
4
- require 'rbconfig'
5
-
6
- BASENAME = "puppetres"
7
-
8
- task :default do
9
- sh 'rake -T'
10
- end
11
-
12
- desc 'Build puppet eventlog message dll'
13
- task :dist => ['out', "#{BASENAME}.dll"]
14
-
15
- directory 'out'
16
-
17
- rule '.rc' => '.mc' do |t|
18
- sh "mc -b -r out -h out #{t.source}"
19
- end
20
-
21
- rule '.res' => '.rc' do |t|
22
- sh "rc -nologo -r -fo out/#{t.name} out/#{t.source}"
23
- end
24
-
25
- rule '.dll' => '.res' do |t|
26
- sh "link -nologo -dll -noentry -machine:x86 -out:out/#{t.name} out/#{t.source}"
27
- end
28
-
29
- desc 'Delete generated files'
30
- task :clean do
31
- FileUtils.rm_rf('out')
32
- end
@@ -1,18 +0,0 @@
1
- MessageId=0x1
2
- SymbolicName=PUPPET_INFO
3
- Language=English
4
- %1
5
- .
6
-
7
- MessageId=0x2
8
- SymbolicName=PUPPET_WARN
9
- Language=English
10
- %1
11
- .
12
-
13
- MessageId=0x3
14
- SymbolicName=PUPPET_ERROR
15
- Language=English
16
- %1
17
- .
18
-