puppet 6.7.2 → 6.8.0

data/spec/unit/provider/service/launchd_spec.rb

@@ -127,6 +127,8 @@ describe 'Puppet::Type::Service::Provider::Launchd', unless: Puppet::Util::Platf
   end
 
   describe "when starting the service" do
+    let(:services) { "12345 0 #{joblabel}"  }
+
     it "should call any explicit 'start' command" do
       resource[:start] = "/bin/false"
       expect(subject).to receive(:texecute).with(:start, ["/bin/false"], true)
@@ -134,6 +136,7 @@ describe 'Puppet::Type::Service::Provider::Launchd', unless: Puppet::Util::Platf
     end
 
     it "should look for the relevant plist once" do
+      allow(provider).to receive(:launchctl).with(:list).and_return(services)
       expect(subject).to receive(:plist_from_label).and_return([joblabel, {}]).once
       expect(subject).to receive(:enabled?).and_return(:true)
       expect(subject).to receive(:execute).with([:launchctl, :load, "-w", joblabel])
@@ -141,6 +144,7 @@ describe 'Puppet::Type::Service::Provider::Launchd', unless: Puppet::Util::Platf
     end
 
     it "should execute 'launchctl load' once without writing to the plist if the job is enabled" do
+      allow(provider).to receive(:launchctl).with(:list).and_return(services)
       expect(subject).to receive(:plist_from_label).and_return([joblabel, {}])
       expect(subject).to receive(:enabled?).and_return(:true)
       expect(subject).to receive(:execute).with([:launchctl, :load, "-w", joblabel]).once
@@ -244,6 +248,30 @@ describe 'Puppet::Type::Service::Provider::Launchd', unless: Puppet::Util::Platf
     end
   end
 
+  describe "when a service is unavailable" do
+    let(:map) { {"some.random.job" => "/path/to/job.plist"} }
+    
+    before :each do
+      allow(provider).to receive(:make_label_to_path_map).and_return(map)
+    end
+
+    it "should fail when searching for the unavailable service" do
+      expect { provider.jobsearch("NOSUCH") }.to raise_error(Puppet::Error)
+    end
+
+    it "should return false when enabling the service" do
+      expect(subject.enabled?).to eq(:false)
+    end
+
+    it "should fail when starting the service" do
+      expect { subject.start }.to raise_error(Puppet::Error)
+    end
+
+    it "should fail when starting the service" do
+      expect { subject.stop }.to raise_error(Puppet::Error)
+    end
+  end
+
   [[10, "10.6"], [13, "10.9"]].each do |kernel, version|
     describe "when enabling the service on OS X #{version}" do
       it "should write to the global launchd overrides file once" do

data/spec/unit/provider/service/systemd_spec.rb

@@ -120,6 +120,20 @@ describe 'Puppet::Type::Service::Provider::Systemd', unless: Puppet::Util::Platf
     expect(provider_class).to be_default
   end
 
+  it "should be the default provider on debian11" do
+    allow(Facter).to receive(:value).with(:osfamily).and_return(:debian)
+    allow(Facter).to receive(:value).with(:operatingsystem).and_return(:debian)
+    allow(Facter).to receive(:value).with(:operatingsystemmajrelease).and_return("11")
+    expect(provider_class).to be_default
+  end
+
+  it "should be the default provider on debian bookworm/sid" do
+    allow(Facter).to receive(:value).with(:osfamily).and_return(:debian)
+    allow(Facter).to receive(:value).with(:operatingsystem).and_return(:debian)
+    allow(Facter).to receive(:value).with(:operatingsystemmajrelease).and_return("bookworm/sid")
+    expect(provider_class).to be_default
+  end
+
   it "should not be the default provider on ubuntu14.04" do
     allow(Facter).to receive(:value).with(:osfamily).and_return(:debian)
     allow(Facter).to receive(:value).with(:operatingsystem).and_return(:ubuntu)

data/spec/unit/provider/user/pw_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'open3'
 
 RSpec::Matchers.define_negated_matcher :excluding, :include
 
@@ -81,6 +82,23 @@ describe Puppet::Type.type(:user).provider(:pw) do
       provider.create
     end
 
+    it "should call execute with sensitive true when the password property is set" do
+      Puppet::Util::Log.level = :debug
+      resource[:password] = "abc123"
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
+      popen = double("popen", :puts => nil, :close => nil)
+      expect(Open3).to receive(:popen3).and_return(popen)
+      expect(popen).to receive(:puts).with("abc123")
+      provider.create
+      expect(@logs).not_to be_any {|log| log.level == :debug and log.message =~ /abc123/}
+    end
+
+    it "should call execute with sensitive false when a non-sensitive property is set" do
+      resource[:managehome] = true
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
+      provider.create
+    end
+
     it "should use -s with the correct argument when the shell property is set" do
       resource[:shell] = "/bin/sh"
       expect(provider).to receive(:execute).with(include("-s").and(include("/bin/sh")), kind_of(Hash))
@@ -209,5 +227,24 @@ describe Puppet::Type.type(:user).provider(:pw) do
       expect(provider).to receive(:execute).with(include("-u").and(include(54321)), hash_including(custom_environment: {}))
       provider.uid = 54321
     end
+
+    it "should print a debug message with sensitive data redacted when the password property is set" do
+      Puppet::Util::Log.level = :debug
+      resource[:password] = "*"
+      popen = double("popen", :puts => nil, :close => nil)
+      expect(Open3).to receive(:popen3).and_return(popen)
+      expect(popen).to receive(:puts).with("abc123")
+      provider.password = "abc123"
+
+      expect(@logs).not_to be_any {|log| log.level == :debug and log.message =~ /abc123/}
+     end
+
+    it "should call execute with sensitive false when a non-sensitive property is set" do
+      Puppet::Util::Log.level = :debug
+      resource[:home] = "/home/testuser"
+      resource[:managehome] = true
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
+      provider.home = "/newhome/testuser"
+    end
   end
 end

data/spec/unit/provider/user/useradd_spec.rb

@@ -44,6 +44,27 @@ describe Puppet::Type.type(:user).provider(:useradd) do
       allow(provider).to receive(:exists?).and_return(false)
     end
 
+    it "should not redact the command from debug logs if there is no password" do
+      described_class.has_feature :manages_passwords
+      resource[:ensure] = :present
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
+      provider.create
+    end
+
+    it "should redact the command from debug logs if there is a password" do
+      described_class.has_feature :manages_passwords
+      resource2 = Puppet::Type.type(:user).new(
+        :name       => 'myuser',
+        :password   => 'a pass word',
+        :managehome => :false,
+        :system     => :false,
+        :provider   => provider,
+      )
+      resource2[:ensure] = :present
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
+      provider.create
+    end
+
     it "should add -g when no gid is specified and group already exists" do
       allow(Puppet::Util).to receive(:gid).and_return(true)
       resource[:ensure] = :present
@@ -165,6 +186,27 @@ describe Puppet::Type.type(:user).provider(:useradd) do
     end
   end
 
+  describe 'when modifying the password' do
+    before do
+      described_class.has_feature :libuser
+      described_class.has_feature :manages_passwords
+      #Setting any resource value here initializes needed variables and methods in the resource and provider
+      #Setting a password value here initializes the existence and management of the password parameter itself
+      #Otherwise, this value would not need to be initialized for the test
+      resource[:password] = ''
+    end
+
+    it "should not call execute with sensitive if non-sensitive data is changed" do
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: false))
+      provider.home = 'foo/bar'
+    end
+
+    it "should call execute with sensitive if sensitive data is changed" do
+      expect(provider).to receive(:execute).with(kind_of(Array), hash_including(sensitive: true))
+      provider.password = 'bird bird bird'
+    end
+  end
+
   describe '#modify' do
     describe "on systems with the libuser and forcelocal=false" do
       before do

data/spec/unit/transaction_spec.rb

@@ -779,6 +779,24 @@ describe Puppet::Transaction do
 
       transaction.evaluate
     end
+
+    it "should call Selinux.matchpathcon_fini in case Selinux is enabled ", :if => Puppet.features.posix? do
+      unless defined?(Selinux)
+        module Selinux
+          def self.is_selinux_enabled
+            true
+          end
+        end
+      end
+
+      resource = Puppet::Type.type(:file).new(:path => make_absolute("/tmp/foo"))
+      transaction = transaction_with_resource(resource)
+
+      expect(Selinux).to receive(:matchpathcon_fini)
+      expect(Puppet::Util::SELinux).to receive(:selinux_support?).and_return(true)
+
+      transaction.evaluate
+    end
   end
 
   describe 'when checking application run state' do

data/spec/unit/util/http_proxy_spec.rb

@@ -129,9 +129,32 @@ describe Puppet::Util::HttpProxy do
 
   end
 
+  describe ".no_proxy" do
+    no_proxy = '127.0.0.1, localhost'
+    it "should use a no_proxy list if set in environment" do
+      Puppet::Util.withenv('NO_PROXY' => no_proxy) do
+        expect(subject.no_proxy).to eq(no_proxy)
+      end
+    end
+
+    it "should use a no_proxy list if set in config" do
+      Puppet.settings[:no_proxy] = no_proxy
+      expect(subject.no_proxy).to eq(no_proxy)
+    end
+
+    it "should use environment variable before puppet settings" do
+      no_proxy_puppet_setting = '10.0.0.1, localhost'
+      Puppet::Util.withenv('NO_PROXY' => no_proxy) do
+        Puppet.settings[:no_proxy] = no_proxy_puppet_setting
+        expect(subject.no_proxy).to eq(no_proxy)
+      end
+    end
+  end
+
   describe ".no_proxy?" do
     no_proxy = '127.0.0.1, localhost, mydomain.com, *.otherdomain.com, oddport.com:8080, *.otheroddport.com:8080, .anotherdomain.com, .anotheroddport.com:8080'
-    it "should return false if no_proxy does not exist in env" do
+
+    it "should return false if no_proxy does not exist in environment or puppet settings" do
       Puppet::Util.withenv('no_proxy' => nil) do
         dest = 'https://puppetlabs.com'
         expect(subject.no_proxy?(dest)).to be false

data/spec/unit/x509/cert_provider_spec.rb

@@ -307,7 +307,7 @@ describe Puppet::X509::CertProvider do
           # password is 74695716c8b6
           expect {
             provider.load_private_key('encrypted-ec-key')
-          }.to raise_error(OpenSSL::PKey::PKeyError, /Could not parse PKey: no start line/)
+          }.to raise_error(OpenSSL::PKey::PKeyError, /(unknown|invalid) curve name|Could not parse PKey: no start line/)
         end
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppet
 version: !ruby/object:Gem::Version
-  version: 6.7.2
+  version: 6.8.0
 platform: ruby
 authors:
 - Puppet Labs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-07-26 00:00:00.000000000 Z
+date: 2019-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter
@@ -272,9 +272,6 @@ files:
 - ext/suse/puppet.spec
 - ext/suse/server.init
 - ext/systemd/puppet.service
-- ext/windows/eventlog/Rakefile
-- ext/windows/eventlog/puppetres.dll
-- ext/windows/eventlog/puppetres.mc
 - ext/windows/puppet_interactive.bat
 - ext/windows/puppet_shell.bat
 - ext/windows/run_puppet_interactive.bat
@@ -856,6 +853,7 @@ files:
 - lib/puppet/pops/lookup/hiera_config.rb
 - lib/puppet/pops/lookup/interpolation.rb
 - lib/puppet/pops/lookup/invocation.rb
+- lib/puppet/pops/lookup/key_recorder.rb
 - lib/puppet/pops/lookup/location_resolver.rb
 - lib/puppet/pops/lookup/lookup_adapter.rb
 - lib/puppet/pops/lookup/lookup_key.rb
@@ -2580,8 +2578,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubyforge_project: puppet
-rubygems_version: 2.7.7
+rubygems_version: 3.0.4
 signing_key: 
 specification_version: 4
 summary: Puppet, an automated configuration management tool

data/ext/windows/eventlog/Rakefile

@@ -1,32 +0,0 @@
-require 'rubygems'
-require 'rake'
-require 'fileutils'
-require 'rbconfig'
-
-BASENAME = "puppetres"
-
-task :default do
-  sh 'rake -T'
-end
-
-desc 'Build puppet eventlog message dll'
-task :dist => ['out', "#{BASENAME}.dll"]
-
-directory 'out'
-
-rule '.rc' => '.mc' do |t|
-  sh "mc -b -r out -h out #{t.source}"
-end
-
-rule '.res' => '.rc' do |t|
-  sh "rc -nologo -r -fo out/#{t.name} out/#{t.source}"
-end
-
-rule '.dll' => '.res' do |t|
-  sh "link -nologo -dll -noentry -machine:x86 -out:out/#{t.name} out/#{t.source}"
-end
-
-desc 'Delete generated files'
-task :clean do
-  FileUtils.rm_rf('out')
-end

data/ext/windows/eventlog/puppetres.mc

@@ -1,18 +0,0 @@
-MessageId=0x1
-SymbolicName=PUPPET_INFO
-Language=English
-%1
-.
-
-MessageId=0x2
-SymbolicName=PUPPET_WARN
-Language=English
-%1
-.
-
-MessageId=0x3
-SymbolicName=PUPPET_ERROR
-Language=English
-%1
-.
-