puppet 7.0.0-universal-darwin → 7.5.0-universal-darwin

data/spec/unit/provider/package/pip_spec.rb

@@ -14,9 +14,8 @@ describe Puppet::Type.type(:package).provider(:pip) do
   it { is_expected.to be_version_ranges }
 
   before do
-    @resource = Puppet::Resource.new(:package, "fake_package")
-    allow(@resource).to receive(:original_parameters).and_return({})
-    @provider = described_class.new(@resource)
+    @resource = Puppet::Type.type(:package).new(name: "fake_package", provider: :pip)
+    @provider = @resource.provider
     @client = double('client')
     allow(@client).to receive(:call).with('package_releases', 'real_package').and_return(["1.3", "1.2.5", "1.2.4"])
     allow(@client).to receive(:call).with('package_releases', 'fake_package').and_return([])
@@ -335,7 +334,6 @@ describe Puppet::Type.type(:package).provider(:pip) do
 
     it "should install" do
       @resource[:ensure] = :installed
-      @resource[:source] = nil
       expect(@provider).to receive(:execute).with(["/fake/bin/pip", ["install", "-q", "fake_package"]])
       @provider.install
     end
@@ -368,7 +366,6 @@ describe Puppet::Type.type(:package).provider(:pip) do
 
     it "should install a particular version" do
       @resource[:ensure] = "0.0.0"
-      @resource[:source] = nil
       # TJK
       expect(@provider).to receive(:execute).with(["/fake/bin/pip", ["install", "-q", "fake_package==0.0.0"]])
       @provider.install
@@ -376,7 +373,6 @@ describe Puppet::Type.type(:package).provider(:pip) do
 
     it "should upgrade" do
       @resource[:ensure] = :latest
-      @resource[:source] = nil
       # TJK
       expect(@provider).to receive(:execute).with(["/fake/bin/pip", ["install", "-q", "--upgrade", "fake_package"]])
       @provider.install
@@ -384,7 +380,6 @@ describe Puppet::Type.type(:package).provider(:pip) do
 
     it "should handle install options" do
       @resource[:ensure] = :installed
-      @resource[:source] = nil
       @resource[:install_options] = [{"--timeout" => "10"}, "--no-index"]
       expect(@provider).to receive(:execute).with(["/fake/bin/pip", ["install", "-q", "--timeout=10", "--no-index", "fake_package"]])
       @provider.install
@@ -415,7 +410,7 @@ describe Puppet::Type.type(:package).provider(:pip) do
     let(:pip) { '/fake/bin/pip' }
 
     it "should look up version if pip is present" do
-      allow(described_class).to receive(:pip_cmd).and_return(pip)
+      allow(described_class).to receive(:cmd).and_return(pip)
       process = ['pip 8.0.2 from /usr/local/lib/python2.7/dist-packages (python 2.7)']
       allow(described_class).to receive(:execpipe).with([pip, '--version']).and_yield(process)
 
@@ -423,7 +418,7 @@ describe Puppet::Type.type(:package).provider(:pip) do
     end
 
     it "parses multiple lines of output" do
-      allow(described_class).to receive(:pip_cmd).and_return(pip)
+      allow(described_class).to receive(:cmd).and_return(pip)
       process = [
         "/usr/local/lib/python2.7/dist-packages/urllib3/contrib/socks.py:37: DependencyWarning: SOCKS support in urllib3 requires the installation of optional dependencies: specifically, PySocks. For more information, see https://urllib3.readthedocs.io/en/latest/contrib.html#socks-proxies",
         "  DependencyWarning",
@@ -435,7 +430,7 @@ describe Puppet::Type.type(:package).provider(:pip) do
     end
 
     it "raises if there isn't a version string" do
-      allow(described_class).to receive(:pip_cmd).and_return(pip)
+      allow(described_class).to receive(:cmd).and_return(pip)
       allow(described_class).to receive(:execpipe).with([pip, '--version']).and_yield([""])
       expect {
         described_class.pip_version(pip)
@@ -444,7 +439,7 @@ describe Puppet::Type.type(:package).provider(:pip) do
 
     it "quotes commands with spaces" do
       pip = 'C:\Program Files\Python27\Scripts\pip.exe'
-      allow(described_class).to receive(:pip_cmd).and_return(pip)
+      allow(described_class).to receive(:cmd).and_return(pip)
       process = ["pip 18.1 from c:\program files\python27\lib\site-packages\pip (python 2.7)\r\n"]
       allow(described_class).to receive(:execpipe).with(["\"#{pip}\"", '--version']).and_yield(process)
 

data/spec/unit/provider/package/pkgdmg_spec.rb

@@ -8,10 +8,6 @@ describe Puppet::Type.type(:package).provider(:pkgdmg) do
   it { is_expected.not_to be_uninstallable }
 
   describe "when installing it should fail when" do
-    before :each do
-      expect(Puppet::Util).not_to receive(:execute)
-    end
-
     it "no source is specified" do
       expect { provider.install }.to raise_error(Puppet::Error, /must specify a package source/)
     end

data/spec/unit/provider/user/aix_spec.rb

@@ -143,6 +143,11 @@ describe 'Puppet::Type::User::Provider::Aix' do
     it "returns the user's password" do
       expect(call_parse_password).to eql('some_password')
     end
+
+    it "returns the user's password with tabs" do
+      resource[:name] = 'tab_password_user'
+      expect(call_parse_password).to eql('some_password')
+    end
   end
 
   # TODO: If we move from using Mocha to rspec's mocks,

data/spec/unit/provider/user/hpux_spec.rb

@@ -33,7 +33,7 @@ describe Puppet::Type.type(:user).provider(:hpuxuseradd),
     before :each do
       allow(Etc).to receive(:getpwent).and_return(pwent)
       allow(Etc).to receive(:getpwnam).and_return(pwent)
-      allow(resource).to receive(:command).with(:modify).and_return('/usr/sam/lbin/usermod.sam')
+      allow(provider).to receive(:command).with(:modify).and_return('/usr/sam/lbin/usermod.sam')
     end
 
     it "should have feature manages_passwords" do

data/spec/unit/provider/user/pw_spec.rb

@@ -53,12 +53,14 @@ describe Puppet::Type.type(:user).provider(:pw) do
 
     it "should use -G with the correct argument when the groups property is set" do
       resource[:groups] = "group1"
+      allow(Puppet::Util::POSIX).to receive(:groups_of).with('testuser').and_return([])
       expect(provider).to receive(:execute).with(include("-G").and(include("group1")), kind_of(Hash))
       provider.create
     end
 
     it "should use -G with all the given groups when the groups property is set to an array" do
       resource[:groups] = ["group1", "group2"]
+      allow(Puppet::Util::POSIX).to receive(:groups_of).with('testuser').and_return([])
       expect(provider).to receive(:execute).with(include("-G").and(include("group1,group2")), kind_of(Hash))
       provider.create
     end

data/spec/unit/provider/user/useradd_spec.rb

@@ -4,6 +4,7 @@ RSpec::Matchers.define_negated_matcher :excluding, :include
 
 describe Puppet::Type.type(:user).provider(:useradd) do
   before :each do
+    allow(Puppet::Util::POSIX).to receive(:groups_of).and_return([])
     allow(described_class).to receive(:command).with(:password).and_return('/usr/bin/chage')
     allow(described_class).to receive(:command).with(:localpassword).and_return('/usr/sbin/lchage')
     allow(described_class).to receive(:command).with(:add).and_return('/usr/sbin/useradd')
@@ -151,6 +152,7 @@ describe Puppet::Type.type(:user).provider(:useradd) do
 
       it "should not use -G for luseradd and should call usermod with -G after luseradd when groups property is set" do
         resource[:groups] = ['group1', 'group2']
+        allow(provider).to receive(:localgroups)
         expect(provider).to receive(:execute).with(include('/usr/sbin/luseradd').and(excluding('-G')), hash_including(custom_environment: hash_including('LIBUSER_CONF')))
         expect(provider).to receive(:execute).with(include('/usr/sbin/usermod').and(include('-G')), hash_including(custom_environment: hash_including('LIBUSER_CONF')))
         provider.create
@@ -336,7 +338,8 @@ describe Puppet::Type.type(:user).provider(:useradd) do
 
     it "should return the local comment string when forcelocal is true" do
       resource[:forcelocal] = true
-      allow(File).to receive(:read).with('/etc/passwd').and_return(content)
+      allow(Puppet::FileSystem).to receive(:exist?).with('/etc/passwd').and_return(true)
+      allow(Puppet::FileSystem).to receive(:each_line).with('/etc/passwd').and_yield(content)
       expect(provider.comment).to eq('local comment')
     end
 
@@ -348,8 +351,58 @@ describe Puppet::Type.type(:user).provider(:useradd) do
     end
   end
 
+  describe "#gid" do
+    before { described_class.has_feature :manages_local_users_and_groups }
+
+    let(:content) { "myuser:x:x:999:x:x:x" }
+
+    it "should return the local GID when forcelocal is true" do
+      resource[:forcelocal] = true
+      allow(Puppet::FileSystem).to receive(:exist?).with('/etc/passwd').and_return(true)
+      allow(Puppet::FileSystem).to receive(:each_line).with('/etc/passwd').and_yield(content)
+      expect(provider.gid).to eq(999)
+    end
+
+    it "should fall back to nameservice GID when forcelocal is false" do
+      resource[:forcelocal] = false
+      allow(provider).to receive(:get).with(:gid).and_return(1234)
+      expect(provider).not_to receive(:localgid)
+      expect(provider.gid).to eq(1234)
+    end
+  end
+
+  describe "#groups" do
+    before { described_class.has_feature :manages_local_users_and_groups }
+
+    let(:content) do
+      <<~EOF
+      group1:x:0:myuser
+      group2:x:999:
+      group3:x:998:myuser
+      EOF
+    end
+
+    it "should return the local groups string when forcelocal is true" do
+      resource[:forcelocal] = true
+      group1, group2, group3 = content.split
+      allow(Puppet::FileSystem).to receive(:exist?).with('/etc/group').and_return(true)
+      allow(Puppet::FileSystem).to receive(:each_line).with('/etc/group').and_yield(group1).and_yield(group2).and_yield(group3)
+      expect(provider.groups).to eq(['group1', 'group3'])
+    end
+
+    it "should fall back to nameservice groups when forcelocal is false" do
+      resource[:forcelocal] = false
+      allow(Puppet::Util::POSIX).to receive(:groups_of).with('myuser').and_return(['remote groups'])
+      expect(provider).not_to receive(:localgroups)
+      expect(provider.groups).to eq('remote groups')
+    end
+  end
+
   describe "#finduser" do
-    before { allow(File).to receive(:read).with('/etc/passwd').and_return(content) }
+    before do
+      allow(Puppet::FileSystem).to receive(:exist?).with('/etc/passwd').and_return(true)
+      allow(Puppet::FileSystem).to receive(:each_line).with('/etc/passwd').and_yield(content)
+    end
 
     let(:content) { "sample_account:sample_password:sample_uid:sample_gid:sample_gecos:sample_directory:sample_shell" }
     let(:output) do
@@ -375,7 +428,7 @@ describe Puppet::Type.type(:user).provider(:useradd) do
     end
 
     it "reads the user file only once per resource" do
-      expect(File).to receive(:read).with('/etc/passwd').once
+      expect(Puppet::FileSystem).to receive(:each_line).with('/etc/passwd').once
       5.times { provider.finduser(:account, 'sample_account') }
     end
   end

data/spec/unit/provider_spec.rb

@@ -648,27 +648,25 @@ describe Puppet::Provider do
     it "delegates instance execute to Puppet::Util::Execution" do
       expect(Puppet::Util::Execution).to receive(:execute).with("a_command", { :option => "value" })
 
-      provider.new.send(:execute, "a_command", { :option => "value" })
+      provider.new.execute("a_command", { :option => "value" })
     end
 
     it "delegates class execute to Puppet::Util::Execution" do
       expect(Puppet::Util::Execution).to receive(:execute).with("a_command", { :option => "value" })
 
-      provider.send(:execute, "a_command", { :option => "value" })
+      provider.execute("a_command", { :option => "value" })
     end
 
     it "delegates instance execpipe to Puppet::Util::Execution" do
-      block = Proc.new { }
-      expect(Puppet::Util::Execution).to receive(:execpipe).with("a_command", true, block)
+      allow(Puppet::Util::Execution).to receive(:execpipe).with("a_command", true).and_yield('some output')
 
-      provider.new.send(:execpipe, "a_command", true, block)
+      expect { |b| provider.new.execpipe("a_command", true, &b) }.to yield_with_args('some output')
     end
 
     it "delegates class execpipe to Puppet::Util::Execution" do
-      block = Proc.new { }
-      expect(Puppet::Util::Execution).to receive(:execpipe).with("a_command", true, block)
+      allow(Puppet::Util::Execution).to receive(:execpipe).with("a_command", true).and_yield('some output')
 
-      provider.send(:execpipe, "a_command", true, block)
+      expect { |b| provider.execpipe("a_command", true, &b) }.to yield_with_args('some output')
     end
   end
 

data/spec/unit/resource/type_spec.rb

@@ -554,7 +554,7 @@ describe Puppet::Resource::Type do
 
     it "should not create a subscope for the :main class" do
       allow(@resource).to receive(:title).and_return(:main)
-      expect(@type).not_to receive(:subscope)
+      expect(@scope).not_to receive(:newscope)
       expect(@type).to receive(:set_resource_parameters).with(@resource, @scope)
 
       @type.evaluate_code(@resource)

data/spec/unit/resource_spec.rb

@@ -288,7 +288,7 @@ describe Puppet::Resource do
 
     describe "when the resource type is :hostclass" do
       let(:environment_name) { "testing env" }
-      let(:fact_values) { { :a => 1 } }
+      let(:fact_values) { { 'a' => 1 } }
       let(:port) { Puppet::Parser::AST::Leaf.new(:value => '80') }
 
       def inject_and_set_defaults(resource, scope)
@@ -297,10 +297,7 @@ describe Puppet::Resource do
 
       before do
         environment.known_resource_types.add(apache)
-
-        allow(scope).to receive(:host).and_return('host')
-        allow(scope).to receive(:environment).and_return(environment)
-        allow(scope).to receive(:facts).and_return(Puppet::Node::Facts.new("facts", fact_values))
+        scope.set_facts(fact_values)
       end
 
       context 'with a default value expression' do
@@ -571,11 +568,15 @@ describe Puppet::Resource do
       expect(resource.to_hash[:myvar]).to eq("bob")
     end
 
-    it "should set :name to the title if :name is not present for non-builtin types" do
-      krt = Puppet::Resource::TypeCollection.new("myenv")
-      krt.add Puppet::Resource::Type.new(:definition, :foo)
-      resource = Puppet::Resource.new :foo, "bar"
-      allow(resource).to receive(:known_resource_types).and_return(krt)
+    it "should set :name to the title if :name is not present for non-existent types" do
+      resource = Puppet::Resource.new :doesnotexist, "bar"
+      expect(resource.to_hash[:name]).to eq("bar")
+    end
+
+    it "should set :name to the title if :name is not present for a definition" do
+      type = Puppet::Resource::Type.new(:definition, :foo)
+      environment.known_resource_types.add(type)
+      resource = Puppet::Resource.new :foo, "bar", :environment => environment
       expect(resource.to_hash[:name]).to eq("bar")
     end
   end

data/spec/unit/settings_spec.rb

@@ -1088,7 +1088,7 @@ describe Puppet::Settings do
       before(:each) do
         @settings.define_settings :main, PuppetSpec::Settings::TEST_APP_DEFAULT_DEFINITIONS
         @settings.define_settings :server, :masterport => { :desc => "a", :default => 1000 }
-        @settings.define_settings :server, :serverport => { :desc => "a", :default => 1000 }
+        @settings.define_settings :server, :serverport => { :type => :alias, :alias_for => :masterport }
         @settings.define_settings :server, :ca_port => { :desc => "a", :default => "$serverport" }
         @settings.define_settings :server, :report_port => { :desc => "a", :default => "$serverport" }
 
@@ -1110,9 +1110,10 @@ describe Puppet::Settings do
       "
         end
 
-        it { expect(@settings[:serverport]).to eq(445) }
-        it { expect(@settings[:ca_port]).to eq("445") }
-        it { expect(@settings[:report_port]).to eq("445") }
+        it { expect(@settings[:serverport]).to eq(444) }
+        it { expect(@settings[:ca_port]).to eq("444") }
+        it { expect(@settings[:report_port]).to eq("444") }
+        it { expect(@settings[:masterport]).to eq(445) }
       end
 
       context 'with serverport and masterport in main' do
@@ -1126,6 +1127,7 @@ describe Puppet::Settings do
         it { expect(@settings[:serverport]).to eq(445) }
         it { expect(@settings[:ca_port]).to eq("445") }
         it { expect(@settings[:report_port]).to eq("445") }
+        it { expect(@settings[:masterport]).to eq(444) }
       end
 
       context 'with serverport and masterport in agent' do
@@ -1139,6 +1141,7 @@ describe Puppet::Settings do
         it { expect(@settings[:serverport]).to eq(445) }
         it { expect(@settings[:ca_port]).to eq("445") }
         it { expect(@settings[:report_port]).to eq("445") }
+        it { expect(@settings[:masterport]).to eq(444) }
       end
 
       context 'with both serverport and masterport in main and agent' do
@@ -1155,6 +1158,7 @@ describe Puppet::Settings do
         it { expect(@settings[:serverport]).to eq(445) }
         it { expect(@settings[:ca_port]).to eq("445") }
         it { expect(@settings[:report_port]).to eq("445") }
+        it { expect(@settings[:masterport]).to eq(444) }
       end
 
       context 'with serverport in agent and masterport in main' do
@@ -1169,6 +1173,7 @@ describe Puppet::Settings do
         it { expect(@settings[:serverport]).to eq(444) }
         it { expect(@settings[:ca_port]).to eq("444") }
         it { expect(@settings[:report_port]).to eq("444") }
+        it { expect(@settings[:masterport]).to eq(445) }
       end
 
       context 'with masterport in main' do
@@ -1181,6 +1186,7 @@ describe Puppet::Settings do
         it { expect(@settings[:serverport]).to eq(445) }
         it { expect(@settings[:ca_port]).to eq("445") }
         it { expect(@settings[:report_port]).to eq("445") }
+        it { expect(@settings[:masterport]).to eq(445) }
       end
 
       context 'with masterport in agent' do
@@ -1193,6 +1199,7 @@ describe Puppet::Settings do
         it { expect(@settings[:serverport]).to eq(445) }
         it { expect(@settings[:ca_port]).to eq("445") }
         it { expect(@settings[:report_port]).to eq("445") }
+        it { expect(@settings[:masterport]).to eq(445) }
       end
 
       context 'with serverport in agent' do
@@ -1203,7 +1210,7 @@ describe Puppet::Settings do
         end
 
         it { expect(@settings[:serverport]).to eq(445) }
-        it { expect(@settings[:masterport]).to eq(445) }
+        it { expect(@settings[:masterport]).to eq(1000) }
         it { expect(@settings[:ca_port]).to eq("445") }
         it { expect(@settings[:report_port]).to eq("445") }
       end
@@ -1216,7 +1223,7 @@ describe Puppet::Settings do
         end
 
         it { expect(@settings[:serverport]).to eq(445) }
-        it { expect(@settings[:masterport]).to eq(445) }
+        it { expect(@settings[:masterport]).to eq(1000) }
         it { expect(@settings[:ca_port]).to eq("445") }
         it { expect(@settings[:report_port]).to eq("445") }
       end

data/spec/unit/ssl/base_spec.rb

@@ -46,7 +46,6 @@ describe Puppet::SSL::Certificate do
   describe "when initializing wrapped class from a file with #read" do
     it "should open the file with ASCII encoding" do
       path = '/foo/bar/cert'
-      allow(Puppet::SSL::Base).to receive(:valid_certname).and_return(true)
       expect(Puppet::FileSystem).to receive(:read).with(path, :encoding => Encoding::ASCII).and_return("bar")
       @base.read(path)
     end

data/spec/unit/ssl/certificate_request_spec.rb

@@ -320,11 +320,8 @@ describe Puppet::SSL::CertificateRequest do
       expect(csr.verify(key)).to be_truthy
     end
 
-    # Attempts to use SHA512 and SHA384 for signing certificates don't seem to work
-    # So commenting it out till it is sorted out
-    # The problem seems to be with the ability to sign a CSR when using either of
-    # these hash algorithms
-    pending "should use SHA512 to sign the csr when SHA256 and SHA1 aren't available" do
+    it "should use SHA512 to sign the csr when SHA256 and SHA1 aren't available" do
+      key = OpenSSL::PKey::RSA.new(2048)
       csr = OpenSSL::X509::Request.new
       expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA256").and_return(false)
       expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA1").and_return(false)
@@ -334,11 +331,8 @@ describe Puppet::SSL::CertificateRequest do
       expect(csr.verify(key)).to be_truthy
     end
 
-    # Attempts to use SHA512 and SHA384 for signing certificates don't seem to work
-    # So commenting it out till it is sorted out
-    # The problem seems to be with the ability to sign a CSR when using either of
-    # these hash algorithms
-    pending "should use SHA384 to sign the csr when SHA256/SHA1/SHA512 aren't available" do
+    it "should use SHA384 to sign the csr when SHA256/SHA1/SHA512 aren't available" do
+      key = OpenSSL::PKey::RSA.new(2048)
       csr = OpenSSL::X509::Request.new
       expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA256").and_return(false)
       expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA1").and_return(false)

data/spec/unit/ssl/ssl_provider_spec.rb

@@ -271,8 +271,11 @@ describe Puppet::SSL::SSLProvider do
     end
 
     # This option is only available in openssl 1.1
-    # TODO PUP-10689 behavior changed in openssl 1.1.1h
-    if Puppet::Util::Package.versioncmp(OpenSSL::OPENSSL_LIBRARY_VERSION.split[1], '1.1.1h') < 0
+    # OpenSSL 1.1.1h no longer reports expired root CAs when using "verify".
+    # This regression was fixed in 1.1.1i, so only skip this test if we're on
+    # the affected version.
+    # See: https://github.com/openssl/openssl/pull/13585
+    if Puppet::Util::Package.versioncmp(OpenSSL::OPENSSL_LIBRARY_VERSION.split[1], '1.1.1h') != 0
       it 'raises if root cert signature is invalid', if: defined?(OpenSSL::X509::V_FLAG_CHECK_SS_SIGNATURE) do
         ca = global_cacerts.first
         ca.sign(wrong_key, OpenSSL::Digest::SHA256.new)

data/spec/unit/transaction/additional_resource_generator_spec.rb

@@ -33,10 +33,6 @@ describe Puppet::Transaction::AdditionalResourceGenerator do
 
       newparam(:code)
 
-      def respond_to?(method_name)
-        method_name == self[:kind] || super
-      end
-
       def eval_generate
         eval_code
       end
@@ -314,13 +310,13 @@ describe Puppet::Transaction::AdditionalResourceGenerator do
 
     it "sets resources_failed_to_generate to true if resource#eval_generate raises an exception" do
       catalog = compile_to_ral(<<-MANIFEST)
-        notify { 'hello': }
+        generator { thing: }
       MANIFEST
 
-      allow(catalog.resource("Notify[hello]")).to receive(:eval_generate).and_raise(RuntimeError)
+      allow(catalog.resource("Generator[thing]")).to receive(:eval_generate).and_raise(RuntimeError)
       relationship_graph = relationship_graph_for(catalog)
       generator = Puppet::Transaction::AdditionalResourceGenerator.new(catalog, relationship_graph, prioritizer)
-      generator.eval_generate(catalog.resource("Notify[hello]"))
+      generator.eval_generate(catalog.resource("Generator[thing]"))
 
       expect(generator.resources_failed_to_generate).to be_truthy
     end