puppet 7.0.0-x64-mingw32 → 7.5.0-x64-mingw32

data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out

@@ -6,6 +6,10 @@ test_aix_user:
 no_password_user:
         lastupdate = another_last_update
 
+tab_password_user:
+        password  =  some_password
+        lastupdate = another_last_update
+
 daemon:
         password = *
 

data/spec/integration/application/agent_spec.rb

@@ -97,10 +97,10 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
   end
 
   context 'rich data' do
-    it "applies deferred values" do
+    it "calls a deferred 4x function" do
       catalog_handler = -> (req, res) {
         catalog = compile_to_catalog(<<-MANIFEST, node)
-          notify { 'deferred':
+          notify { 'deferred4x':
             message => Deferred('join', [[1,2,3], ':'])
           }
         MANIFEST
@@ -115,7 +115,66 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
           agent.command_line.args << '--test'
           agent.run
         }.to exit_with(2)
-         .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred\]/message: defined 'message' as '1:2:3'}).to_stdout
+         .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred4x\]/message: defined 'message' as '1:2:3'}).to_stdout
+      end
+    end
+
+    it "calls a deferred 3x function" do
+      catalog_handler = -> (req, res) {
+        catalog = compile_to_catalog(<<-MANIFEST, node)
+          notify { 'deferred3x':
+            message => Deferred('sprintf', ['%s', 'I am deferred'])
+          }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: {catalog: catalog_handler}) do |port|
+        Puppet[:serverport] = port
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(2)
+         .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred3x\]/message: defined 'message' as 'I am deferred'}).to_stdout
+      end
+    end
+
+    it "re-evaluates a deferred function in a cached catalog" do
+      Puppet[:report] = false
+      Puppet[:use_cached_catalog] = true
+      Puppet[:usecacheonfailure] = false
+
+      catalog_dir = File.join(Puppet[:client_datadir], 'catalog')
+      Puppet::FileSystem.mkpath(catalog_dir)
+      cached_catalog_path = "#{File.join(catalog_dir, Puppet[:certname])}.json"
+
+      # our catalog contains a deferred function that calls `binary_file`
+      # to read `source`. The function returns a Binary object, whose
+      # base64 value is printed to stdout
+      source = tmpfile('deferred_source')
+      catalog = File.read(my_fixture('cached_deferred_catalog.json'))
+      catalog.gsub!('__SOURCE_PATH__', source)
+      File.write(cached_catalog_path, catalog)
+
+      # verify we get a different result each time the deferred function
+      # is evaluated, and reads `source`.
+      {
+        '1234' => 'MTIzNA==',
+        '5678' => 'NTY3OA=='
+      }.each_pair do |content, base64|
+        File.write(source, content)
+
+        expect {
+          agent.command_line.args << '-t'
+          agent.run
+
+        }.to exit_with(2)
+         .and output(/Notice: #{base64}/).to_stdout
+
+        # reset state so we can run again
+        Puppet::Application.clear!
       end
     end
 
@@ -489,4 +548,102 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
       th.kill # kill thread so we don't wait too much
     end
   end
+
+  context 'cached catalogs' do
+    it 'falls back to a cached catalog' do
+      catalog_handler = -> (req, res) {
+        catalog = compile_to_catalog(<<-MANIFEST, node)
+          notify { 'a message': }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: {catalog: catalog_handler}) do |port|
+        Puppet[:serverport] = port
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(2)
+         .and output(%r{Caching catalog for #{Puppet[:certname]}}).to_stdout
+      end
+
+      # reset state so we can run again
+      Puppet::Application.clear!
+
+      # --test above turns off `usecacheonfailure` so re-enable here
+      Puppet[:usecacheonfailure] = true
+
+      # run agent without server
+      expect {
+        agent.command_line.args << '--no-daemonize' << '--onetime' << '--server' << '127.0.0.1'
+        agent.run
+      }.to exit_with(2)
+       .and output(a_string_matching(
+         /Using cached catalog from environment 'production'/
+       ).and matching(
+         /Notify\[a message\]\/message:/
+       )).to_stdout
+       .and output(/the agent run will continue/).to_stderr
+    end
+
+    it 'preserves the old cached catalog if validation fails with the old one' do
+      catalog_handler = -> (req, res) {
+        catalog = compile_to_catalog(<<-MANIFEST, node)
+          exec { 'unqualified_command': }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: {catalog: catalog_handler}) do |port|
+        Puppet[:serverport] = port
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(1)
+         .and output(/Using configured environment/).to_stdout
+         .and output(%r{Validation of Exec\[unqualified_command\] failed: 'unqualified_command' is not qualified and no path was specified}).to_stderr
+      end
+
+      # cached catalog should not be updated
+      cached_catalog = "#{File.join(Puppet[:client_datadir], 'catalog', Puppet[:certname])}.json"
+      expect(File).to_not be_exist(cached_catalog)
+    end
+  end
+
+  context "reporting" do
+    it "stores a finalized report" do
+      catalog_handler = -> (req, res) {
+        catalog = compile_to_catalog(<<-MANIFEST, node)
+        notify { 'foo':
+          require => Notify['bar']
+        }
+
+        notify { 'bar':
+          require => Notify['foo']
+        }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: {catalog: catalog_handler}) do |port|
+        Puppet[:serverport] = port
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(1)
+         .and output(%r{Applying configuration}).to_stdout
+         .and output(%r{Found 1 dependency cycle}).to_stderr
+
+        report = Puppet::Transaction::Report.convert_from(:yaml, File.read(Puppet[:lastrunreport]))
+        expect(report.status).to eq("failed")
+        expect(report.metrics).to_not be_empty
+      end
+    end
+  end
 end

data/spec/integration/application/apply_spec.rb

@@ -663,4 +663,23 @@ class amod::bad_type {
       end
     end
   end
+
+  context 'rich data' do
+    it "calls a deferred 4x function" do
+      apply.command_line.args = ['-e', 'notify { "deferred3x": message => Deferred("join", [[1,2,3], ":"]) }']
+
+      expect {
+        apply.run
+      }.to exit_with(0) # for some reason apply returns 0 instead of 2
+       .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred3x\]/message: defined 'message' as '1:2:3'}).to_stdout
+    end
+
+    it "calls a deferred 3x function" do
+      apply.command_line.args = ['-e', 'notify { "deferred4x": message => Deferred("sprintf", ["%s", "I am deferred"]) }']
+      expect {
+        apply.run
+      }.to exit_with(0) # for some reason apply returns 0 instead of 2
+       .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred4x\]/message: defined 'message' as 'I am deferred'}).to_stdout
+    end
+  end
 end

data/spec/integration/application/plugin_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 require 'puppet/face'
 require 'puppet_spec/puppetserver'
 
-describe "puppet plugin" do
+describe "puppet plugin", unless: Puppet::Util::Platform.jruby? do
   include_context "https client"
 
   let(:server) { PuppetSpec::Puppetserver.new }

data/spec/integration/defaults_spec.rb

@@ -36,13 +36,6 @@ describe "Puppet defaults" do
     end
   end
 
-  describe "when setting the :serverport" do
-    it "should also set the :masterport to the same value" do
-      Puppet.settings[:serverport] = 9000
-      expect(Puppet.settings[:masterport]).to eq(9000)
-    end
-  end
-
   describe "when setting the :factpath" do
     it "should add the :factpath to Facter's search paths" do
       expect(Facter).to receive(:search).with("/my/fact/path")

data/spec/integration/http/client_spec.rb

@@ -151,4 +151,16 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
       end
     end
   end
+
+  context 'ciphersuites' do
+    it "does not connect when using an SSLv3 ciphersuite" do
+      Puppet[:ciphers] = "DES-CBC3-SHA"
+
+      https_server.start_server do |port|
+        expect {
+          client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: root_context})
+        }.to raise_error(Puppet::HTTP::ConnectionError, /no cipher match|sslv3 alert handshake failure/)
+      end
+    end
+  end
 end

data/spec/integration/indirector/direct_file_server_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'matchers/include'
 
 require 'puppet/indirector/file_content/file'
 require 'puppet/indirector/file_metadata/file'
@@ -30,7 +29,6 @@ end
 
 describe Puppet::Indirector::DirectFileServer, " when interacting with FileServing::Fileset and the model" do
   include PuppetSpec::Files
-  include Matchers::Include
 
   matcher :file_with_content do |name, content|
     match do |actual|
@@ -52,7 +50,7 @@ describe Puppet::Indirector::DirectFileServer, " when interacting with FileServi
     terminus = Puppet::Indirector::FileContent::File.new
     request = terminus.indirection.request(:search, Puppet::Util.path_to_uri(path).to_s, nil, :recurse => true)
 
-    expect(terminus.search(request)).to include_in_any_order(
+    expect(terminus.search(request)).to contain_exactly(
       file_with_content(File.join(path, "one"), "one content"),
       file_with_content(File.join(path, "two"), "two content"),
       directory_named(path))

data/spec/integration/indirector/file_content/file_server_spec.rb

@@ -86,8 +86,6 @@ describe Puppet::Indirector::FileContent::FileServer, " when finding files" do
 
     # Use a real mount, so the integration is a bit deeper.
     mount1 = Puppet::FileServing::Configuration::Mount::File.new("one")
-    allow(mount1).to receive(:globalallow?).and_return(true)
-    allow(mount1).to receive(:allowed?).and_return(true)
     mount1.path = File.join(path, "%h")
 
     parser = double('parser', :changed? => false)

data/spec/integration/indirector/file_metadata/file_server_spec.rb

@@ -59,8 +59,6 @@ describe Puppet::Indirector::FileMetadata::FileServer, " when finding files" do
 
         # Use a real mount, so the integration is a bit deeper.
         mount1 = Puppet::FileServing::Configuration::Mount::File.new("one")
-        allow(mount1).to receive(:globalallow?).and_return(true)
-        allow(mount1).to receive(:allowed?).and_return(true)
         mount1.path = File.join(env_path, "%h")
 
         parser = double('parser', :changed? => false)

data/spec/integration/parser/collection_spec.rb

@@ -235,6 +235,16 @@ describe 'collectors' do
         MANIFEST
       end
 
+      it "splats attributes from a hash" do
+        expect_the_message_to_be(["overridden message"], <<-MANIFEST)
+          @notify { "testing": message => "original message" }
+
+          Notify <| |> {
+            * => { message => "overridden message" }
+          }
+        MANIFEST
+      end
+
       it "collects with override when inside a class (#10963)" do
         expect_the_message_to_be(["overridden message"], <<-MANIFEST)
           @notify { "testing": message => "original message" }

data/spec/integration/resource/type_collection_spec.rb

@@ -11,12 +11,8 @@ describe Puppet::Resource::TypeCollection do
       @dir = tmpfile("autoload_testing")
       FileUtils.mkdir_p @dir
 
-      loader = Object.new
-      allow(loader).to receive(:load).and_return(nil)
-      allow(loader).to receive(:set_entry)
-
-      loaders = Object.new
-      expect(loaders).to receive(:runtime3_type_loader).at_most(:once).and_return(loader)
+      loader = double('loader', load: nil, set_entry: nil)
+      loaders = double('loaders', runtime3_type_loader: loader)
       expect(Puppet::Pops::Loaders).to receive(:loaders).at_most(:once).and_return(loaders)
 
       environment = Puppet::Node::Environment.create(:env, [@dir])

data/spec/integration/transaction_spec.rb

@@ -61,7 +61,7 @@ describe Puppet::Transaction do
 
     transaction = Puppet::Transaction.new(catalog, nil, Puppet::Graph::SequentialPrioritizer.new)
 
-    expect(resource).not_to receive(:evaluate)
+    expect(resource).not_to receive(:retrieve)
 
     transaction.evaluate
   end
@@ -86,7 +86,7 @@ describe Puppet::Transaction do
 
     transaction = Puppet::Transaction.new(catalog, nil, Puppet::Graph::SequentialPrioritizer.new)
 
-    expect(resource).not_to receive(:evaluate)
+    expect(resource).not_to receive(:retrieve)
 
     transaction.evaluate
   end
@@ -315,16 +315,14 @@ describe Puppet::Transaction do
         file1 = tmpfile("file1")
         file2 = tmpfile("file2")
 
+        expect(Puppet::FileSystem).to_not be_exist(file2)
+
         exec1 = Puppet::Type.type(:exec).new(
           :name        => "exec1",
           :path        => ENV["PATH"],
           :command     => touch(file1),
         )
 
-        allow(exec1).to receive(:eval_generate).and_return(
-          [ Puppet::Type.type(:notify).new(:name => "eval1_notify") ]
-        )
-
         exec2 = Puppet::Type.type(:exec).new(
           :name        => "exec2",
           :path        => ENV["PATH"],
@@ -332,9 +330,6 @@ describe Puppet::Transaction do
           :refreshonly => true,
           :subscribe   => exec1,
         )
-        allow(exec2).to receive(:eval_generate).and_return(
-          [ Puppet::Type.type(:notify).new(:name => "eval2_notify") ]
-        )
 
         Puppet[:tags] = "exec"
         catalog = mk_catalog(exec1, exec2)

data/spec/integration/util/windows/adsi_spec.rb

@@ -55,6 +55,24 @@ describe Puppet::Util::Windows::ADSI::User,
       end
     end
   end
+
+  describe '.current_user_name_with_format' do
+    context 'when desired format is NameSamCompatible' do
+      it 'should get the same user name as the current_user_name method but fully qualified' do
+        user_name = Puppet::Util::Windows::ADSI::User.current_user_name
+        fully_qualified_user_name = Puppet::Util::Windows::ADSI::User.current_sam_compatible_user_name
+
+        expect(fully_qualified_user_name).to match(/^.+\\#{user_name}$/)
+      end
+
+      it 'should have the same SID as with the current_user_name method' do
+        user_name = Puppet::Util::Windows::ADSI::User.current_user_name
+        fully_qualified_user_name = Puppet::Util::Windows::ADSI::User.current_sam_compatible_user_name
+
+        expect(Puppet::Util::Windows::SID.name_to_sid(user_name)).to eq(Puppet::Util::Windows::SID.name_to_sid(fully_qualified_user_name))
+      end
+    end
+  end
 end
 
 describe Puppet::Util::Windows::ADSI::Group,
@@ -157,7 +175,9 @@ describe Puppet::Util::Windows::ADSI::Group,
 
       # touch the native_object member to have it lazily loaded, so COM objects can be stubbed
       admins.native_object
-      allow(admins.native_object).to receive(:Members).and_return(members)
+      without_partial_double_verification do
+        allow(admins.native_object).to receive(:Members).and_return(members)
+      end
 
       # well-known NULL SID
       expect(admins.members[0].sid).to eq('S-1-0-0')

data/spec/integration/util/windows/principal_spec.rb

@@ -7,6 +7,7 @@ describe Puppet::Util::Windows::SID::Principal, :if => Puppet::Util::Platform.wi
   let (:system_bytes) { [1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0] }
   let (:null_sid_bytes) { [1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] }
   let (:administrator_bytes) { [1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0] }
+  let (:all_application_packages_bytes) { [1, 2, 0, 0, 0, 0, 0, 15, 2, 0, 0, 0, 1, 0, 0, 0] }
   let (:computer_sid) { Puppet::Util::Windows::SID.name_to_principal(Puppet::Util::Windows::ADSI.computer_name) }
   # BUILTIN is localized on German Windows, but not French
   # looking this up like this dilutes the values of the tests as we're comparing two mechanisms
@@ -121,6 +122,26 @@ describe Puppet::Util::Windows::SID::Principal, :if => Puppet::Util::Platform.wi
       expect(principal.to_s).to eq(builtin_localized)
     end
 
+    it "should always sanitize the account name first" do
+      expect(Puppet::Util::Windows::SID::Principal).to receive(:sanitize_account_name).with('NT AUTHORITY\\SYSTEM').and_call_original
+      Puppet::Util::Windows::SID::Principal.lookup_account_name('NT AUTHORITY\\SYSTEM')
+    end
+
+    it "should be able to create an instance from an account name prefixed by APPLICATION PACKAGE AUTHORITY" do
+      principal = Puppet::Util::Windows::SID::Principal.lookup_account_name('APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES')
+      expect(principal.account).to eq('ALL APPLICATION PACKAGES')
+      expect(principal.sid_bytes).to eq(all_application_packages_bytes)
+      expect(principal.sid).to eq('S-1-15-2-1')
+      expect(principal.domain).to eq('APPLICATION PACKAGE AUTHORITY')
+      expect(principal.domain_account).to eq('APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES')
+      expect(principal.account_type).to eq(:SidTypeWellKnownGroup)
+      expect(principal.to_s).to eq('APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES')
+    end
+
+    it "should fail without proper account name sanitization when it is prefixed by APPLICATION PACKAGE AUTHORITY" do
+      given_account_name = 'APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES'
+      expect { Puppet::Util::Windows::SID::Principal.lookup_account_name(nil, false, given_account_name) }.to raise_error(Puppet::Util::Windows::Error, /No mapping between account names and security IDs was done./)
+    end
   end
 
   describe ".lookup_account_sid" do