puppet 7.1.0-universal-darwin → 7.3.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile.lock +15 -13
- data/lib/puppet/application/agent.rb +1 -0
- data/lib/puppet/application/apply.rb +3 -2
- data/lib/puppet/application/device.rb +1 -0
- data/lib/puppet/application/script.rb +1 -0
- data/lib/puppet/application.rb +10 -6
- data/lib/puppet/configurer.rb +16 -3
- data/lib/puppet/defaults.rb +5 -14
- data/lib/puppet/face/facts.rb +15 -1
- data/lib/puppet/file_serving/configuration/parser.rb +5 -2
- data/lib/puppet/module_tool/applications/installer.rb +48 -2
- data/lib/puppet/module_tool/errors/shared.rb +17 -2
- data/lib/puppet/network/formats.rb +67 -0
- data/lib/puppet/parser/ast/leaf.rb +3 -2
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +5 -3
- data/lib/puppet/pops/model/ast_transformer.rb +1 -1
- data/lib/puppet/provider/package/apt.rb +4 -0
- data/lib/puppet/reference/configuration.rb +6 -5
- data/lib/puppet/settings/alias_setting.rb +37 -0
- data/lib/puppet/settings.rb +33 -28
- data/lib/puppet/util/autoload.rb +1 -8
- data/lib/puppet/util/posix.rb +1 -1
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +157 -141
- data/man/man5/puppet.conf.5 +6 -6
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +2 -2
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +5 -2
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +2 -2
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +91 -0
- data/spec/integration/application/agent_spec.rb +127 -3
- data/spec/integration/application/apply_spec.rb +19 -0
- data/spec/integration/defaults_spec.rb +0 -7
- data/spec/integration/indirector/file_content/file_server_spec.rb +0 -2
- data/spec/integration/indirector/file_metadata/file_server_spec.rb +0 -2
- data/spec/integration/resource/type_collection_spec.rb +2 -6
- data/spec/integration/transaction_spec.rb +4 -9
- data/spec/integration/util/windows/adsi_spec.rb +3 -1
- data/spec/integration/util/windows/registry_spec.rb +0 -10
- data/spec/spec_helper.rb +1 -4
- data/spec/unit/agent_spec.rb +8 -6
- data/spec/unit/application/agent_spec.rb +0 -1
- data/spec/unit/application/filebucket_spec.rb +0 -2
- data/spec/unit/application_spec.rb +17 -9
- data/spec/unit/confine/feature_spec.rb +1 -1
- data/spec/unit/confine_spec.rb +8 -2
- data/spec/unit/face/node_spec.rb +0 -11
- data/spec/unit/file_serving/configuration/parser_spec.rb +8 -1
- data/spec/unit/file_serving/metadata_spec.rb +3 -3
- data/spec/unit/file_serving/terminus_helper_spec.rb +11 -4
- data/spec/unit/forge/module_release_spec.rb +2 -7
- data/spec/unit/indirector/face_spec.rb +0 -1
- data/spec/unit/indirector/facts/facter_spec.rb +11 -5
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +26 -8
- data/spec/unit/indirector/indirection_spec.rb +8 -12
- data/spec/unit/indirector_spec.rb +2 -2
- data/spec/unit/module_tool/applications/installer_spec.rb +66 -0
- data/spec/unit/network/formats_spec.rb +41 -0
- data/spec/unit/network/http/api/indirected_routes_spec.rb +0 -4
- data/spec/unit/parser/compiler_spec.rb +3 -19
- data/spec/unit/parser/resource_spec.rb +14 -8
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +20 -0
- data/spec/unit/property_spec.rb +1 -0
- data/spec/unit/provider/nameservice_spec.rb +66 -65
- data/spec/unit/provider/package/apt_spec.rb +4 -8
- data/spec/unit/provider/package/base_spec.rb +6 -5
- data/spec/unit/provider/package/pacman_spec.rb +18 -12
- data/spec/unit/provider/package/pip_spec.rb +6 -11
- data/spec/unit/provider/package/pkgdmg_spec.rb +0 -4
- data/spec/unit/provider/user/hpux_spec.rb +1 -1
- data/spec/unit/provider_spec.rb +6 -8
- data/spec/unit/resource/type_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +11 -10
- data/spec/unit/settings_spec.rb +13 -6
- data/spec/unit/ssl/base_spec.rb +0 -1
- data/spec/unit/ssl/ssl_provider_spec.rb +5 -2
- data/spec/unit/transaction/additional_resource_generator_spec.rb +3 -7
- data/spec/unit/transaction/event_manager_spec.rb +14 -11
- data/spec/unit/transaction_spec.rb +13 -4
- data/spec/unit/type/file/content_spec.rb +0 -1
- data/spec/unit/type/file/selinux_spec.rb +0 -2
- data/spec/unit/type/file_spec.rb +0 -6
- data/spec/unit/type/group_spec.rb +13 -6
- data/spec/unit/type/resources_spec.rb +7 -7
- data/spec/unit/type/service_spec.rb +1 -1
- data/spec/unit/type/tidy_spec.rb +0 -1
- data/spec/unit/type_spec.rb +2 -2
- data/spec/unit/util/at_fork_spec.rb +2 -2
- data/spec/unit/util/autoload_spec.rb +5 -1
- data/spec/unit/util/backups_spec.rb +1 -2
- data/spec/unit/util/execution_spec.rb +15 -11
- data/spec/unit/util/inifile_spec.rb +6 -14
- data/spec/unit/util/log_spec.rb +8 -7
- data/spec/unit/util/logging_spec.rb +3 -3
- data/spec/unit/util/posix_spec.rb +16 -10
- data/spec/unit/util/selinux_spec.rb +76 -52
- data/spec/unit/util/suidmanager_spec.rb +44 -41
- data/spec/unit/util_spec.rb +13 -6
- metadata +7 -2
|
@@ -639,6 +639,8 @@ describe Puppet::Util::Execution, if: !Puppet::Util::Platform.jruby? do
|
|
|
639
639
|
|
|
640
640
|
describe "#execute (debug logging)" do
|
|
641
641
|
before :each do
|
|
642
|
+
Puppet[:log_level] = 'debug'
|
|
643
|
+
|
|
642
644
|
stub_process_wait(0)
|
|
643
645
|
|
|
644
646
|
if Puppet::Util::Platform.windows?
|
|
@@ -649,47 +651,47 @@ describe Puppet::Util::Execution, if: !Puppet::Util::Platform.jruby? do
|
|
|
649
651
|
end
|
|
650
652
|
|
|
651
653
|
it "should log if no uid or gid specified" do
|
|
652
|
-
expect(Puppet
|
|
654
|
+
expect(Puppet).to receive(:send_log).with(:debug, "Executing: 'echo hello'")
|
|
653
655
|
Puppet::Util::Execution.execute('echo hello')
|
|
654
656
|
end
|
|
655
657
|
|
|
656
658
|
it "should log numeric uid if specified" do
|
|
657
|
-
expect(Puppet
|
|
659
|
+
expect(Puppet).to receive(:send_log).with(:debug, "Executing with uid=100: 'echo hello'")
|
|
658
660
|
Puppet::Util::Execution.execute('echo hello', {:uid => 100})
|
|
659
661
|
end
|
|
660
662
|
|
|
661
663
|
it "should log numeric gid if specified" do
|
|
662
|
-
expect(Puppet
|
|
664
|
+
expect(Puppet).to receive(:send_log).with(:debug, "Executing with gid=500: 'echo hello'")
|
|
663
665
|
Puppet::Util::Execution.execute('echo hello', {:gid => 500})
|
|
664
666
|
end
|
|
665
667
|
|
|
666
668
|
it "should log numeric uid and gid if specified" do
|
|
667
|
-
expect(Puppet
|
|
669
|
+
expect(Puppet).to receive(:send_log).with(:debug, "Executing with uid=100 gid=500: 'echo hello'")
|
|
668
670
|
Puppet::Util::Execution.execute('echo hello', {:uid => 100, :gid => 500})
|
|
669
671
|
end
|
|
670
672
|
|
|
671
673
|
it "should log string uid if specified" do
|
|
672
|
-
expect(Puppet
|
|
674
|
+
expect(Puppet).to receive(:send_log).with(:debug, "Executing with uid=myuser: 'echo hello'")
|
|
673
675
|
Puppet::Util::Execution.execute('echo hello', {:uid => 'myuser'})
|
|
674
676
|
end
|
|
675
677
|
|
|
676
678
|
it "should log string gid if specified" do
|
|
677
|
-
expect(Puppet
|
|
679
|
+
expect(Puppet).to receive(:send_log).with(:debug, "Executing with gid=mygroup: 'echo hello'")
|
|
678
680
|
Puppet::Util::Execution.execute('echo hello', {:gid => 'mygroup'})
|
|
679
681
|
end
|
|
680
682
|
|
|
681
683
|
it "should log string uid and gid if specified" do
|
|
682
|
-
expect(Puppet
|
|
684
|
+
expect(Puppet).to receive(:send_log).with(:debug, "Executing with uid=myuser gid=mygroup: 'echo hello'")
|
|
683
685
|
Puppet::Util::Execution.execute('echo hello', {:uid => 'myuser', :gid => 'mygroup'})
|
|
684
686
|
end
|
|
685
687
|
|
|
686
688
|
it "should log numeric uid and string gid if specified" do
|
|
687
|
-
expect(Puppet
|
|
689
|
+
expect(Puppet).to receive(:send_log).with(:debug, "Executing with uid=100 gid=mygroup: 'echo hello'")
|
|
688
690
|
Puppet::Util::Execution.execute('echo hello', {:uid => 100, :gid => 'mygroup'})
|
|
689
691
|
end
|
|
690
692
|
|
|
691
693
|
it 'should redact commands in debug output when passed sensitive option' do
|
|
692
|
-
expect(Puppet
|
|
694
|
+
expect(Puppet).to receive(:send_log).with(:debug, "Executing: '[redacted]'")
|
|
693
695
|
Puppet::Util::Execution.execute('echo hello', {:sensitive => true})
|
|
694
696
|
end
|
|
695
697
|
end
|
|
@@ -903,14 +905,16 @@ describe Puppet::Util::Execution, if: !Puppet::Util::Platform.jruby? do
|
|
|
903
905
|
end
|
|
904
906
|
|
|
905
907
|
it "should print meaningful debug message for string argument" do
|
|
906
|
-
|
|
908
|
+
Puppet[:log_level] = 'debug'
|
|
909
|
+
expect(Puppet).to receive(:send_log).with(:debug, "Executing 'echo hello'")
|
|
907
910
|
expect(Puppet::Util::Execution).to receive(:open).with('| echo hello 2>&1').and_return('hello')
|
|
908
911
|
expect(Puppet::Util::Execution).to receive(:exitstatus).and_return(0)
|
|
909
912
|
Puppet::Util::Execution.execpipe('echo hello')
|
|
910
913
|
end
|
|
911
914
|
|
|
912
915
|
it "should print meaningful debug message for array argument" do
|
|
913
|
-
|
|
916
|
+
Puppet[:log_level] = 'debug'
|
|
917
|
+
expect(Puppet).to receive(:send_log).with(:debug, "Executing 'echo hello'")
|
|
914
918
|
expect(Puppet::Util::Execution).to receive(:open).with('| echo hello 2>&1').and_return('hello')
|
|
915
919
|
expect(Puppet::Util::Execution).to receive(:exitstatus).and_return(0)
|
|
916
920
|
Puppet::Util::Execution.execpipe(['echo','hello'])
|
|
@@ -443,13 +443,9 @@ describe Puppet::Util::IniConfig::FileCollection do
|
|
|
443
443
|
end
|
|
444
444
|
|
|
445
445
|
it "yields every section from every file" do
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
subject.each_section do |sect|
|
|
451
|
-
sect.touch
|
|
452
|
-
end
|
|
446
|
+
expect { |b|
|
|
447
|
+
subject.each_section(&b)
|
|
448
|
+
}.to yield_successive_args(sect_a1, sect_a2, sect_b1, sect_b2)
|
|
453
449
|
end
|
|
454
450
|
end
|
|
455
451
|
|
|
@@ -460,13 +456,9 @@ describe Puppet::Util::IniConfig::FileCollection do
|
|
|
460
456
|
end
|
|
461
457
|
|
|
462
458
|
it "yields the path to every file in the collection" do
|
|
463
|
-
|
|
464
|
-
|
|
465
|
-
|
|
466
|
-
end
|
|
467
|
-
|
|
468
|
-
expect(seen).to include(path_a)
|
|
469
|
-
expect(seen).to include(path_b)
|
|
459
|
+
expect { |b|
|
|
460
|
+
subject.each_file(&b)
|
|
461
|
+
}.to yield_successive_args(path_a, path_b)
|
|
470
462
|
end
|
|
471
463
|
end
|
|
472
464
|
|
data/spec/unit/util/log_spec.rb
CHANGED
|
@@ -111,16 +111,20 @@ describe Puppet::Util::Log do
|
|
|
111
111
|
end
|
|
112
112
|
|
|
113
113
|
it "should fall back to :eventlog" do
|
|
114
|
-
|
|
115
|
-
|
|
114
|
+
without_partial_double_verification do
|
|
115
|
+
allow(Puppet.features).to receive(:syslog?).and_return(false)
|
|
116
|
+
allow(Puppet.features).to receive(:eventlog?).and_return(true)
|
|
117
|
+
end
|
|
116
118
|
expect(Puppet::Util::Log).to receive(:newdestination).with(:eventlog)
|
|
117
119
|
|
|
118
120
|
Puppet::Util::Log.setup_default
|
|
119
121
|
end
|
|
120
122
|
|
|
121
123
|
it "should fall back to :file" do
|
|
122
|
-
|
|
123
|
-
|
|
124
|
+
without_partial_double_verification do
|
|
125
|
+
allow(Puppet.features).to receive(:syslog?).and_return(false)
|
|
126
|
+
allow(Puppet.features).to receive(:eventlog?).and_return(false)
|
|
127
|
+
end
|
|
124
128
|
expect(Puppet::Util::Log).to receive(:newdestination).with(Puppet[:puppetdlog])
|
|
125
129
|
|
|
126
130
|
Puppet::Util::Log.setup_default
|
|
@@ -224,9 +228,6 @@ describe Puppet::Util::Log do
|
|
|
224
228
|
describe Puppet::Util::Log::DestEventlog, :if => Puppet.features.eventlog? do
|
|
225
229
|
before :each do
|
|
226
230
|
allow(Puppet::Util::Windows::EventLog).to receive(:open).and_return(double('mylog', :close => nil))
|
|
227
|
-
allow(Puppet::Util::Windows::EventLog).to receive(:report_event)
|
|
228
|
-
allow(Puppet::Util::Windows::EventLog).to receive(:close)
|
|
229
|
-
allow(Puppet.features).to receive(:eventlog?).and_return(true)
|
|
230
231
|
end
|
|
231
232
|
|
|
232
233
|
it "should restrict its suitability to Windows" do
|
|
@@ -552,7 +552,7 @@ original
|
|
|
552
552
|
|
|
553
553
|
describe 'does support debugging' do
|
|
554
554
|
before :each do
|
|
555
|
-
allow(Facter).to receive(:respond_to?).with(:debugging).and_return(true)
|
|
555
|
+
allow(Facter).to receive(:respond_to?).with(:debugging, any_args).and_return(true)
|
|
556
556
|
end
|
|
557
557
|
|
|
558
558
|
it 'enables Facter debugging when debug level' do
|
|
@@ -568,7 +568,7 @@ original
|
|
|
568
568
|
|
|
569
569
|
describe 'does support trace' do
|
|
570
570
|
before :each do
|
|
571
|
-
allow(Facter).to receive(:respond_to?).with(:trace).and_return(true)
|
|
571
|
+
allow(Facter).to receive(:respond_to?).with(:trace, any_args).and_return(true)
|
|
572
572
|
end
|
|
573
573
|
|
|
574
574
|
it 'enables Facter trace when enabled' do
|
|
@@ -584,7 +584,7 @@ original
|
|
|
584
584
|
|
|
585
585
|
describe 'does support on_message' do
|
|
586
586
|
before :each do
|
|
587
|
-
allow(Facter).to receive(:respond_to?).with(:on_message).and_return(true)
|
|
587
|
+
allow(Facter).to receive(:respond_to?).with(:on_message, any_args).and_return(true)
|
|
588
588
|
end
|
|
589
589
|
|
|
590
590
|
def setup(level, message)
|
|
@@ -63,7 +63,7 @@ describe Puppet::Util::POSIX do
|
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
before(:each) do
|
|
66
|
-
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist).and_return(true)
|
|
66
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
describe 'when it uses FFI function getgrouplist' do
|
|
@@ -77,7 +77,7 @@ describe Puppet::Util::POSIX do
|
|
|
77
77
|
context 'for user1' do
|
|
78
78
|
let(:user) { 'user1' }
|
|
79
79
|
let(:expected_groups) { ['group1', 'group3'] }
|
|
80
|
-
|
|
80
|
+
|
|
81
81
|
before(:each) do
|
|
82
82
|
prepare_user_and_groups_env(user, expected_groups)
|
|
83
83
|
allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
|
|
@@ -96,9 +96,10 @@ describe Puppet::Util::POSIX do
|
|
|
96
96
|
context 'for user2' do
|
|
97
97
|
let(:user) { 'user2' }
|
|
98
98
|
let(:expected_groups) { ['group1', 'group2', 'group4'] }
|
|
99
|
-
|
|
99
|
+
|
|
100
100
|
before(:each) do
|
|
101
101
|
prepare_user_and_groups_env(user, expected_groups)
|
|
102
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
|
|
102
103
|
allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
|
|
103
104
|
end
|
|
104
105
|
|
|
@@ -116,9 +117,10 @@ describe Puppet::Util::POSIX do
|
|
|
116
117
|
describe 'when there are no groups' do
|
|
117
118
|
let(:user) { 'nomembers' }
|
|
118
119
|
let(:expected_groups) { [] }
|
|
119
|
-
|
|
120
|
+
|
|
120
121
|
before(:each) do
|
|
121
122
|
prepare_user_and_groups_env(user, expected_groups)
|
|
123
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
|
|
122
124
|
allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
|
|
123
125
|
end
|
|
124
126
|
|
|
@@ -138,6 +140,7 @@ describe Puppet::Util::POSIX do
|
|
|
138
140
|
|
|
139
141
|
before(:each) do
|
|
140
142
|
prepare_user_and_groups_env(user, expected_groups)
|
|
143
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
|
|
141
144
|
allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
|
|
142
145
|
end
|
|
143
146
|
|
|
@@ -157,6 +160,7 @@ describe Puppet::Util::POSIX do
|
|
|
157
160
|
|
|
158
161
|
before(:each) do
|
|
159
162
|
prepare_user_and_groups_env(user, expected_groups)
|
|
163
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
|
|
160
164
|
allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
|
|
161
165
|
end
|
|
162
166
|
|
|
@@ -184,6 +188,7 @@ describe Puppet::Util::POSIX do
|
|
|
184
188
|
let(:expected_groups) { ['root'] }
|
|
185
189
|
|
|
186
190
|
before(:each) do
|
|
191
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
|
|
187
192
|
allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
|
|
188
193
|
end
|
|
189
194
|
|
|
@@ -206,6 +211,7 @@ describe Puppet::Util::POSIX do
|
|
|
206
211
|
allow(FFI::MemoryPointer).to receive(:new).with(:uint, Puppet::FFI::POSIX::Constants::MAXIMUM_NUMBER_OF_GROUPS * 2).and_yield(groups_ptr)
|
|
207
212
|
allow(ngroups_ptr).to receive(:write_int).with(Puppet::FFI::POSIX::Constants::MAXIMUM_NUMBER_OF_GROUPS * 2).and_return(ngroups_ptr)
|
|
208
213
|
|
|
214
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
|
|
209
215
|
allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(-1, 1)
|
|
210
216
|
end
|
|
211
217
|
|
|
@@ -233,7 +239,7 @@ describe Puppet::Util::POSIX do
|
|
|
233
239
|
allow(Puppet::Etc).to receive(:getpwnam).with(user).and_raise(ArgumentError, "can't find user for #{user}")
|
|
234
240
|
allow(Puppet).to receive(:debug)
|
|
235
241
|
|
|
236
|
-
|
|
242
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(false)
|
|
237
243
|
end
|
|
238
244
|
|
|
239
245
|
describe 'when there are groups' do
|
|
@@ -246,7 +252,7 @@ describe Puppet::Util::POSIX do
|
|
|
246
252
|
end
|
|
247
253
|
|
|
248
254
|
it 'logs a debug message' do
|
|
249
|
-
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group:
|
|
255
|
+
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
|
|
250
256
|
Puppet::Util::POSIX.groups_of(user)
|
|
251
257
|
end
|
|
252
258
|
end
|
|
@@ -260,7 +266,7 @@ describe Puppet::Util::POSIX do
|
|
|
260
266
|
end
|
|
261
267
|
|
|
262
268
|
it 'logs a debug message' do
|
|
263
|
-
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group:
|
|
269
|
+
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
|
|
264
270
|
Puppet::Util::POSIX.groups_of(user)
|
|
265
271
|
end
|
|
266
272
|
end
|
|
@@ -275,7 +281,7 @@ describe Puppet::Util::POSIX do
|
|
|
275
281
|
end
|
|
276
282
|
|
|
277
283
|
it 'logs a debug message' do
|
|
278
|
-
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group:
|
|
284
|
+
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
|
|
279
285
|
Puppet::Util::POSIX.groups_of(user)
|
|
280
286
|
end
|
|
281
287
|
end
|
|
@@ -289,7 +295,7 @@ describe Puppet::Util::POSIX do
|
|
|
289
295
|
end
|
|
290
296
|
|
|
291
297
|
it 'logs a debug message' do
|
|
292
|
-
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group:
|
|
298
|
+
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
|
|
293
299
|
Puppet::Util::POSIX.groups_of(user)
|
|
294
300
|
end
|
|
295
301
|
end
|
|
@@ -303,7 +309,7 @@ describe Puppet::Util::POSIX do
|
|
|
303
309
|
end
|
|
304
310
|
|
|
305
311
|
it 'logs a debug message' do
|
|
306
|
-
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group:
|
|
312
|
+
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
|
|
307
313
|
Puppet::Util::POSIX.groups_of(user)
|
|
308
314
|
end
|
|
309
315
|
end
|
|
@@ -111,15 +111,19 @@ describe Puppet::Util::SELinux do
|
|
|
111
111
|
end
|
|
112
112
|
|
|
113
113
|
it "should return a context" do
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
114
|
+
without_partial_double_verification do
|
|
115
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
|
116
|
+
expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
|
|
117
|
+
expect(get_selinux_current_context("/foo")).to eq("user_u:role_r:type_t:s0")
|
|
118
|
+
end
|
|
117
119
|
end
|
|
118
120
|
|
|
119
121
|
it "should return nil if lgetfilecon fails" do
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
122
|
+
without_partial_double_verification do
|
|
123
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
|
124
|
+
expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return(-1)
|
|
125
|
+
expect(get_selinux_current_context("/foo")).to be_nil
|
|
126
|
+
end
|
|
123
127
|
end
|
|
124
128
|
end
|
|
125
129
|
|
|
@@ -130,47 +134,57 @@ describe Puppet::Util::SELinux do
|
|
|
130
134
|
end
|
|
131
135
|
|
|
132
136
|
it "should return a context if a default context exists" do
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
137
|
+
without_partial_double_verification do
|
|
138
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
|
139
|
+
fstat = double('File::Stat', :mode => 0)
|
|
140
|
+
expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
|
|
141
|
+
expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
|
|
142
|
+
expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return([0, "user_u:role_r:type_t:s0"])
|
|
143
|
+
|
|
144
|
+
expect(get_selinux_default_context("/foo")).to eq("user_u:role_r:type_t:s0")
|
|
145
|
+
end
|
|
140
146
|
end
|
|
141
147
|
|
|
142
148
|
it "handles permission denied errors by issuing a warning" do
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
149
|
+
without_partial_double_verification do
|
|
150
|
+
allow(self).to receive(:selinux_support?).and_return(true)
|
|
151
|
+
allow(self).to receive(:selinux_label_support?).and_return(true)
|
|
152
|
+
allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
|
|
153
|
+
allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::EACCES, "/root/chuj")
|
|
147
154
|
|
|
148
|
-
|
|
155
|
+
expect(get_selinux_default_context("/root/chuj")).to be_nil
|
|
156
|
+
end
|
|
149
157
|
end
|
|
150
158
|
|
|
151
159
|
it "handles no such file or directory errors by issuing a warning" do
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
160
|
+
without_partial_double_verification do
|
|
161
|
+
allow(self).to receive(:selinux_support?).and_return(true)
|
|
162
|
+
allow(self).to receive(:selinux_label_support?).and_return(true)
|
|
163
|
+
allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
|
|
164
|
+
allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
|
|
156
165
|
|
|
157
|
-
|
|
166
|
+
expect(get_selinux_default_context("/root/chuj")).to be_nil
|
|
167
|
+
end
|
|
158
168
|
end
|
|
159
169
|
|
|
160
170
|
it "should return nil if matchpathcon returns failure" do
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
171
|
+
without_partial_double_verification do
|
|
172
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
|
173
|
+
fstat = double('File::Stat', :mode => 0)
|
|
174
|
+
expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
|
|
175
|
+
expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
|
|
176
|
+
expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return(-1)
|
|
177
|
+
|
|
178
|
+
expect(get_selinux_default_context("/foo")).to be_nil
|
|
179
|
+
end
|
|
168
180
|
end
|
|
169
181
|
|
|
170
182
|
it "should return nil if selinux_label_support returns false" do
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
183
|
+
without_partial_double_verification do
|
|
184
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
|
185
|
+
expect(self).to receive(:find_fs).with("/foo").and_return("nfs")
|
|
186
|
+
expect(get_selinux_default_context("/foo")).to be_nil
|
|
187
|
+
end
|
|
174
188
|
end
|
|
175
189
|
end
|
|
176
190
|
|
|
@@ -261,37 +275,47 @@ describe Puppet::Util::SELinux do
|
|
|
261
275
|
end
|
|
262
276
|
|
|
263
277
|
it "should use lsetfilecon to set a context" do
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
278
|
+
without_partial_double_verification do
|
|
279
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
|
280
|
+
expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
|
|
281
|
+
expect(set_selinux_context("/foo", "user_u:role_r:type_t:s0")).to be_truthy
|
|
282
|
+
end
|
|
267
283
|
end
|
|
268
284
|
|
|
269
285
|
it "should use lsetfilecon to set user_u user context" do
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
286
|
+
without_partial_double_verification do
|
|
287
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
|
288
|
+
expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "foo:role_r:type_t:s0"])
|
|
289
|
+
expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
|
|
290
|
+
expect(set_selinux_context("/foo", "user_u", :seluser)).to be_truthy
|
|
291
|
+
end
|
|
274
292
|
end
|
|
275
293
|
|
|
276
294
|
it "should use lsetfilecon to set role_r role context" do
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
295
|
+
without_partial_double_verification do
|
|
296
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
|
297
|
+
expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:foo:type_t:s0"])
|
|
298
|
+
expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
|
|
299
|
+
expect(set_selinux_context("/foo", "role_r", :selrole)).to be_truthy
|
|
300
|
+
end
|
|
281
301
|
end
|
|
282
302
|
|
|
283
303
|
it "should use lsetfilecon to set type_t type context" do
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
304
|
+
without_partial_double_verification do
|
|
305
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
|
306
|
+
expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:foo:s0"])
|
|
307
|
+
expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
|
|
308
|
+
expect(set_selinux_context("/foo", "type_t", :seltype)).to be_truthy
|
|
309
|
+
end
|
|
288
310
|
end
|
|
289
311
|
|
|
290
312
|
it "should use lsetfilecon to set s0:c3,c5 range context" do
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
313
|
+
without_partial_double_verification do
|
|
314
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
|
315
|
+
expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
|
|
316
|
+
expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0:c3,c5").and_return(0)
|
|
317
|
+
expect(set_selinux_context("/foo", "s0:c3,c5", :selrange)).to be_truthy
|
|
318
|
+
end
|
|
295
319
|
end
|
|
296
320
|
end
|
|
297
321
|
|