puppet 7.1.0-universal-darwin → 7.6.1-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile.lock +38 -30
- data/ext/build_defaults.yaml +0 -1
- data/lib/puppet/application.rb +10 -6
- data/lib/puppet/application/agent.rb +1 -0
- data/lib/puppet/application/apply.rb +3 -2
- data/lib/puppet/application/device.rb +1 -0
- data/lib/puppet/application/script.rb +1 -0
- data/lib/puppet/application/ssl.rb +11 -0
- data/lib/puppet/configurer.rb +16 -3
- data/lib/puppet/defaults.rb +14 -19
- data/lib/puppet/environments.rb +16 -1
- data/lib/puppet/face/facts.rb +26 -2
- data/lib/puppet/ffi/windows/api_types.rb +1 -1
- data/lib/puppet/ffi/windows/constants.rb +1 -1
- data/lib/puppet/file_serving/configuration/parser.rb +5 -2
- data/lib/puppet/file_system/memory_file.rb +8 -1
- data/lib/puppet/file_system/windows.rb +2 -0
- data/lib/puppet/functions.rb +1 -1
- data/lib/puppet/functions/partition.rb +8 -0
- data/lib/puppet/http/factory.rb +4 -0
- data/lib/puppet/indirector/facts/facter.rb +1 -0
- data/lib/puppet/loaders.rb +0 -4
- data/lib/puppet/module.rb +1 -0
- data/lib/puppet/module_tool/applications/installer.rb +48 -2
- data/lib/puppet/module_tool/errors/shared.rb +17 -2
- data/lib/puppet/network/formats.rb +67 -0
- data/lib/puppet/network/http.rb +5 -2
- data/lib/puppet/network/http/api.rb +10 -6
- data/lib/puppet/network/http/api/master.rb +3 -2
- data/lib/puppet/network/http/api/master/v3.rb +2 -25
- data/lib/puppet/network/http/api/master/v3/environments.rb +2 -33
- data/lib/puppet/network/http/api/server.rb +10 -0
- data/lib/puppet/network/http/api/server/v3.rb +39 -0
- data/lib/puppet/network/http/api/server/v3/environments.rb +48 -0
- data/lib/puppet/node/environment.rb +12 -5
- data/lib/puppet/parser/ast/leaf.rb +3 -2
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +5 -3
- data/lib/puppet/pops/loader/base_loader.rb +42 -32
- data/lib/puppet/pops/loader/dependency_loader.rb +2 -2
- data/lib/puppet/pops/loader/loader.rb +15 -5
- data/lib/puppet/pops/loader/module_loaders.rb +8 -8
- data/lib/puppet/pops/loader/predefined_loader.rb +4 -0
- data/lib/puppet/pops/loader/runtime3_type_loader.rb +1 -1
- data/lib/puppet/pops/loader/static_loader.rb +4 -0
- data/lib/puppet/pops/loaders.rb +4 -4
- data/lib/puppet/pops/model/ast_transformer.rb +1 -1
- data/lib/puppet/pops/parser/lexer2.rb +0 -4
- data/lib/puppet/pops/types/p_type_set_type.rb +1 -1
- data/lib/puppet/pops/validation/checker4_0.rb +0 -1
- data/lib/puppet/property/list.rb +1 -1
- data/lib/puppet/provider/group/groupadd.rb +13 -8
- data/lib/puppet/provider/package/apt.rb +34 -2
- data/lib/puppet/provider/package/aptitude.rb +6 -0
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +12 -1
- data/lib/puppet/provider/service/debian.rb +2 -0
- data/lib/puppet/provider/service/systemd.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +62 -8
- data/lib/puppet/reference/configuration.rb +6 -5
- data/lib/puppet/settings.rb +36 -30
- data/lib/puppet/settings/alias_setting.rb +37 -0
- data/lib/puppet/settings/environment_conf.rb +1 -0
- data/lib/puppet/type/package.rb +3 -3
- data/lib/puppet/util/autoload.rb +1 -8
- data/lib/puppet/util/monkey_patches.rb +7 -0
- data/lib/puppet/util/posix.rb +1 -1
- data/lib/puppet/util/windows/adsi.rb +46 -0
- data/lib/puppet/util/windows/principal.rb +9 -2
- data/lib/puppet/util/windows/sid.rb +4 -2
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +166 -146
- data/man/man5/puppet.conf.5 +14 -6
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +2 -2
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +8 -2
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +2 -2
- data/man/man8/puppet-ssl.8 +5 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +91 -0
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
- data/spec/integration/application/agent_spec.rb +160 -3
- data/spec/integration/application/apply_spec.rb +19 -0
- data/spec/integration/application/plugin_spec.rb +1 -1
- data/spec/integration/defaults_spec.rb +0 -7
- data/spec/integration/http/client_spec.rb +12 -0
- data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
- data/spec/integration/indirector/file_content/file_server_spec.rb +0 -2
- data/spec/integration/indirector/file_metadata/file_server_spec.rb +0 -2
- data/spec/integration/parser/collection_spec.rb +10 -0
- data/spec/integration/resource/type_collection_spec.rb +2 -6
- data/spec/integration/transaction_spec.rb +4 -9
- data/spec/integration/util/windows/adsi_spec.rb +21 -1
- data/spec/integration/util/windows/principal_spec.rb +21 -0
- data/spec/integration/util/windows/registry_spec.rb +6 -10
- data/spec/spec_helper.rb +12 -5
- data/spec/unit/agent_spec.rb +8 -6
- data/spec/unit/application/agent_spec.rb +0 -1
- data/spec/unit/application/facts_spec.rb +58 -7
- data/spec/unit/application/filebucket_spec.rb +0 -2
- data/spec/unit/application/ssl_spec.rb +23 -0
- data/spec/unit/application_spec.rb +17 -9
- data/spec/unit/confine/feature_spec.rb +1 -1
- data/spec/unit/confine_spec.rb +8 -2
- data/spec/unit/environments_spec.rb +164 -88
- data/spec/unit/face/node_spec.rb +0 -11
- data/spec/unit/file_serving/configuration/parser_spec.rb +8 -1
- data/spec/unit/file_serving/metadata_spec.rb +3 -3
- data/spec/unit/file_serving/terminus_helper_spec.rb +11 -4
- data/spec/unit/file_system_spec.rb +9 -0
- data/spec/unit/forge/module_release_spec.rb +2 -7
- data/spec/unit/http/factory_spec.rb +19 -0
- data/spec/unit/indirector/face_spec.rb +0 -1
- data/spec/unit/indirector/facts/facter_spec.rb +20 -5
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +26 -8
- data/spec/unit/indirector/indirection_spec.rb +8 -12
- data/spec/unit/indirector_spec.rb +2 -2
- data/spec/unit/module_spec.rb +1 -1
- data/spec/unit/module_tool/applications/installer_spec.rb +66 -0
- data/spec/unit/network/formats_spec.rb +41 -0
- data/spec/unit/network/http/api/indirected_routes_spec.rb +0 -4
- data/spec/unit/network/http/api/master_spec.rb +38 -0
- data/spec/unit/network/http/api/{master → server}/v3/environments_spec.rb +2 -2
- data/spec/unit/network/http/api/{master → server}/v3_spec.rb +19 -19
- data/spec/unit/network/http/api_spec.rb +11 -11
- data/spec/unit/parser/compiler_spec.rb +3 -19
- data/spec/unit/parser/resource_spec.rb +14 -8
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +20 -0
- data/spec/unit/pops/loaders/dependency_loader_spec.rb +1 -1
- data/spec/unit/pops/parser/lexer2_spec.rb +0 -4
- data/spec/unit/pops/types/type_parser_spec.rb +2 -1
- data/spec/unit/pops/validator/validator_spec.rb +20 -43
- data/spec/unit/property_spec.rb +1 -0
- data/spec/unit/provider/group/groupadd_spec.rb +5 -2
- data/spec/unit/provider/nameservice_spec.rb +66 -65
- data/spec/unit/provider/package/apt_spec.rb +28 -23
- data/spec/unit/provider/package/aptitude_spec.rb +1 -1
- data/spec/unit/provider/package/base_spec.rb +6 -5
- data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
- data/spec/unit/provider/package/pacman_spec.rb +18 -12
- data/spec/unit/provider/package/pip_spec.rb +6 -11
- data/spec/unit/provider/package/pkgdmg_spec.rb +0 -4
- data/spec/unit/provider/package/puppet_gem_spec.rb +28 -0
- data/spec/unit/provider/service/systemd_spec.rb +11 -0
- data/spec/unit/provider/user/hpux_spec.rb +1 -1
- data/spec/unit/provider/user/useradd_spec.rb +70 -3
- data/spec/unit/provider_spec.rb +6 -8
- data/spec/unit/resource/type_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +11 -10
- data/spec/unit/settings_spec.rb +13 -6
- data/spec/unit/ssl/base_spec.rb +0 -1
- data/spec/unit/ssl/certificate_request_spec.rb +4 -10
- data/spec/unit/ssl/ssl_provider_spec.rb +5 -2
- data/spec/unit/transaction/additional_resource_generator_spec.rb +3 -7
- data/spec/unit/transaction/event_manager_spec.rb +14 -11
- data/spec/unit/transaction_spec.rb +13 -4
- data/spec/unit/type/file/content_spec.rb +0 -1
- data/spec/unit/type/file/selinux_spec.rb +0 -2
- data/spec/unit/type/file_spec.rb +0 -6
- data/spec/unit/type/group_spec.rb +13 -6
- data/spec/unit/type/resources_spec.rb +7 -7
- data/spec/unit/type/service_spec.rb +1 -1
- data/spec/unit/type/tidy_spec.rb +0 -1
- data/spec/unit/type_spec.rb +2 -2
- data/spec/unit/util/at_fork_spec.rb +2 -2
- data/spec/unit/util/autoload_spec.rb +5 -1
- data/spec/unit/util/backups_spec.rb +1 -2
- data/spec/unit/util/execution_spec.rb +15 -11
- data/spec/unit/util/inifile_spec.rb +6 -14
- data/spec/unit/util/log_spec.rb +8 -7
- data/spec/unit/util/logging_spec.rb +3 -3
- data/spec/unit/util/posix_spec.rb +16 -10
- data/spec/unit/util/selinux_spec.rb +76 -52
- data/spec/unit/util/suidmanager_spec.rb +44 -41
- data/spec/unit/util/windows/sid_spec.rb +6 -0
- data/spec/unit/util_spec.rb +13 -6
- metadata +18 -16
- data/spec/lib/matchers/include.rb +0 -27
- data/spec/lib/matchers/include_spec.rb +0 -32
- data/spec/unit/pops/parser/parse_application_spec.rb +0 -13
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +0 -23
- data/spec/unit/pops/parser/parse_site_spec.rb +0 -43
@@ -443,13 +443,9 @@ describe Puppet::Util::IniConfig::FileCollection do
|
|
443
443
|
end
|
444
444
|
|
445
445
|
it "yields every section from every file" do
|
446
|
-
|
447
|
-
|
448
|
-
|
449
|
-
|
450
|
-
subject.each_section do |sect|
|
451
|
-
sect.touch
|
452
|
-
end
|
446
|
+
expect { |b|
|
447
|
+
subject.each_section(&b)
|
448
|
+
}.to yield_successive_args(sect_a1, sect_a2, sect_b1, sect_b2)
|
453
449
|
end
|
454
450
|
end
|
455
451
|
|
@@ -460,13 +456,9 @@ describe Puppet::Util::IniConfig::FileCollection do
|
|
460
456
|
end
|
461
457
|
|
462
458
|
it "yields the path to every file in the collection" do
|
463
|
-
|
464
|
-
|
465
|
-
|
466
|
-
end
|
467
|
-
|
468
|
-
expect(seen).to include(path_a)
|
469
|
-
expect(seen).to include(path_b)
|
459
|
+
expect { |b|
|
460
|
+
subject.each_file(&b)
|
461
|
+
}.to yield_successive_args(path_a, path_b)
|
470
462
|
end
|
471
463
|
end
|
472
464
|
|
data/spec/unit/util/log_spec.rb
CHANGED
@@ -111,16 +111,20 @@ describe Puppet::Util::Log do
|
|
111
111
|
end
|
112
112
|
|
113
113
|
it "should fall back to :eventlog" do
|
114
|
-
|
115
|
-
|
114
|
+
without_partial_double_verification do
|
115
|
+
allow(Puppet.features).to receive(:syslog?).and_return(false)
|
116
|
+
allow(Puppet.features).to receive(:eventlog?).and_return(true)
|
117
|
+
end
|
116
118
|
expect(Puppet::Util::Log).to receive(:newdestination).with(:eventlog)
|
117
119
|
|
118
120
|
Puppet::Util::Log.setup_default
|
119
121
|
end
|
120
122
|
|
121
123
|
it "should fall back to :file" do
|
122
|
-
|
123
|
-
|
124
|
+
without_partial_double_verification do
|
125
|
+
allow(Puppet.features).to receive(:syslog?).and_return(false)
|
126
|
+
allow(Puppet.features).to receive(:eventlog?).and_return(false)
|
127
|
+
end
|
124
128
|
expect(Puppet::Util::Log).to receive(:newdestination).with(Puppet[:puppetdlog])
|
125
129
|
|
126
130
|
Puppet::Util::Log.setup_default
|
@@ -224,9 +228,6 @@ describe Puppet::Util::Log do
|
|
224
228
|
describe Puppet::Util::Log::DestEventlog, :if => Puppet.features.eventlog? do
|
225
229
|
before :each do
|
226
230
|
allow(Puppet::Util::Windows::EventLog).to receive(:open).and_return(double('mylog', :close => nil))
|
227
|
-
allow(Puppet::Util::Windows::EventLog).to receive(:report_event)
|
228
|
-
allow(Puppet::Util::Windows::EventLog).to receive(:close)
|
229
|
-
allow(Puppet.features).to receive(:eventlog?).and_return(true)
|
230
231
|
end
|
231
232
|
|
232
233
|
it "should restrict its suitability to Windows" do
|
@@ -552,7 +552,7 @@ original
|
|
552
552
|
|
553
553
|
describe 'does support debugging' do
|
554
554
|
before :each do
|
555
|
-
allow(Facter).to receive(:respond_to?).with(:debugging).and_return(true)
|
555
|
+
allow(Facter).to receive(:respond_to?).with(:debugging, any_args).and_return(true)
|
556
556
|
end
|
557
557
|
|
558
558
|
it 'enables Facter debugging when debug level' do
|
@@ -568,7 +568,7 @@ original
|
|
568
568
|
|
569
569
|
describe 'does support trace' do
|
570
570
|
before :each do
|
571
|
-
allow(Facter).to receive(:respond_to?).with(:trace).and_return(true)
|
571
|
+
allow(Facter).to receive(:respond_to?).with(:trace, any_args).and_return(true)
|
572
572
|
end
|
573
573
|
|
574
574
|
it 'enables Facter trace when enabled' do
|
@@ -584,7 +584,7 @@ original
|
|
584
584
|
|
585
585
|
describe 'does support on_message' do
|
586
586
|
before :each do
|
587
|
-
allow(Facter).to receive(:respond_to?).with(:on_message).and_return(true)
|
587
|
+
allow(Facter).to receive(:respond_to?).with(:on_message, any_args).and_return(true)
|
588
588
|
end
|
589
589
|
|
590
590
|
def setup(level, message)
|
@@ -63,7 +63,7 @@ describe Puppet::Util::POSIX do
|
|
63
63
|
end
|
64
64
|
|
65
65
|
before(:each) do
|
66
|
-
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist).and_return(true)
|
66
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
|
67
67
|
end
|
68
68
|
|
69
69
|
describe 'when it uses FFI function getgrouplist' do
|
@@ -77,7 +77,7 @@ describe Puppet::Util::POSIX do
|
|
77
77
|
context 'for user1' do
|
78
78
|
let(:user) { 'user1' }
|
79
79
|
let(:expected_groups) { ['group1', 'group3'] }
|
80
|
-
|
80
|
+
|
81
81
|
before(:each) do
|
82
82
|
prepare_user_and_groups_env(user, expected_groups)
|
83
83
|
allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
|
@@ -96,9 +96,10 @@ describe Puppet::Util::POSIX do
|
|
96
96
|
context 'for user2' do
|
97
97
|
let(:user) { 'user2' }
|
98
98
|
let(:expected_groups) { ['group1', 'group2', 'group4'] }
|
99
|
-
|
99
|
+
|
100
100
|
before(:each) do
|
101
101
|
prepare_user_and_groups_env(user, expected_groups)
|
102
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
|
102
103
|
allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
|
103
104
|
end
|
104
105
|
|
@@ -116,9 +117,10 @@ describe Puppet::Util::POSIX do
|
|
116
117
|
describe 'when there are no groups' do
|
117
118
|
let(:user) { 'nomembers' }
|
118
119
|
let(:expected_groups) { [] }
|
119
|
-
|
120
|
+
|
120
121
|
before(:each) do
|
121
122
|
prepare_user_and_groups_env(user, expected_groups)
|
123
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
|
122
124
|
allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
|
123
125
|
end
|
124
126
|
|
@@ -138,6 +140,7 @@ describe Puppet::Util::POSIX do
|
|
138
140
|
|
139
141
|
before(:each) do
|
140
142
|
prepare_user_and_groups_env(user, expected_groups)
|
143
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
|
141
144
|
allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
|
142
145
|
end
|
143
146
|
|
@@ -157,6 +160,7 @@ describe Puppet::Util::POSIX do
|
|
157
160
|
|
158
161
|
before(:each) do
|
159
162
|
prepare_user_and_groups_env(user, expected_groups)
|
163
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
|
160
164
|
allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
|
161
165
|
end
|
162
166
|
|
@@ -184,6 +188,7 @@ describe Puppet::Util::POSIX do
|
|
184
188
|
let(:expected_groups) { ['root'] }
|
185
189
|
|
186
190
|
before(:each) do
|
191
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
|
187
192
|
allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(1)
|
188
193
|
end
|
189
194
|
|
@@ -206,6 +211,7 @@ describe Puppet::Util::POSIX do
|
|
206
211
|
allow(FFI::MemoryPointer).to receive(:new).with(:uint, Puppet::FFI::POSIX::Constants::MAXIMUM_NUMBER_OF_GROUPS * 2).and_yield(groups_ptr)
|
207
212
|
allow(ngroups_ptr).to receive(:write_int).with(Puppet::FFI::POSIX::Constants::MAXIMUM_NUMBER_OF_GROUPS * 2).and_return(ngroups_ptr)
|
208
213
|
|
214
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(true)
|
209
215
|
allow(Puppet::FFI::POSIX::Functions).to receive(:getgrouplist).and_return(-1, 1)
|
210
216
|
end
|
211
217
|
|
@@ -233,7 +239,7 @@ describe Puppet::Util::POSIX do
|
|
233
239
|
allow(Puppet::Etc).to receive(:getpwnam).with(user).and_raise(ArgumentError, "can't find user for #{user}")
|
234
240
|
allow(Puppet).to receive(:debug)
|
235
241
|
|
236
|
-
|
242
|
+
allow(Puppet::FFI::POSIX::Functions).to receive(:respond_to?).with(:getgrouplist, any_args).and_return(false)
|
237
243
|
end
|
238
244
|
|
239
245
|
describe 'when there are groups' do
|
@@ -246,7 +252,7 @@ describe Puppet::Util::POSIX do
|
|
246
252
|
end
|
247
253
|
|
248
254
|
it 'logs a debug message' do
|
249
|
-
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group:
|
255
|
+
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
|
250
256
|
Puppet::Util::POSIX.groups_of(user)
|
251
257
|
end
|
252
258
|
end
|
@@ -260,7 +266,7 @@ describe Puppet::Util::POSIX do
|
|
260
266
|
end
|
261
267
|
|
262
268
|
it 'logs a debug message' do
|
263
|
-
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group:
|
269
|
+
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
|
264
270
|
Puppet::Util::POSIX.groups_of(user)
|
265
271
|
end
|
266
272
|
end
|
@@ -275,7 +281,7 @@ describe Puppet::Util::POSIX do
|
|
275
281
|
end
|
276
282
|
|
277
283
|
it 'logs a debug message' do
|
278
|
-
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group:
|
284
|
+
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
|
279
285
|
Puppet::Util::POSIX.groups_of(user)
|
280
286
|
end
|
281
287
|
end
|
@@ -289,7 +295,7 @@ describe Puppet::Util::POSIX do
|
|
289
295
|
end
|
290
296
|
|
291
297
|
it 'logs a debug message' do
|
292
|
-
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group:
|
298
|
+
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
|
293
299
|
Puppet::Util::POSIX.groups_of(user)
|
294
300
|
end
|
295
301
|
end
|
@@ -303,7 +309,7 @@ describe Puppet::Util::POSIX do
|
|
303
309
|
end
|
304
310
|
|
305
311
|
it 'logs a debug message' do
|
306
|
-
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group:
|
312
|
+
expect(Puppet).to receive(:debug).with("Falling back to Puppet::Etc.group: The 'getgrouplist' method is not available")
|
307
313
|
Puppet::Util::POSIX.groups_of(user)
|
308
314
|
end
|
309
315
|
end
|
@@ -111,15 +111,19 @@ describe Puppet::Util::SELinux do
|
|
111
111
|
end
|
112
112
|
|
113
113
|
it "should return a context" do
|
114
|
-
|
115
|
-
|
116
|
-
|
114
|
+
without_partial_double_verification do
|
115
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
116
|
+
expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
|
117
|
+
expect(get_selinux_current_context("/foo")).to eq("user_u:role_r:type_t:s0")
|
118
|
+
end
|
117
119
|
end
|
118
120
|
|
119
121
|
it "should return nil if lgetfilecon fails" do
|
120
|
-
|
121
|
-
|
122
|
-
|
122
|
+
without_partial_double_verification do
|
123
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
124
|
+
expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return(-1)
|
125
|
+
expect(get_selinux_current_context("/foo")).to be_nil
|
126
|
+
end
|
123
127
|
end
|
124
128
|
end
|
125
129
|
|
@@ -130,47 +134,57 @@ describe Puppet::Util::SELinux do
|
|
130
134
|
end
|
131
135
|
|
132
136
|
it "should return a context if a default context exists" do
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
137
|
+
without_partial_double_verification do
|
138
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
139
|
+
fstat = double('File::Stat', :mode => 0)
|
140
|
+
expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
|
141
|
+
expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
|
142
|
+
expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return([0, "user_u:role_r:type_t:s0"])
|
143
|
+
|
144
|
+
expect(get_selinux_default_context("/foo")).to eq("user_u:role_r:type_t:s0")
|
145
|
+
end
|
140
146
|
end
|
141
147
|
|
142
148
|
it "handles permission denied errors by issuing a warning" do
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
149
|
+
without_partial_double_verification do
|
150
|
+
allow(self).to receive(:selinux_support?).and_return(true)
|
151
|
+
allow(self).to receive(:selinux_label_support?).and_return(true)
|
152
|
+
allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
|
153
|
+
allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::EACCES, "/root/chuj")
|
147
154
|
|
148
|
-
|
155
|
+
expect(get_selinux_default_context("/root/chuj")).to be_nil
|
156
|
+
end
|
149
157
|
end
|
150
158
|
|
151
159
|
it "handles no such file or directory errors by issuing a warning" do
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
160
|
+
without_partial_double_verification do
|
161
|
+
allow(self).to receive(:selinux_support?).and_return(true)
|
162
|
+
allow(self).to receive(:selinux_label_support?).and_return(true)
|
163
|
+
allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
|
164
|
+
allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
|
156
165
|
|
157
|
-
|
166
|
+
expect(get_selinux_default_context("/root/chuj")).to be_nil
|
167
|
+
end
|
158
168
|
end
|
159
169
|
|
160
170
|
it "should return nil if matchpathcon returns failure" do
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
171
|
+
without_partial_double_verification do
|
172
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
173
|
+
fstat = double('File::Stat', :mode => 0)
|
174
|
+
expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
|
175
|
+
expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
|
176
|
+
expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return(-1)
|
177
|
+
|
178
|
+
expect(get_selinux_default_context("/foo")).to be_nil
|
179
|
+
end
|
168
180
|
end
|
169
181
|
|
170
182
|
it "should return nil if selinux_label_support returns false" do
|
171
|
-
|
172
|
-
|
173
|
-
|
183
|
+
without_partial_double_verification do
|
184
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
185
|
+
expect(self).to receive(:find_fs).with("/foo").and_return("nfs")
|
186
|
+
expect(get_selinux_default_context("/foo")).to be_nil
|
187
|
+
end
|
174
188
|
end
|
175
189
|
end
|
176
190
|
|
@@ -261,37 +275,47 @@ describe Puppet::Util::SELinux do
|
|
261
275
|
end
|
262
276
|
|
263
277
|
it "should use lsetfilecon to set a context" do
|
264
|
-
|
265
|
-
|
266
|
-
|
278
|
+
without_partial_double_verification do
|
279
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
280
|
+
expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
|
281
|
+
expect(set_selinux_context("/foo", "user_u:role_r:type_t:s0")).to be_truthy
|
282
|
+
end
|
267
283
|
end
|
268
284
|
|
269
285
|
it "should use lsetfilecon to set user_u user context" do
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
286
|
+
without_partial_double_verification do
|
287
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
288
|
+
expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "foo:role_r:type_t:s0"])
|
289
|
+
expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
|
290
|
+
expect(set_selinux_context("/foo", "user_u", :seluser)).to be_truthy
|
291
|
+
end
|
274
292
|
end
|
275
293
|
|
276
294
|
it "should use lsetfilecon to set role_r role context" do
|
277
|
-
|
278
|
-
|
279
|
-
|
280
|
-
|
295
|
+
without_partial_double_verification do
|
296
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
297
|
+
expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:foo:type_t:s0"])
|
298
|
+
expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
|
299
|
+
expect(set_selinux_context("/foo", "role_r", :selrole)).to be_truthy
|
300
|
+
end
|
281
301
|
end
|
282
302
|
|
283
303
|
it "should use lsetfilecon to set type_t type context" do
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
|
304
|
+
without_partial_double_verification do
|
305
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
306
|
+
expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:foo:s0"])
|
307
|
+
expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
|
308
|
+
expect(set_selinux_context("/foo", "type_t", :seltype)).to be_truthy
|
309
|
+
end
|
288
310
|
end
|
289
311
|
|
290
312
|
it "should use lsetfilecon to set s0:c3,c5 range context" do
|
291
|
-
|
292
|
-
|
293
|
-
|
294
|
-
|
313
|
+
without_partial_double_verification do
|
314
|
+
expect(self).to receive(:selinux_support?).and_return(true)
|
315
|
+
expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
|
316
|
+
expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0:c3,c5").and_return(0)
|
317
|
+
expect(set_selinux_context("/foo", "s0:c3,c5", :selrange)).to be_truthy
|
318
|
+
end
|
295
319
|
end
|
296
320
|
end
|
297
321
|
|
@@ -14,12 +14,14 @@ describe Puppet::Util::SUIDManager do
|
|
14
14
|
pwent = double('pwent', :name => 'fred', :uid => 42, :gid => 42)
|
15
15
|
allow(Etc).to receive(:getpwuid).with(42).and_return(pwent)
|
16
16
|
|
17
|
-
|
18
|
-
|
17
|
+
unless Puppet::Util::Platform.windows?
|
18
|
+
[:euid, :egid, :uid, :gid, :groups].each do |id|
|
19
|
+
allow(Process).to receive("#{id}=") {|value| xids[id] = value}
|
20
|
+
end
|
19
21
|
end
|
20
22
|
end
|
21
23
|
|
22
|
-
describe "#initgroups" do
|
24
|
+
describe "#initgroups", unless: Puppet::Util::Platform.windows? do
|
23
25
|
it "should use the primary group of the user as the 'basegid'" do
|
24
26
|
expect(Process).to receive(:initgroups).with('fred', 42)
|
25
27
|
described_class.initgroups(42)
|
@@ -27,7 +29,7 @@ describe Puppet::Util::SUIDManager do
|
|
27
29
|
end
|
28
30
|
|
29
31
|
describe "#uid" do
|
30
|
-
it "should allow setting euid/egid" do
|
32
|
+
it "should allow setting euid/egid", unless: Puppet::Util::Platform.windows? do
|
31
33
|
Puppet::Util::SUIDManager.egid = user[:gid]
|
32
34
|
Puppet::Util::SUIDManager.euid = user[:uid]
|
33
35
|
|
@@ -37,8 +39,7 @@ describe Puppet::Util::SUIDManager do
|
|
37
39
|
end
|
38
40
|
|
39
41
|
describe "#asuser" do
|
40
|
-
it "should not get or set euid/egid when not root" do
|
41
|
-
allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
|
42
|
+
it "should not get or set euid/egid when not root", unless: Puppet::Util::Platform.windows? do
|
42
43
|
allow(Process).to receive(:uid).and_return(1)
|
43
44
|
|
44
45
|
allow(Process).to receive(:egid).and_return(51)
|
@@ -49,13 +50,12 @@ describe Puppet::Util::SUIDManager do
|
|
49
50
|
expect(xids).to be_empty
|
50
51
|
end
|
51
52
|
|
52
|
-
context "when root and not
|
53
|
+
context "when root and not Windows" do
|
53
54
|
before :each do
|
54
55
|
allow(Process).to receive(:uid).and_return(0)
|
55
|
-
allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
|
56
56
|
end
|
57
57
|
|
58
|
-
it "should set euid/egid" do
|
58
|
+
it "should set euid/egid", unless: Puppet::Util::Platform.windows? do
|
59
59
|
allow(Process).to receive(:egid).and_return(51, 51, user[:gid])
|
60
60
|
allow(Process).to receive(:euid).and_return(50, 50, user[:uid])
|
61
61
|
|
@@ -79,29 +79,23 @@ describe Puppet::Util::SUIDManager do
|
|
79
79
|
end
|
80
80
|
|
81
81
|
it "should just yield if user and group are nil" do
|
82
|
-
|
83
|
-
Puppet::Util::SUIDManager.asuser(nil, nil) { yielded = true }
|
84
|
-
expect(yielded).to be_truthy
|
82
|
+
expect { |b| Puppet::Util::SUIDManager.asuser(nil, nil, &b) }.to yield_control
|
85
83
|
expect(xids).to eq({})
|
86
84
|
end
|
87
85
|
|
88
|
-
it "should just change group if only group is given" do
|
89
|
-
|
90
|
-
Puppet::Util::SUIDManager.asuser(nil, 42) { yielded = true }
|
91
|
-
expect(yielded).to be_truthy
|
86
|
+
it "should just change group if only group is given", unless: Puppet::Util::Platform.windows? do
|
87
|
+
expect { |b| Puppet::Util::SUIDManager.asuser(nil, 42, &b) }.to yield_control
|
92
88
|
expect(xids).to eq({ :egid => 42 })
|
93
89
|
end
|
94
90
|
|
95
|
-
it "should change gid to the primary group of uid by default" do
|
91
|
+
it "should change gid to the primary group of uid by default", unless: Puppet::Util::Platform.windows? do
|
96
92
|
allow(Process).to receive(:initgroups)
|
97
93
|
|
98
|
-
|
99
|
-
Puppet::Util::SUIDManager.asuser(42) { yielded = true }
|
100
|
-
expect(yielded).to be_truthy
|
94
|
+
expect { |b| Puppet::Util::SUIDManager.asuser(42, nil, &b) }.to yield_control
|
101
95
|
expect(xids).to eq({ :euid => 42, :egid => 42 })
|
102
96
|
end
|
103
97
|
|
104
|
-
it "should change both uid and gid if given" do
|
98
|
+
it "should change both uid and gid if given", unless: Puppet::Util::Platform.windows? do
|
105
99
|
# I don't like the sequence, but it is the only way to assert on the
|
106
100
|
# internal behaviour in a reliable fashion, given we need multiple
|
107
101
|
# sequenced calls to the same methods. --daniel 2012-02-05
|
@@ -110,21 +104,23 @@ describe Puppet::Util::SUIDManager do
|
|
110
104
|
expect(Puppet::Util::SUIDManager).to receive(:change_group).with(Puppet::Util::SUIDManager.egid, false).ordered()
|
111
105
|
expect(Puppet::Util::SUIDManager).to receive(:change_user).with(Puppet::Util::SUIDManager.euid, false).ordered()
|
112
106
|
|
113
|
-
|
114
|
-
Puppet::Util::SUIDManager.asuser(42, 43) { yielded = true }
|
115
|
-
expect(yielded).to be_truthy
|
107
|
+
expect { |b| Puppet::Util::SUIDManager.asuser(42, 43, &b) }.to yield_control
|
116
108
|
end
|
117
109
|
end
|
118
110
|
|
119
|
-
it "should
|
120
|
-
Puppet::Util::SUIDManager.asuser(
|
121
|
-
|
122
|
-
expect(xids).to be_empty
|
111
|
+
it "should just yield on Windows", if: Puppet::Util::Platform.windows? do
|
112
|
+
expect { |b| Puppet::Util::SUIDManager.asuser(1, 2, &b) }.to yield_control
|
123
113
|
end
|
124
114
|
end
|
125
115
|
|
126
116
|
describe "#change_group" do
|
127
|
-
|
117
|
+
it "raises on Windows", if: Puppet::Util::Platform.windows? do
|
118
|
+
expect {
|
119
|
+
Puppet::Util::SUIDManager.change_group(42, true)
|
120
|
+
}.to raise_error(NotImplementedError, /change_privilege\(\) function is unimplemented/)
|
121
|
+
end
|
122
|
+
|
123
|
+
describe "when changing permanently", unless: Puppet::Util::Platform.windows? do
|
128
124
|
it "should change_privilege" do
|
129
125
|
expect(Process::GID).to receive(:change_privilege) do |gid|
|
130
126
|
Process.gid = gid
|
@@ -150,7 +146,7 @@ describe Puppet::Util::SUIDManager do
|
|
150
146
|
end
|
151
147
|
end
|
152
148
|
|
153
|
-
describe "when changing temporarily" do
|
149
|
+
describe "when changing temporarily", unless: Puppet::Util::Platform.windows? do
|
154
150
|
it "should change only egid" do
|
155
151
|
Puppet::Util::SUIDManager.change_group(42, false)
|
156
152
|
|
@@ -161,7 +157,13 @@ describe Puppet::Util::SUIDManager do
|
|
161
157
|
end
|
162
158
|
|
163
159
|
describe "#change_user" do
|
164
|
-
|
160
|
+
it "raises on Windows", if: Puppet::Util::Platform.windows? do
|
161
|
+
expect {
|
162
|
+
Puppet::Util::SUIDManager.change_user(42, true)
|
163
|
+
}.to raise_error(NotImplementedError, /initgroups\(\) function is unimplemented/)
|
164
|
+
end
|
165
|
+
|
166
|
+
describe "when changing permanently", unless: Puppet::Util::Platform.windows? do
|
165
167
|
it "should change_privilege" do
|
166
168
|
expect(Process::UID).to receive(:change_privilege) do |uid|
|
167
169
|
Process.uid = uid
|
@@ -191,7 +193,7 @@ describe Puppet::Util::SUIDManager do
|
|
191
193
|
end
|
192
194
|
end
|
193
195
|
|
194
|
-
describe "when changing temporarily" do
|
196
|
+
describe "when changing temporarily", unless: Puppet::Util::Platform.windows? do
|
195
197
|
it "should change only euid and groups" do
|
196
198
|
allow(Puppet::Util::SUIDManager).to receive(:initgroups).and_return([])
|
197
199
|
Puppet::Util::SUIDManager.change_user(42, false)
|
@@ -221,12 +223,7 @@ describe Puppet::Util::SUIDManager do
|
|
221
223
|
end
|
222
224
|
|
223
225
|
describe "#root?" do
|
224
|
-
describe "on POSIX systems" do
|
225
|
-
before :each do
|
226
|
-
allow(Puppet.features).to receive(:posix?).and_return(true)
|
227
|
-
allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
|
228
|
-
end
|
229
|
-
|
226
|
+
describe "on POSIX systems", unless: Puppet::Util::Platform.windows? do
|
230
227
|
it "should be root if uid is 0" do
|
231
228
|
allow(Process).to receive(:uid).and_return(0)
|
232
229
|
|
@@ -240,7 +237,7 @@ describe Puppet::Util::SUIDManager do
|
|
240
237
|
end
|
241
238
|
end
|
242
239
|
|
243
|
-
describe "on
|
240
|
+
describe "on Windows", :if => Puppet::Util::Platform.windows? do
|
244
241
|
it "should be root if user is privileged" do
|
245
242
|
allow(Puppet::Util::Windows::User).to receive(:admin?).and_return(true)
|
246
243
|
|
@@ -261,13 +258,19 @@ describe 'Puppet::Util::SUIDManager#groups=' do
|
|
261
258
|
Puppet::Util::SUIDManager
|
262
259
|
end
|
263
260
|
|
264
|
-
it "
|
261
|
+
it "raises on Windows", if: Puppet::Util::Platform.windows? do
|
262
|
+
expect {
|
263
|
+
subject.groups = []
|
264
|
+
}.to raise_error(NotImplementedError, /groups=\(\) function is unimplemented/)
|
265
|
+
end
|
266
|
+
|
267
|
+
it "(#3419) should rescue Errno::EINVAL on OS X", unless: Puppet::Util::Platform.windows? do
|
265
268
|
expect(Process).to receive(:groups=).and_raise(Errno::EINVAL, 'blew up')
|
266
269
|
expect(subject).to receive(:osx_maj_ver).and_return('10.7').twice
|
267
270
|
subject.groups = ['list', 'of', 'groups']
|
268
271
|
end
|
269
272
|
|
270
|
-
it "(#3419) should fail if an Errno::EINVAL is raised NOT on OS X" do
|
273
|
+
it "(#3419) should fail if an Errno::EINVAL is raised NOT on OS X", unless: Puppet::Util::Platform.windows? do
|
271
274
|
expect(Process).to receive(:groups=).and_raise(Errno::EINVAL, 'blew up')
|
272
275
|
expect(subject).to receive(:osx_maj_ver).and_return(false)
|
273
276
|
expect { subject.groups = ['list', 'of', 'groups'] }.to raise_error(Errno::EINVAL)
|