puppet 7.16.0-universal-darwin → 7.19.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +76 -15
- data/ext/systemd/puppet.service +2 -1
- data/lib/puppet/agent.rb +47 -11
- data/lib/puppet/application/agent.rb +3 -13
- data/lib/puppet/application/apply.rb +2 -2
- data/lib/puppet/configurer.rb +1 -1
- data/lib/puppet/defaults.rb +11 -1
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/module/list.rb +16 -7
- data/lib/puppet/functions/capitalize.rb +1 -1
- data/lib/puppet/generate/type.rb +1 -1
- data/lib/puppet/http/client.rb +22 -2
- data/lib/puppet/info_service/task_information_service.rb +1 -1
- data/lib/puppet/module/task.rb +5 -1
- data/lib/puppet/parameter.rb +19 -4
- data/lib/puppet/parser/templatewrapper.rb +1 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +46 -6
- data/lib/puppet/pops/functions/dispatcher.rb +10 -6
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +7 -6
- data/lib/puppet/pops/types/type_mismatch_describer.rb +22 -1
- data/lib/puppet/provider/package/puppetserver_gem.rb +7 -16
- data/lib/puppet/provider/package/yum.rb +8 -3
- data/lib/puppet/provider/user/directoryservice.rb +15 -8
- data/lib/puppet/reference/configuration.rb +2 -0
- data/lib/puppet/ssl/ssl_provider.rb +65 -12
- data/lib/puppet/ssl/state_machine.rb +13 -17
- data/lib/puppet/transaction.rb +22 -0
- data/lib/puppet/type/tidy.rb +1 -1
- data/lib/puppet/type/user.rb +3 -0
- data/lib/puppet/type.rb +20 -3
- data/lib/puppet/util/json.rb +5 -2
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/selinux.rb +1 -1
- data/lib/puppet/util.rb +12 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet.rb +1 -14
- data/man/man5/puppet.conf.5 +12 -4
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/integration/application/agent_spec.rb +157 -0
- data/spec/integration/application/apply_spec.rb +74 -0
- data/spec/integration/http/client_spec.rb +27 -10
- data/spec/lib/puppet_spec/https.rb +1 -1
- data/spec/lib/puppet_spec/puppetserver.rb +39 -2
- data/spec/unit/agent_spec.rb +28 -2
- data/spec/unit/application/agent_spec.rb +26 -16
- data/spec/unit/daemon_spec.rb +2 -11
- data/spec/unit/face/module/list_spec.rb +26 -0
- data/spec/unit/http/client_spec.rb +18 -0
- data/spec/unit/info_service_spec.rb +11 -3
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +26 -0
- data/spec/unit/pops/loaders/loaders_spec.rb +1 -1
- data/spec/unit/pops/types/type_mismatch_describer_spec.rb +167 -1
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +2 -2
- data/spec/unit/provider/user/directoryservice_spec.rb +1 -1
- data/spec/unit/ssl/ssl_provider_spec.rb +75 -1
- data/spec/unit/ssl/state_machine_spec.rb +1 -0
- data/spec/unit/task_spec.rb +56 -13
- data/spec/unit/util/resource_template_spec.rb +1 -1
- data/spec/unit/util/selinux_spec.rb +5 -0
- data/spec/unit/util_spec.rb +11 -1
- data/tasks/generate_cert_fixtures.rake +5 -4
- metadata +2 -2
@@ -105,9 +105,9 @@ describe Puppet::Type.type(:package).provider(:puppetserver_gem) do
|
|
105
105
|
|
106
106
|
describe ".gemlist" do
|
107
107
|
context "listing installed packages" do
|
108
|
-
it "uses the
|
108
|
+
it "uses the puppet_gem provider_command to list local gems" do
|
109
109
|
expected = { name: 'world_airports', provider: :puppetserver_gem, ensure: ['1.1.3'] }
|
110
|
-
expect(described_class).to receive(:execute_rubygems_list_command).with(
|
110
|
+
expect(described_class).to receive(:execute_rubygems_list_command).with(['gem', 'list', '--local']).and_return(File.read(my_fixture('gem-list-local-packages')))
|
111
111
|
expect(described_class.gemlist({ local: true })).to include(expected)
|
112
112
|
end
|
113
113
|
end
|
@@ -840,7 +840,7 @@ end
|
|
840
840
|
expect(provider.class.get_salted_sha512_pbkdf2('iterations', pbkdf2_embedded_bplist_hash)).to be_a(Integer)
|
841
841
|
end
|
842
842
|
it "should raise an error if a field other than 'entropy', 'salt', or 'iterations' is passed" do
|
843
|
-
expect { provider.class.get_salted_sha512_pbkdf2('othervalue', pbkdf2_embedded_bplist_hash) }.to raise_error(Puppet::Error, /Puppet has tried to read an incorrect value from the SALTED-SHA512-PBKDF2 hash. Acceptable fields are 'salt', 'entropy', or 'iterations'/)
|
843
|
+
expect { provider.class.get_salted_sha512_pbkdf2('othervalue', pbkdf2_embedded_bplist_hash, 'test_user') }.to raise_error(Puppet::Error, /Puppet has tried to read an incorrect value from the user test_user in the SALTED-SHA512-PBKDF2 hash. Acceptable fields are 'salt', 'entropy', or 'iterations'/)
|
844
844
|
end
|
845
845
|
end
|
846
846
|
|
@@ -113,12 +113,21 @@ describe Puppet::SSL::SSLProvider do
|
|
113
113
|
}.to raise_error(/can't modify frozen/)
|
114
114
|
end
|
115
115
|
|
116
|
-
it 'trusts system ca store' do
|
116
|
+
it 'trusts system ca store by default' do
|
117
117
|
expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths)
|
118
118
|
|
119
119
|
subject.create_system_context(cacerts: [])
|
120
120
|
end
|
121
121
|
|
122
|
+
it 'trusts an external ca store' do
|
123
|
+
path = tmpfile('system_cacerts')
|
124
|
+
File.write(path, cert_fixture('ca.pem').to_pem)
|
125
|
+
|
126
|
+
expect_any_instance_of(OpenSSL::X509::Store).to receive(:add_file).with(path)
|
127
|
+
|
128
|
+
subject.create_system_context(cacerts: [], path: path)
|
129
|
+
end
|
130
|
+
|
122
131
|
it 'verifies peer' do
|
123
132
|
sslctx = subject.create_system_context(cacerts: [])
|
124
133
|
expect(sslctx.verify_peer).to eq(true)
|
@@ -135,6 +144,47 @@ describe Puppet::SSL::SSLProvider do
|
|
135
144
|
expect(sslctx.private_key).to be_nil
|
136
145
|
end
|
137
146
|
|
147
|
+
it 'includes the client cert and private key when requested' do
|
148
|
+
Puppet[:hostcert] = fixtures('ssl/signed.pem')
|
149
|
+
Puppet[:hostprivkey] = fixtures('ssl/signed-key.pem')
|
150
|
+
sslctx = subject.create_system_context(cacerts: [], include_client_cert: true)
|
151
|
+
expect(sslctx.client_cert).to be_an(OpenSSL::X509::Certificate)
|
152
|
+
expect(sslctx.private_key).to be_an(OpenSSL::PKey::RSA)
|
153
|
+
end
|
154
|
+
|
155
|
+
it 'ignores non-existent client cert and private key when requested' do
|
156
|
+
Puppet[:certname] = 'doesnotexist'
|
157
|
+
sslctx = subject.create_system_context(cacerts: [], include_client_cert: true)
|
158
|
+
expect(sslctx.client_cert).to be_nil
|
159
|
+
expect(sslctx.private_key).to be_nil
|
160
|
+
end
|
161
|
+
|
162
|
+
it 'warns if the client cert does not exist' do
|
163
|
+
Puppet[:certname] = 'missingcert'
|
164
|
+
Puppet[:hostprivkey] = fixtures('ssl/signed-key.pem')
|
165
|
+
|
166
|
+
expect(Puppet).to receive(:warning).with("Client certificate for 'missingcert' does not exist")
|
167
|
+
subject.create_system_context(cacerts: [], include_client_cert: true)
|
168
|
+
end
|
169
|
+
|
170
|
+
it 'warns if the private key does not exist' do
|
171
|
+
Puppet[:certname] = 'missingkey'
|
172
|
+
Puppet[:hostcert] = fixtures('ssl/signed.pem')
|
173
|
+
|
174
|
+
expect(Puppet).to receive(:warning).with("Private key for 'missingkey' does not exist")
|
175
|
+
subject.create_system_context(cacerts: [], include_client_cert: true)
|
176
|
+
end
|
177
|
+
|
178
|
+
it 'raises if client cert and private key are mismatched' do
|
179
|
+
Puppet[:hostcert] = fixtures('ssl/signed.pem')
|
180
|
+
Puppet[:hostprivkey] = fixtures('ssl/127.0.0.1-key.pem')
|
181
|
+
|
182
|
+
expect {
|
183
|
+
subject.create_system_context(cacerts: [], include_client_cert: true)
|
184
|
+
}.to raise_error(Puppet::SSL::SSLError,
|
185
|
+
"The certificate for 'CN=signed' does not match its private key")
|
186
|
+
end
|
187
|
+
|
138
188
|
it 'trusts additional system certs' do
|
139
189
|
path = tmpfile('system_cacerts')
|
140
190
|
File.write(path, cert_fixture('ca.pem').to_pem)
|
@@ -448,6 +498,18 @@ describe Puppet::SSL::SSLProvider do
|
|
448
498
|
sslctx = subject.create_context(**config)
|
449
499
|
expect(sslctx.verify_peer).to eq(true)
|
450
500
|
end
|
501
|
+
|
502
|
+
it 'does not trust the system ca store by default' do
|
503
|
+
expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths).never
|
504
|
+
|
505
|
+
subject.create_context(**config)
|
506
|
+
end
|
507
|
+
|
508
|
+
it 'trusts the system ca store' do
|
509
|
+
expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths)
|
510
|
+
|
511
|
+
subject.create_context(**config.merge(include_system_store: true))
|
512
|
+
end
|
451
513
|
end
|
452
514
|
|
453
515
|
context 'when loading an ssl context' do
|
@@ -530,6 +592,18 @@ describe Puppet::SSL::SSLProvider do
|
|
530
592
|
}.to raise_error(Puppet::SSL::SSLError, /Failed to load private key for host 'signed': Could not parse PKey/)
|
531
593
|
end
|
532
594
|
end
|
595
|
+
|
596
|
+
it 'does not trust the system ca store by default' do
|
597
|
+
expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths).never
|
598
|
+
|
599
|
+
subject.load_context
|
600
|
+
end
|
601
|
+
|
602
|
+
it 'trusts the system ca store' do
|
603
|
+
expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths)
|
604
|
+
|
605
|
+
subject.load_context(include_system_store: true)
|
606
|
+
end
|
533
607
|
end
|
534
608
|
|
535
609
|
context 'when verifying requests' do
|
@@ -27,6 +27,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
27
27
|
let(:refused_message) { %r{Connection refused|No connection could be made because the target machine actively refused it} }
|
28
28
|
|
29
29
|
before(:each) do
|
30
|
+
Puppet[:daemonize] = false
|
30
31
|
Puppet[:ssl_lockfile] = tmpfile('ssllock')
|
31
32
|
allow(Kernel).to receive(:sleep)
|
32
33
|
end
|
data/spec/unit/task_spec.rb
CHANGED
@@ -24,6 +24,7 @@ describe Puppet::Module::Task do
|
|
24
24
|
it "constructs tasks as expected when every task has a metadata file with the same name (besides extension)" do
|
25
25
|
task_files = %w{task1.json task1 task2.json task2.exe task3.json task3.sh}.map { |bn| "#{tasks_path}/#{bn}" }
|
26
26
|
expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
|
27
|
+
task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
27
28
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
28
29
|
allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({})
|
29
30
|
|
@@ -52,6 +53,7 @@ describe Puppet::Module::Task do
|
|
52
53
|
it "constructs tasks as expected when some tasks don't have a metadata file" do
|
53
54
|
task_files = %w{task1 task2.exe task3.json task3.sh}.map { |bn| "#{tasks_path}/#{bn}" }
|
54
55
|
expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
|
56
|
+
task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
55
57
|
allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({})
|
56
58
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
57
59
|
|
@@ -66,6 +68,7 @@ describe Puppet::Module::Task do
|
|
66
68
|
it "constructs a task as expected when a task has implementations" do
|
67
69
|
task_files = %w{task1.elf task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
|
68
70
|
expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
|
71
|
+
task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
69
72
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
70
73
|
allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({'implementations' => [{"name" => "task1.sh"}]})
|
71
74
|
|
@@ -78,6 +81,7 @@ describe Puppet::Module::Task do
|
|
78
81
|
it "constructs a task as expected when task metadata declares additional files" do
|
79
82
|
task_files = %w{task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
|
80
83
|
expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
|
84
|
+
task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
81
85
|
expect(Puppet::Module::Task).to receive(:find_extra_files).and_return([{'name' => 'mymod/lib/file0.elf', 'path' => "/path/to/file0.elf"}])
|
82
86
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
83
87
|
allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({'files' => ["mymod/lib/file0.elf"]})
|
@@ -91,6 +95,7 @@ describe Puppet::Module::Task do
|
|
91
95
|
it "constructs a task as expected when a task implementation declares additional files" do
|
92
96
|
task_files = %w{task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
|
93
97
|
expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
|
98
|
+
task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
94
99
|
expect(Puppet::Module::Task).to receive(:find_extra_files).and_return([{'name' => 'mymod/lib/file0.elf', 'path' => "/path/to/file0.elf"}])
|
95
100
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
96
101
|
allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({'implementations' => [{"name" => "task1.sh", "files" => ["mymod/lib/file0.elf"]}]})
|
@@ -104,6 +109,7 @@ describe Puppet::Module::Task do
|
|
104
109
|
it "constructs a task as expected when task metadata and a task implementation both declare additional files" do
|
105
110
|
task_files = %w{task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
|
106
111
|
expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
|
112
|
+
task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
107
113
|
expect(Puppet::Module::Task).to receive(:find_extra_files).and_return([
|
108
114
|
{'name' => 'mymod/lib/file0.elf', 'path' => "/path/to/file0.elf"},
|
109
115
|
{'name' => 'yourmod/files/file1.txt', 'path' => "/other/path/to/file1.txt"}
|
@@ -124,6 +130,7 @@ describe Puppet::Module::Task do
|
|
124
130
|
it "constructs a task as expected when a task has files" do
|
125
131
|
og_files = %w{task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
|
126
132
|
expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
133
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
127
134
|
expect(File).to receive(:exist?).with(any_args).and_return(true).at_least(:once)
|
128
135
|
|
129
136
|
expect(Puppet::Module).to receive(:find).with(othermod.name, "production").and_return(othermod).at_least(:once)
|
@@ -139,6 +146,7 @@ describe Puppet::Module::Task do
|
|
139
146
|
it "fails to load a task if its metadata specifies a non-existent file" do
|
140
147
|
og_files = %w{task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
|
141
148
|
allow(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
149
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
142
150
|
allow(File).to receive(:exist?).with(any_args).and_return(true)
|
143
151
|
|
144
152
|
expect(Puppet::Module).to receive(:find).with(othermod.name, "production").and_return(nil).at_least(:once)
|
@@ -149,7 +157,9 @@ describe Puppet::Module::Task do
|
|
149
157
|
end
|
150
158
|
|
151
159
|
it "finds files whose names (besides extensions) are valid task names" do
|
152
|
-
|
160
|
+
og_files = %w{task task_1 xx_t_a_s_k_2_xx}.map { |bn| "#{tasks_path}/#{bn}" }
|
161
|
+
expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
162
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
153
163
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
154
164
|
|
155
165
|
expect(tasks.count).to eq(3)
|
@@ -157,7 +167,9 @@ describe Puppet::Module::Task do
|
|
157
167
|
end
|
158
168
|
|
159
169
|
it "ignores files that have names (besides extensions) that are not valid task names" do
|
160
|
-
|
170
|
+
og_files = %w{.nottask.exe .wat !runme _task 2task2furious def_a_task_PSYCH Fake_task not-a-task realtask}.map { |bn| "#{tasks_path}/#{bn}" }
|
171
|
+
expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
172
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
161
173
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
162
174
|
|
163
175
|
expect(tasks.count).to eq(1)
|
@@ -165,13 +177,24 @@ describe Puppet::Module::Task do
|
|
165
177
|
end
|
166
178
|
|
167
179
|
it "ignores files that have names ending in .conf and .md" do
|
168
|
-
|
180
|
+
og_files = %w{ginuwine_task task.conf readme.md other_task.md}.map { |bn| "#{tasks_path}/#{bn}" }
|
181
|
+
expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
182
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
169
183
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
170
184
|
|
171
185
|
expect(tasks.count).to eq(1)
|
172
186
|
expect(tasks.map{|t| t.name}).to eq(%w{mymod::ginuwine_task})
|
173
187
|
end
|
174
188
|
|
189
|
+
it "ignores files which are not regular files" do
|
190
|
+
og_files = %w{foo}.map { |bn| "#{tasks_path}/#{bn}" }
|
191
|
+
expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
192
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(false) }
|
193
|
+
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
194
|
+
|
195
|
+
expect(tasks.count).to eq(0)
|
196
|
+
end
|
197
|
+
|
175
198
|
it "gives the 'init' task a name that is just the module's name" do
|
176
199
|
expect(Puppet::Module::Task.new(mymod, 'init', ["#{tasks_path}/init.sh"]).name).to eq('mymod')
|
177
200
|
end
|
@@ -179,7 +202,9 @@ describe Puppet::Module::Task do
|
|
179
202
|
describe :metadata do
|
180
203
|
it "loads metadata for a task" do
|
181
204
|
metadata = {'desciption': 'some info'}
|
182
|
-
|
205
|
+
og_files = %w{task1.exe task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
|
206
|
+
expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
207
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
183
208
|
allow(Puppet::Module::Task).to receive(:read_metadata).and_return(metadata)
|
184
209
|
|
185
210
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
@@ -189,7 +214,9 @@ describe Puppet::Module::Task do
|
|
189
214
|
end
|
190
215
|
|
191
216
|
it 'returns nil for metadata if no file is present' do
|
192
|
-
|
217
|
+
og_files = %w{task1.exe}.map { |bn| "#{tasks_path}/#{bn}" }
|
218
|
+
expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
219
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
193
220
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
194
221
|
|
195
222
|
expect(tasks.count).to eq(1)
|
@@ -212,7 +239,9 @@ describe Puppet::Module::Task do
|
|
212
239
|
|
213
240
|
describe :validate do
|
214
241
|
it "validates when there is no metadata" do
|
215
|
-
|
242
|
+
og_files = %w{task1.exe}.map { |bn| "#{tasks_path}/#{bn}" }
|
243
|
+
expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
244
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
216
245
|
|
217
246
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
218
247
|
|
@@ -223,7 +252,9 @@ describe Puppet::Module::Task do
|
|
223
252
|
it "validates when an implementation isn't used" do
|
224
253
|
metadata = {'desciption' => 'some info',
|
225
254
|
'implementations' => [ {"name" => "task1.exe"}, ] }
|
226
|
-
|
255
|
+
og_files = %w{task1.exe task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
|
256
|
+
expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
257
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
227
258
|
allow(Puppet::Module::Task).to receive(:read_metadata).and_return(metadata)
|
228
259
|
|
229
260
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
@@ -235,7 +266,9 @@ describe Puppet::Module::Task do
|
|
235
266
|
it "validates when an implementation is another task" do
|
236
267
|
metadata = {'desciption' => 'some info',
|
237
268
|
'implementations' => [ {"name" => "task2.sh"}, ] }
|
238
|
-
|
269
|
+
og_files = %w{task1.exe task2.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
|
270
|
+
expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
271
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
239
272
|
allow(Puppet::Module::Task).to receive(:read_metadata).and_return(metadata)
|
240
273
|
|
241
274
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
@@ -245,7 +278,9 @@ describe Puppet::Module::Task do
|
|
245
278
|
end
|
246
279
|
|
247
280
|
it "fails validation when there is no metadata and multiple task files" do
|
248
|
-
|
281
|
+
og_files = %w{task1.elf task1.exe task1.json task2.ps1 task2.sh}.map { |bn| "#{tasks_path}/#{bn}" }
|
282
|
+
expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
283
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
249
284
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
250
285
|
allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({})
|
251
286
|
|
@@ -255,7 +290,9 @@ describe Puppet::Module::Task do
|
|
255
290
|
end
|
256
291
|
|
257
292
|
it "fails validation when an implementation references a non-existant file" do
|
258
|
-
|
293
|
+
og_files = %w{task1.elf task1.exe task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
|
294
|
+
expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
295
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
259
296
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
260
297
|
allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({'implementations' => [ { 'name' => 'task1.sh' } ] })
|
261
298
|
|
@@ -265,7 +302,9 @@ describe Puppet::Module::Task do
|
|
265
302
|
end
|
266
303
|
|
267
304
|
it 'fails validation when there is metadata but no executable' do
|
268
|
-
|
305
|
+
og_files = %w{task1.json task2.sh}.map { |bn| "#{tasks_path}/#{bn}" }
|
306
|
+
expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
307
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
269
308
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
270
309
|
allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({})
|
271
310
|
|
@@ -273,7 +312,9 @@ describe Puppet::Module::Task do
|
|
273
312
|
end
|
274
313
|
|
275
314
|
it 'fails validation when the implementations are not an array' do
|
276
|
-
|
315
|
+
og_files = %w{task1.json task2.sh}.map { |bn| "#{tasks_path}/#{bn}" }
|
316
|
+
expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
317
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
277
318
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
278
319
|
allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({"implemenations" => {}})
|
279
320
|
|
@@ -281,7 +322,9 @@ describe Puppet::Module::Task do
|
|
281
322
|
end
|
282
323
|
|
283
324
|
it 'fails validation when the implementation is json' do
|
284
|
-
|
325
|
+
og_files = %w{task1.json task1.sh}.map { |bn| "#{tasks_path}/#{bn}" }
|
326
|
+
expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
|
327
|
+
og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
|
285
328
|
tasks = Puppet::Module::Task.tasks_in_module(mymod)
|
286
329
|
allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({'implementations' => [ { 'name' => 'task1.json' } ] })
|
287
330
|
|
@@ -39,7 +39,7 @@ describe Puppet::Util::ResourceTemplate do
|
|
39
39
|
|
40
40
|
it "should create a template instance with the contents of the file" do
|
41
41
|
expect(Puppet::FileSystem).to receive(:read).with("/my/template", :encoding => 'utf-8').and_return("yay")
|
42
|
-
expect(
|
42
|
+
expect(Puppet::Util).to receive(:create_erb).with("yay").and_return(@template)
|
43
43
|
|
44
44
|
allow(@wrapper).to receive(:set_resource_variables)
|
45
45
|
|
@@ -65,6 +65,7 @@ describe Puppet::Util::SELinux do
|
|
65
65
|
'/' => 'ext3',
|
66
66
|
'/sys' => 'sysfs',
|
67
67
|
'/mnt/nfs' => 'nfs',
|
68
|
+
'/mnt/zfs' => 'zfs',
|
68
69
|
'/proc' => 'proc',
|
69
70
|
'/dev' => 'tmpfs' })
|
70
71
|
end
|
@@ -85,6 +86,10 @@ describe Puppet::Util::SELinux do
|
|
85
86
|
expect(selinux_label_support?('/dev/shm/testfile')).to be_truthy
|
86
87
|
end
|
87
88
|
|
89
|
+
it "should return true if zfs" do
|
90
|
+
expect(selinux_label_support?('/mnt/zfs/testfile')).to be_truthy
|
91
|
+
end
|
92
|
+
|
88
93
|
it "should return false for a noncapable filesystem" do
|
89
94
|
expect(selinux_label_support?('/mnt/nfs/testfile')).to be_falsey
|
90
95
|
end
|
data/spec/unit/util_spec.rb
CHANGED
@@ -625,7 +625,7 @@ describe Puppet::Util do
|
|
625
625
|
Puppet::Util.safe_posix_fork
|
626
626
|
end
|
627
627
|
|
628
|
-
it "should close all open file descriptors except stdin/stdout/stderr when /proc/self/fd doesn't
|
628
|
+
it "should close all open file descriptors except stdin/stdout/stderr when /proc/self/fd doesn't exist" do
|
629
629
|
# This is ugly, but I can't really think of a better way to do it without
|
630
630
|
# letting it actually close fds, which seems risky
|
631
631
|
(0..2).each {|n| expect(IO).not_to receive(:new).with(n)}
|
@@ -635,6 +635,16 @@ describe Puppet::Util do
|
|
635
635
|
Puppet::Util.safe_posix_fork
|
636
636
|
end
|
637
637
|
|
638
|
+
it "should close all open file descriptors except stdin/stdout/stderr when /proc/self is not a directory" do
|
639
|
+
# This is ugly, but I can't really think of a better way to do it without
|
640
|
+
# letting it actually close fds, which seems risky
|
641
|
+
(0..2).each {|n| expect(IO).not_to receive(:new).with(n)}
|
642
|
+
(3..256).each {|n| expect(IO).to receive(:new).with(n).and_return(double('io', close: nil)) }
|
643
|
+
allow(Dir).to receive(:foreach).with('/proc/self/fd').and_raise(Errno::ENOTDIR)
|
644
|
+
|
645
|
+
Puppet::Util.safe_posix_fork
|
646
|
+
end
|
647
|
+
|
638
648
|
it "should fork a child process to execute the block" do
|
639
649
|
expect(Kernel).to receive(:fork).and_return(pid).and_yield
|
640
650
|
|
@@ -37,14 +37,15 @@ task(:gen_cert_fixtures) do
|
|
37
37
|
# | |
|
38
38
|
# signed.pem | +- /CN=signed
|
39
39
|
# revoked.pem | +- /CN=revoked
|
40
|
-
# 127.0.0.1.pem | +- /CN=127.0.0.1 (with dns alt names)
|
41
40
|
# tampered-cert.pem | +- /CN=signed (with different public key)
|
42
41
|
# ec.pem | +- /CN=ec (with EC private key)
|
43
42
|
# oid.pem | +- /CN=oid (with custom oid)
|
44
43
|
# |
|
45
|
-
#
|
46
|
-
# |
|
47
|
-
#
|
44
|
+
# 127.0.0.1.pem +- /CN=127.0.0.1 (with dns alt names)
|
45
|
+
# |
|
46
|
+
# intermediate-agent.pem +- /CN=Test CA Agent Subauthority
|
47
|
+
# | |
|
48
|
+
# pluto.pem | +- /CN=pluto
|
48
49
|
# |
|
49
50
|
# bad-int-basic-constraints.pem +- /CN=Test CA Subauthority (bad isCA constraint)
|
50
51
|
#
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppet
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 7.
|
4
|
+
version: 7.19.0
|
5
5
|
platform: universal-darwin
|
6
6
|
authors:
|
7
7
|
- Puppet Labs
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-09-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: facter
|