puppet 7.16.0-x64-mingw32 → 7.19.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (84) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +76 -15
  3. data/ext/systemd/puppet.service +2 -1
  4. data/lib/puppet/agent.rb +47 -11
  5. data/lib/puppet/application/agent.rb +3 -13
  6. data/lib/puppet/application/apply.rb +2 -2
  7. data/lib/puppet/configurer.rb +1 -1
  8. data/lib/puppet/defaults.rb +11 -1
  9. data/lib/puppet/face/help.rb +1 -1
  10. data/lib/puppet/face/module/list.rb +16 -7
  11. data/lib/puppet/functions/capitalize.rb +1 -1
  12. data/lib/puppet/generate/type.rb +1 -1
  13. data/lib/puppet/http/client.rb +22 -2
  14. data/lib/puppet/info_service/task_information_service.rb +1 -1
  15. data/lib/puppet/module/task.rb +5 -1
  16. data/lib/puppet/parameter.rb +19 -4
  17. data/lib/puppet/parser/templatewrapper.rb +1 -1
  18. data/lib/puppet/pops/evaluator/deferred_resolver.rb +46 -6
  19. data/lib/puppet/pops/functions/dispatcher.rb +10 -6
  20. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +7 -6
  21. data/lib/puppet/pops/types/type_mismatch_describer.rb +22 -1
  22. data/lib/puppet/provider/package/puppetserver_gem.rb +7 -16
  23. data/lib/puppet/provider/package/yum.rb +8 -3
  24. data/lib/puppet/provider/user/directoryservice.rb +15 -8
  25. data/lib/puppet/reference/configuration.rb +2 -0
  26. data/lib/puppet/ssl/ssl_provider.rb +65 -12
  27. data/lib/puppet/ssl/state_machine.rb +13 -17
  28. data/lib/puppet/transaction.rb +22 -0
  29. data/lib/puppet/type/tidy.rb +1 -1
  30. data/lib/puppet/type/user.rb +3 -0
  31. data/lib/puppet/type.rb +20 -3
  32. data/lib/puppet/util/json.rb +5 -2
  33. data/lib/puppet/util/resource_template.rb +1 -1
  34. data/lib/puppet/util/selinux.rb +1 -1
  35. data/lib/puppet/util.rb +12 -1
  36. data/lib/puppet/version.rb +1 -1
  37. data/lib/puppet.rb +1 -14
  38. data/man/man5/puppet.conf.5 +12 -4
  39. data/man/man8/puppet-agent.8 +2 -2
  40. data/man/man8/puppet-apply.8 +1 -1
  41. data/man/man8/puppet-catalog.8 +1 -1
  42. data/man/man8/puppet-config.8 +1 -1
  43. data/man/man8/puppet-describe.8 +1 -1
  44. data/man/man8/puppet-device.8 +1 -1
  45. data/man/man8/puppet-doc.8 +1 -1
  46. data/man/man8/puppet-epp.8 +1 -1
  47. data/man/man8/puppet-facts.8 +1 -1
  48. data/man/man8/puppet-filebucket.8 +1 -1
  49. data/man/man8/puppet-generate.8 +1 -1
  50. data/man/man8/puppet-help.8 +1 -1
  51. data/man/man8/puppet-lookup.8 +1 -1
  52. data/man/man8/puppet-module.8 +1 -1
  53. data/man/man8/puppet-node.8 +1 -1
  54. data/man/man8/puppet-parser.8 +1 -1
  55. data/man/man8/puppet-plugin.8 +1 -1
  56. data/man/man8/puppet-report.8 +1 -1
  57. data/man/man8/puppet-resource.8 +1 -1
  58. data/man/man8/puppet-script.8 +1 -1
  59. data/man/man8/puppet-ssl.8 +1 -1
  60. data/man/man8/puppet.8 +2 -2
  61. data/spec/integration/application/agent_spec.rb +157 -0
  62. data/spec/integration/application/apply_spec.rb +74 -0
  63. data/spec/integration/http/client_spec.rb +27 -10
  64. data/spec/lib/puppet_spec/https.rb +1 -1
  65. data/spec/lib/puppet_spec/puppetserver.rb +39 -2
  66. data/spec/unit/agent_spec.rb +28 -2
  67. data/spec/unit/application/agent_spec.rb +26 -16
  68. data/spec/unit/daemon_spec.rb +2 -11
  69. data/spec/unit/face/module/list_spec.rb +26 -0
  70. data/spec/unit/http/client_spec.rb +18 -0
  71. data/spec/unit/info_service_spec.rb +11 -3
  72. data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +26 -0
  73. data/spec/unit/pops/loaders/loaders_spec.rb +1 -1
  74. data/spec/unit/pops/types/type_mismatch_describer_spec.rb +167 -1
  75. data/spec/unit/provider/package/puppetserver_gem_spec.rb +2 -2
  76. data/spec/unit/provider/user/directoryservice_spec.rb +1 -1
  77. data/spec/unit/ssl/ssl_provider_spec.rb +75 -1
  78. data/spec/unit/ssl/state_machine_spec.rb +1 -0
  79. data/spec/unit/task_spec.rb +56 -13
  80. data/spec/unit/util/resource_template_spec.rb +1 -1
  81. data/spec/unit/util/selinux_spec.rb +5 -0
  82. data/spec/unit/util_spec.rb +11 -1
  83. data/tasks/generate_cert_fixtures.rake +5 -4
  84. metadata +2 -2
@@ -105,9 +105,9 @@ describe Puppet::Type.type(:package).provider(:puppetserver_gem) do
105
105
 
106
106
  describe ".gemlist" do
107
107
  context "listing installed packages" do
108
- it "uses the puppet rubygems library to list local gems" do
108
+ it "uses the puppet_gem provider_command to list local gems" do
109
109
  expected = { name: 'world_airports', provider: :puppetserver_gem, ensure: ['1.1.3'] }
110
- expect(described_class).to receive(:execute_rubygems_list_command).with(nil).and_return(File.read(my_fixture('gem-list-local-packages')))
110
+ expect(described_class).to receive(:execute_rubygems_list_command).with(['gem', 'list', '--local']).and_return(File.read(my_fixture('gem-list-local-packages')))
111
111
  expect(described_class.gemlist({ local: true })).to include(expected)
112
112
  end
113
113
  end
@@ -840,7 +840,7 @@ end
840
840
  expect(provider.class.get_salted_sha512_pbkdf2('iterations', pbkdf2_embedded_bplist_hash)).to be_a(Integer)
841
841
  end
842
842
  it "should raise an error if a field other than 'entropy', 'salt', or 'iterations' is passed" do
843
- expect { provider.class.get_salted_sha512_pbkdf2('othervalue', pbkdf2_embedded_bplist_hash) }.to raise_error(Puppet::Error, /Puppet has tried to read an incorrect value from the SALTED-SHA512-PBKDF2 hash. Acceptable fields are 'salt', 'entropy', or 'iterations'/)
843
+ expect { provider.class.get_salted_sha512_pbkdf2('othervalue', pbkdf2_embedded_bplist_hash, 'test_user') }.to raise_error(Puppet::Error, /Puppet has tried to read an incorrect value from the user test_user in the SALTED-SHA512-PBKDF2 hash. Acceptable fields are 'salt', 'entropy', or 'iterations'/)
844
844
  end
845
845
  end
846
846
 
@@ -113,12 +113,21 @@ describe Puppet::SSL::SSLProvider do
113
113
  }.to raise_error(/can't modify frozen/)
114
114
  end
115
115
 
116
- it 'trusts system ca store' do
116
+ it 'trusts system ca store by default' do
117
117
  expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths)
118
118
 
119
119
  subject.create_system_context(cacerts: [])
120
120
  end
121
121
 
122
+ it 'trusts an external ca store' do
123
+ path = tmpfile('system_cacerts')
124
+ File.write(path, cert_fixture('ca.pem').to_pem)
125
+
126
+ expect_any_instance_of(OpenSSL::X509::Store).to receive(:add_file).with(path)
127
+
128
+ subject.create_system_context(cacerts: [], path: path)
129
+ end
130
+
122
131
  it 'verifies peer' do
123
132
  sslctx = subject.create_system_context(cacerts: [])
124
133
  expect(sslctx.verify_peer).to eq(true)
@@ -135,6 +144,47 @@ describe Puppet::SSL::SSLProvider do
135
144
  expect(sslctx.private_key).to be_nil
136
145
  end
137
146
 
147
+ it 'includes the client cert and private key when requested' do
148
+ Puppet[:hostcert] = fixtures('ssl/signed.pem')
149
+ Puppet[:hostprivkey] = fixtures('ssl/signed-key.pem')
150
+ sslctx = subject.create_system_context(cacerts: [], include_client_cert: true)
151
+ expect(sslctx.client_cert).to be_an(OpenSSL::X509::Certificate)
152
+ expect(sslctx.private_key).to be_an(OpenSSL::PKey::RSA)
153
+ end
154
+
155
+ it 'ignores non-existent client cert and private key when requested' do
156
+ Puppet[:certname] = 'doesnotexist'
157
+ sslctx = subject.create_system_context(cacerts: [], include_client_cert: true)
158
+ expect(sslctx.client_cert).to be_nil
159
+ expect(sslctx.private_key).to be_nil
160
+ end
161
+
162
+ it 'warns if the client cert does not exist' do
163
+ Puppet[:certname] = 'missingcert'
164
+ Puppet[:hostprivkey] = fixtures('ssl/signed-key.pem')
165
+
166
+ expect(Puppet).to receive(:warning).with("Client certificate for 'missingcert' does not exist")
167
+ subject.create_system_context(cacerts: [], include_client_cert: true)
168
+ end
169
+
170
+ it 'warns if the private key does not exist' do
171
+ Puppet[:certname] = 'missingkey'
172
+ Puppet[:hostcert] = fixtures('ssl/signed.pem')
173
+
174
+ expect(Puppet).to receive(:warning).with("Private key for 'missingkey' does not exist")
175
+ subject.create_system_context(cacerts: [], include_client_cert: true)
176
+ end
177
+
178
+ it 'raises if client cert and private key are mismatched' do
179
+ Puppet[:hostcert] = fixtures('ssl/signed.pem')
180
+ Puppet[:hostprivkey] = fixtures('ssl/127.0.0.1-key.pem')
181
+
182
+ expect {
183
+ subject.create_system_context(cacerts: [], include_client_cert: true)
184
+ }.to raise_error(Puppet::SSL::SSLError,
185
+ "The certificate for 'CN=signed' does not match its private key")
186
+ end
187
+
138
188
  it 'trusts additional system certs' do
139
189
  path = tmpfile('system_cacerts')
140
190
  File.write(path, cert_fixture('ca.pem').to_pem)
@@ -448,6 +498,18 @@ describe Puppet::SSL::SSLProvider do
448
498
  sslctx = subject.create_context(**config)
449
499
  expect(sslctx.verify_peer).to eq(true)
450
500
  end
501
+
502
+ it 'does not trust the system ca store by default' do
503
+ expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths).never
504
+
505
+ subject.create_context(**config)
506
+ end
507
+
508
+ it 'trusts the system ca store' do
509
+ expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths)
510
+
511
+ subject.create_context(**config.merge(include_system_store: true))
512
+ end
451
513
  end
452
514
 
453
515
  context 'when loading an ssl context' do
@@ -530,6 +592,18 @@ describe Puppet::SSL::SSLProvider do
530
592
  }.to raise_error(Puppet::SSL::SSLError, /Failed to load private key for host 'signed': Could not parse PKey/)
531
593
  end
532
594
  end
595
+
596
+ it 'does not trust the system ca store by default' do
597
+ expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths).never
598
+
599
+ subject.load_context
600
+ end
601
+
602
+ it 'trusts the system ca store' do
603
+ expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths)
604
+
605
+ subject.load_context(include_system_store: true)
606
+ end
533
607
  end
534
608
 
535
609
  context 'when verifying requests' do
@@ -27,6 +27,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
27
27
  let(:refused_message) { %r{Connection refused|No connection could be made because the target machine actively refused it} }
28
28
 
29
29
  before(:each) do
30
+ Puppet[:daemonize] = false
30
31
  Puppet[:ssl_lockfile] = tmpfile('ssllock')
31
32
  allow(Kernel).to receive(:sleep)
32
33
  end
@@ -24,6 +24,7 @@ describe Puppet::Module::Task do
24
24
  it "constructs tasks as expected when every task has a metadata file with the same name (besides extension)" do
25
25
  task_files = %w{task1.json task1 task2.json task2.exe task3.json task3.sh}.map { |bn| "#{tasks_path}/#{bn}" }
26
26
  expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
27
+ task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
27
28
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
28
29
  allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({})
29
30
 
@@ -52,6 +53,7 @@ describe Puppet::Module::Task do
52
53
  it "constructs tasks as expected when some tasks don't have a metadata file" do
53
54
  task_files = %w{task1 task2.exe task3.json task3.sh}.map { |bn| "#{tasks_path}/#{bn}" }
54
55
  expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
56
+ task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
55
57
  allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({})
56
58
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
57
59
 
@@ -66,6 +68,7 @@ describe Puppet::Module::Task do
66
68
  it "constructs a task as expected when a task has implementations" do
67
69
  task_files = %w{task1.elf task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
68
70
  expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
71
+ task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
69
72
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
70
73
  allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({'implementations' => [{"name" => "task1.sh"}]})
71
74
 
@@ -78,6 +81,7 @@ describe Puppet::Module::Task do
78
81
  it "constructs a task as expected when task metadata declares additional files" do
79
82
  task_files = %w{task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
80
83
  expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
84
+ task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
81
85
  expect(Puppet::Module::Task).to receive(:find_extra_files).and_return([{'name' => 'mymod/lib/file0.elf', 'path' => "/path/to/file0.elf"}])
82
86
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
83
87
  allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({'files' => ["mymod/lib/file0.elf"]})
@@ -91,6 +95,7 @@ describe Puppet::Module::Task do
91
95
  it "constructs a task as expected when a task implementation declares additional files" do
92
96
  task_files = %w{task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
93
97
  expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
98
+ task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
94
99
  expect(Puppet::Module::Task).to receive(:find_extra_files).and_return([{'name' => 'mymod/lib/file0.elf', 'path' => "/path/to/file0.elf"}])
95
100
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
96
101
  allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({'implementations' => [{"name" => "task1.sh", "files" => ["mymod/lib/file0.elf"]}]})
@@ -104,6 +109,7 @@ describe Puppet::Module::Task do
104
109
  it "constructs a task as expected when task metadata and a task implementation both declare additional files" do
105
110
  task_files = %w{task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
106
111
  expect(Dir).to receive(:glob).with(tasks_glob).and_return(task_files)
112
+ task_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
107
113
  expect(Puppet::Module::Task).to receive(:find_extra_files).and_return([
108
114
  {'name' => 'mymod/lib/file0.elf', 'path' => "/path/to/file0.elf"},
109
115
  {'name' => 'yourmod/files/file1.txt', 'path' => "/other/path/to/file1.txt"}
@@ -124,6 +130,7 @@ describe Puppet::Module::Task do
124
130
  it "constructs a task as expected when a task has files" do
125
131
  og_files = %w{task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
126
132
  expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
133
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
127
134
  expect(File).to receive(:exist?).with(any_args).and_return(true).at_least(:once)
128
135
 
129
136
  expect(Puppet::Module).to receive(:find).with(othermod.name, "production").and_return(othermod).at_least(:once)
@@ -139,6 +146,7 @@ describe Puppet::Module::Task do
139
146
  it "fails to load a task if its metadata specifies a non-existent file" do
140
147
  og_files = %w{task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
141
148
  allow(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
149
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
142
150
  allow(File).to receive(:exist?).with(any_args).and_return(true)
143
151
 
144
152
  expect(Puppet::Module).to receive(:find).with(othermod.name, "production").and_return(nil).at_least(:once)
@@ -149,7 +157,9 @@ describe Puppet::Module::Task do
149
157
  end
150
158
 
151
159
  it "finds files whose names (besides extensions) are valid task names" do
152
- expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task task_1 xx_t_a_s_k_2_xx})
160
+ og_files = %w{task task_1 xx_t_a_s_k_2_xx}.map { |bn| "#{tasks_path}/#{bn}" }
161
+ expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
162
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
153
163
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
154
164
 
155
165
  expect(tasks.count).to eq(3)
@@ -157,7 +167,9 @@ describe Puppet::Module::Task do
157
167
  end
158
168
 
159
169
  it "ignores files that have names (besides extensions) that are not valid task names" do
160
- expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{.nottask.exe .wat !runme _task 2task2furious def_a_task_PSYCH Fake_task not-a-task realtask})
170
+ og_files = %w{.nottask.exe .wat !runme _task 2task2furious def_a_task_PSYCH Fake_task not-a-task realtask}.map { |bn| "#{tasks_path}/#{bn}" }
171
+ expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
172
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
161
173
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
162
174
 
163
175
  expect(tasks.count).to eq(1)
@@ -165,13 +177,24 @@ describe Puppet::Module::Task do
165
177
  end
166
178
 
167
179
  it "ignores files that have names ending in .conf and .md" do
168
- expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{ginuwine_task task.conf readme.md other_task.md})
180
+ og_files = %w{ginuwine_task task.conf readme.md other_task.md}.map { |bn| "#{tasks_path}/#{bn}" }
181
+ expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
182
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
169
183
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
170
184
 
171
185
  expect(tasks.count).to eq(1)
172
186
  expect(tasks.map{|t| t.name}).to eq(%w{mymod::ginuwine_task})
173
187
  end
174
188
 
189
+ it "ignores files which are not regular files" do
190
+ og_files = %w{foo}.map { |bn| "#{tasks_path}/#{bn}" }
191
+ expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
192
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(false) }
193
+ tasks = Puppet::Module::Task.tasks_in_module(mymod)
194
+
195
+ expect(tasks.count).to eq(0)
196
+ end
197
+
175
198
  it "gives the 'init' task a name that is just the module's name" do
176
199
  expect(Puppet::Module::Task.new(mymod, 'init', ["#{tasks_path}/init.sh"]).name).to eq('mymod')
177
200
  end
@@ -179,7 +202,9 @@ describe Puppet::Module::Task do
179
202
  describe :metadata do
180
203
  it "loads metadata for a task" do
181
204
  metadata = {'desciption': 'some info'}
182
- expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.exe task1.json})
205
+ og_files = %w{task1.exe task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
206
+ expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
207
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
183
208
  allow(Puppet::Module::Task).to receive(:read_metadata).and_return(metadata)
184
209
 
185
210
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
@@ -189,7 +214,9 @@ describe Puppet::Module::Task do
189
214
  end
190
215
 
191
216
  it 'returns nil for metadata if no file is present' do
192
- expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.exe})
217
+ og_files = %w{task1.exe}.map { |bn| "#{tasks_path}/#{bn}" }
218
+ expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
219
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
193
220
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
194
221
 
195
222
  expect(tasks.count).to eq(1)
@@ -212,7 +239,9 @@ describe Puppet::Module::Task do
212
239
 
213
240
  describe :validate do
214
241
  it "validates when there is no metadata" do
215
- expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.exe})
242
+ og_files = %w{task1.exe}.map { |bn| "#{tasks_path}/#{bn}" }
243
+ expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
244
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
216
245
 
217
246
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
218
247
 
@@ -223,7 +252,9 @@ describe Puppet::Module::Task do
223
252
  it "validates when an implementation isn't used" do
224
253
  metadata = {'desciption' => 'some info',
225
254
  'implementations' => [ {"name" => "task1.exe"}, ] }
226
- expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.exe task1.sh task1.json})
255
+ og_files = %w{task1.exe task1.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
256
+ expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
257
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
227
258
  allow(Puppet::Module::Task).to receive(:read_metadata).and_return(metadata)
228
259
 
229
260
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
@@ -235,7 +266,9 @@ describe Puppet::Module::Task do
235
266
  it "validates when an implementation is another task" do
236
267
  metadata = {'desciption' => 'some info',
237
268
  'implementations' => [ {"name" => "task2.sh"}, ] }
238
- expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.exe task2.sh task1.json})
269
+ og_files = %w{task1.exe task2.sh task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
270
+ expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
271
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
239
272
  allow(Puppet::Module::Task).to receive(:read_metadata).and_return(metadata)
240
273
 
241
274
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
@@ -245,7 +278,9 @@ describe Puppet::Module::Task do
245
278
  end
246
279
 
247
280
  it "fails validation when there is no metadata and multiple task files" do
248
- expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.elf task1.exe task1.json task2.ps1 task2.sh})
281
+ og_files = %w{task1.elf task1.exe task1.json task2.ps1 task2.sh}.map { |bn| "#{tasks_path}/#{bn}" }
282
+ expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
283
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
249
284
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
250
285
  allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({})
251
286
 
@@ -255,7 +290,9 @@ describe Puppet::Module::Task do
255
290
  end
256
291
 
257
292
  it "fails validation when an implementation references a non-existant file" do
258
- expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.elf task1.exe task1.json})
293
+ og_files = %w{task1.elf task1.exe task1.json}.map { |bn| "#{tasks_path}/#{bn}" }
294
+ expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
295
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
259
296
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
260
297
  allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({'implementations' => [ { 'name' => 'task1.sh' } ] })
261
298
 
@@ -265,7 +302,9 @@ describe Puppet::Module::Task do
265
302
  end
266
303
 
267
304
  it 'fails validation when there is metadata but no executable' do
268
- expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.json task2.sh})
305
+ og_files = %w{task1.json task2.sh}.map { |bn| "#{tasks_path}/#{bn}" }
306
+ expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
307
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
269
308
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
270
309
  allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({})
271
310
 
@@ -273,7 +312,9 @@ describe Puppet::Module::Task do
273
312
  end
274
313
 
275
314
  it 'fails validation when the implementations are not an array' do
276
- expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.json task2.sh})
315
+ og_files = %w{task1.json task2.sh}.map { |bn| "#{tasks_path}/#{bn}" }
316
+ expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
317
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
277
318
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
278
319
  allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({"implemenations" => {}})
279
320
 
@@ -281,7 +322,9 @@ describe Puppet::Module::Task do
281
322
  end
282
323
 
283
324
  it 'fails validation when the implementation is json' do
284
- expect(Dir).to receive(:glob).with(tasks_glob).and_return(%w{task1.json task1.sh})
325
+ og_files = %w{task1.json task1.sh}.map { |bn| "#{tasks_path}/#{bn}" }
326
+ expect(Dir).to receive(:glob).with(tasks_glob).and_return(og_files)
327
+ og_files.each { |f| expect(File).to receive(:file?).with(f).and_return(true) }
285
328
  tasks = Puppet::Module::Task.tasks_in_module(mymod)
286
329
  allow_any_instance_of(Puppet::Module::Task).to receive(:metadata).and_return({'implementations' => [ { 'name' => 'task1.json' } ] })
287
330
 
@@ -39,7 +39,7 @@ describe Puppet::Util::ResourceTemplate do
39
39
 
40
40
  it "should create a template instance with the contents of the file" do
41
41
  expect(Puppet::FileSystem).to receive(:read).with("/my/template", :encoding => 'utf-8').and_return("yay")
42
- expect(ERB).to receive(:new).with("yay", 0, "-").and_return(@template)
42
+ expect(Puppet::Util).to receive(:create_erb).with("yay").and_return(@template)
43
43
 
44
44
  allow(@wrapper).to receive(:set_resource_variables)
45
45
 
@@ -65,6 +65,7 @@ describe Puppet::Util::SELinux do
65
65
  '/' => 'ext3',
66
66
  '/sys' => 'sysfs',
67
67
  '/mnt/nfs' => 'nfs',
68
+ '/mnt/zfs' => 'zfs',
68
69
  '/proc' => 'proc',
69
70
  '/dev' => 'tmpfs' })
70
71
  end
@@ -85,6 +86,10 @@ describe Puppet::Util::SELinux do
85
86
  expect(selinux_label_support?('/dev/shm/testfile')).to be_truthy
86
87
  end
87
88
 
89
+ it "should return true if zfs" do
90
+ expect(selinux_label_support?('/mnt/zfs/testfile')).to be_truthy
91
+ end
92
+
88
93
  it "should return false for a noncapable filesystem" do
89
94
  expect(selinux_label_support?('/mnt/nfs/testfile')).to be_falsey
90
95
  end
@@ -625,7 +625,7 @@ describe Puppet::Util do
625
625
  Puppet::Util.safe_posix_fork
626
626
  end
627
627
 
628
- it "should close all open file descriptors except stdin/stdout/stderr when /proc/self/fd doesn't exists" do
628
+ it "should close all open file descriptors except stdin/stdout/stderr when /proc/self/fd doesn't exist" do
629
629
  # This is ugly, but I can't really think of a better way to do it without
630
630
  # letting it actually close fds, which seems risky
631
631
  (0..2).each {|n| expect(IO).not_to receive(:new).with(n)}
@@ -635,6 +635,16 @@ describe Puppet::Util do
635
635
  Puppet::Util.safe_posix_fork
636
636
  end
637
637
 
638
+ it "should close all open file descriptors except stdin/stdout/stderr when /proc/self is not a directory" do
639
+ # This is ugly, but I can't really think of a better way to do it without
640
+ # letting it actually close fds, which seems risky
641
+ (0..2).each {|n| expect(IO).not_to receive(:new).with(n)}
642
+ (3..256).each {|n| expect(IO).to receive(:new).with(n).and_return(double('io', close: nil)) }
643
+ allow(Dir).to receive(:foreach).with('/proc/self/fd').and_raise(Errno::ENOTDIR)
644
+
645
+ Puppet::Util.safe_posix_fork
646
+ end
647
+
638
648
  it "should fork a child process to execute the block" do
639
649
  expect(Kernel).to receive(:fork).and_return(pid).and_yield
640
650
 
@@ -37,14 +37,15 @@ task(:gen_cert_fixtures) do
37
37
  # | |
38
38
  # signed.pem | +- /CN=signed
39
39
  # revoked.pem | +- /CN=revoked
40
- # 127.0.0.1.pem | +- /CN=127.0.0.1 (with dns alt names)
41
40
  # tampered-cert.pem | +- /CN=signed (with different public key)
42
41
  # ec.pem | +- /CN=ec (with EC private key)
43
42
  # oid.pem | +- /CN=oid (with custom oid)
44
43
  # |
45
- # + /CN=Test CA Agent Subauthority
46
- # | |
47
- # pluto.pem | +- /CN=pluto
44
+ # 127.0.0.1.pem +- /CN=127.0.0.1 (with dns alt names)
45
+ # |
46
+ # intermediate-agent.pem +- /CN=Test CA Agent Subauthority
47
+ # | |
48
+ # pluto.pem | +- /CN=pluto
48
49
  # |
49
50
  # bad-int-basic-constraints.pem +- /CN=Test CA Subauthority (bad isCA constraint)
50
51
  #
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puppet
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.16.0
4
+ version: 7.19.0
5
5
  platform: x64-mingw32
6
6
  authors:
7
7
  - Puppet Labs
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-04-14 00:00:00.000000000 Z
11
+ date: 2022-09-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: facter