puppet 7.25.0-x64-mingw32 → 7.27.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (56) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -1
  3. data/Gemfile.lock +28 -28
  4. data/ext/project_data.yaml +2 -2
  5. data/lib/puppet/application/ssl.rb +42 -7
  6. data/lib/puppet/application.rb +5 -1
  7. data/lib/puppet/defaults.rb +1 -5
  8. data/lib/puppet/functions/split.rb +28 -1
  9. data/lib/puppet/http/client.rb +12 -5
  10. data/lib/puppet/node/environment.rb +6 -4
  11. data/lib/puppet/pops/evaluator/deferred_resolver.rb +20 -3
  12. data/lib/puppet/pops/time/timespan.rb +1 -1
  13. data/lib/puppet/provider/package/apt.rb +1 -1
  14. data/lib/puppet/provider/package/dnf.rb +1 -1
  15. data/lib/puppet/provider/package/yum.rb +1 -1
  16. data/lib/puppet/ssl/oids.rb +1 -0
  17. data/lib/puppet/util/execution.rb +7 -2
  18. data/lib/puppet/util/windows/adsi.rb +7 -0
  19. data/lib/puppet/util/windows/sid.rb +4 -2
  20. data/lib/puppet/version.rb +1 -1
  21. data/lib/puppet/x509/cert_provider.rb +6 -2
  22. data/man/man5/puppet.conf.5 +2 -2
  23. data/man/man8/puppet-agent.8 +1 -1
  24. data/man/man8/puppet-apply.8 +1 -1
  25. data/man/man8/puppet-catalog.8 +1 -1
  26. data/man/man8/puppet-config.8 +1 -1
  27. data/man/man8/puppet-describe.8 +1 -1
  28. data/man/man8/puppet-device.8 +1 -1
  29. data/man/man8/puppet-doc.8 +1 -1
  30. data/man/man8/puppet-epp.8 +1 -1
  31. data/man/man8/puppet-facts.8 +1 -1
  32. data/man/man8/puppet-filebucket.8 +1 -1
  33. data/man/man8/puppet-generate.8 +1 -1
  34. data/man/man8/puppet-help.8 +1 -1
  35. data/man/man8/puppet-lookup.8 +1 -1
  36. data/man/man8/puppet-module.8 +1 -1
  37. data/man/man8/puppet-node.8 +1 -1
  38. data/man/man8/puppet-parser.8 +1 -1
  39. data/man/man8/puppet-plugin.8 +1 -1
  40. data/man/man8/puppet-report.8 +1 -1
  41. data/man/man8/puppet-resource.8 +1 -1
  42. data/man/man8/puppet-script.8 +1 -1
  43. data/man/man8/puppet-ssl.8 +5 -1
  44. data/man/man8/puppet.8 +2 -2
  45. data/spec/integration/application/apply_spec.rb +14 -0
  46. data/spec/integration/http/client_spec.rb +16 -0
  47. data/spec/integration/type/exec_spec.rb +13 -0
  48. data/spec/unit/application/ssl_spec.rb +49 -0
  49. data/spec/unit/defaults_spec.rb +2 -40
  50. data/spec/unit/file_system/path_pattern_spec.rb +15 -0
  51. data/spec/unit/functions/split_spec.rb +6 -0
  52. data/spec/unit/ssl/certificate_signer_spec.rb +17 -0
  53. data/spec/unit/ssl/ssl_provider_spec.rb +2 -2
  54. data/spec/unit/util/execution_spec.rb +1 -0
  55. data/spec/unit/util/windows/adsi_spec.rb +25 -0
  56. metadata +9 -13
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-DESCRIBE" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-DESCRIBE" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-describe\fR \- Display help about resource types
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-DEVICE" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-DEVICE" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-device\fR \- Manage remote network devices
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-DOC" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-DOC" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-doc\fR \- Generate Puppet references
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-EPP" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-EPP" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-epp\fR \- Interact directly with the EPP template parser/renderer\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-FACTS" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-FACTS" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-facts\fR \- Retrieve and store facts\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-FILEBUCKET" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-FILEBUCKET" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-filebucket\fR \- Store and retrieve files in a filebucket
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-GENERATE" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-GENERATE" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-generate\fR \- Generates Puppet code from Ruby definitions\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-HELP" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-HELP" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-help\fR \- Display Puppet help\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-LOOKUP" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-LOOKUP" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-lookup\fR \- Interactive Hiera lookup
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-MODULE" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-MODULE" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-NODE" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-NODE" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-node\fR \- View and manage node definitions\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-PARSER" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-PARSER" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-parser\fR \- Interact directly with the parser\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-PLUGIN" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-PLUGIN" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-REPORT" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-REPORT" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-report\fR \- Create, display, and submit reports\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-RESOURCE" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-RESOURCE" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-resource\fR \- The resource abstraction layer shell
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-SCRIPT" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-SCRIPT" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-SSL" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-SSL" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients
@@ -42,6 +42,10 @@ submit_request
42
42
  Generate a certificate signing request (CSR) and submit it to the CA\. If a private and public key pair already exist, they will be used to generate the CSR\. Otherwise a new key pair will be generated\. If a CSR has already been submitted with the given \fBcertname\fR, then the operation will fail\.
43
43
  .
44
44
  .TP
45
+ generate_request
46
+ Generate a certificate signing request (CSR)\. If a private and public key pair already exist, they will be used to generate the CSR\. Otherwise a new key pair will be generated\.
47
+ .
48
+ .TP
45
49
  download_cert
46
50
  Download a certificate for this host\. If the current private key matches the downloaded certificate, then the certificate will be saved and used for subsequent requests\. If there is already an existing certificate, it will be overwritten\.
47
51
  .
data/man/man8/puppet.8 CHANGED
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET" "8" "May 2023" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET" "8" "October 2023" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
25
25
  catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
26
26
  .
27
27
  .P
28
- See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v7\.25\.0
28
+ See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v7\.27\.0
@@ -755,5 +755,19 @@ class amod::bad_type {
755
755
  .and output(/Notify\[runs before file\]/).to_stdout
756
756
  .and output(/Validation of File.* failed: You cannot specify more than one of content, source, target/).to_stderr
757
757
  end
758
+
759
+ it "applies deferred sensitive file content" do
760
+ manifest = <<~END
761
+ file { '#{deferred_file}':
762
+ ensure => file,
763
+ content => Deferred('new', [Sensitive, "hello\n"])
764
+ }
765
+ END
766
+ apply.command_line.args = ['-e', manifest]
767
+ expect {
768
+ apply.run
769
+ }.to exit_with(0)
770
+ .and output(/ensure: changed \[redacted\] to \[redacted\]/).to_stdout
771
+ end
758
772
  end
759
773
  end
@@ -175,6 +175,22 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
175
175
  end
176
176
  end
177
177
 
178
+ context 'ensure that retrying does not attempt to read the body after closing the connection' do
179
+ let(:client) { Puppet::HTTP::Client.new(retry_limit: 1) }
180
+ it 'raises a retry error instead' do
181
+ response_proc = -> (req, res) {
182
+ res['Retry-After'] = 1
183
+ res.status = 503
184
+ }
185
+
186
+ https_server.start_server(response_proc: response_proc) do |port|
187
+ uri = URI("https://127.0.0.1:#{port}")
188
+ kwargs = {headers: {'Content-Type' => 'text/plain'}, options: {ssl_context: root_context}}
189
+ expect{client.post(uri, '', **kwargs)}.to raise_error(Puppet::HTTP::TooManyRetryAfters)
190
+ end
191
+ end
192
+ end
193
+
178
194
  context 'persistent connections' do
179
195
  it "detects when the server has closed the connection and reconnects" do
180
196
  Puppet[:http_debug] = true
@@ -75,6 +75,19 @@ describe Puppet::Type.type(:exec), unless: Puppet::Util::Platform.jruby? do
75
75
  end
76
76
  end
77
77
 
78
+ context 'when an exec sends an EOF' do
79
+ let(:command) { ["/bin/bash", "-c", "exec /bin/sleep 1 >/dev/null 2>&1"] }
80
+
81
+ it 'should not take significant user time' do
82
+ exec = described_class.new :command => command, :path => ENV['PATH']
83
+ catalog.add_resource exec
84
+ timed_apply = Benchmark.measure { catalog.apply }
85
+ # In testing I found the user time before the patch in 4f35fd262e to be above
86
+ # 0.3, after the patch it was consistently below 0.1 seconds.
87
+ expect(timed_apply.utime).to be < 0.3
88
+ end
89
+ end
90
+
78
91
  context 'when command is a string' do
79
92
  let(:command) { "ruby -e 'File.open(\"#{path}\", \"w\") { |f| f.print \"foo\" }'" }
80
93
 
@@ -171,6 +171,50 @@ describe Puppet::Application::Ssl, unless: Puppet::Util::Platform.jruby? do
171
171
  end
172
172
  end
173
173
 
174
+ context 'when generating a CSR' do
175
+ let(:csr_path) { Puppet[:hostcsr] }
176
+ let(:requestdir) { Puppet[:requestdir] }
177
+
178
+ before do
179
+ ssl.command_line.args << 'generate_request'
180
+ end
181
+
182
+ it 'generates an RSA private key' do
183
+ File.unlink(Puppet[:hostprivkey])
184
+
185
+ expects_command_to_pass(%r{Generated certificate request in '#{csr_path}'})
186
+ end
187
+
188
+ it 'generates an EC private key' do
189
+ Puppet[:key_type] = 'ec'
190
+ File.unlink(Puppet[:hostprivkey])
191
+
192
+ expects_command_to_pass(%r{Generated certificate request in '#{csr_path}'})
193
+ end
194
+
195
+ it 'registers OIDs' do
196
+ expect(Puppet::SSL::Oids).to receive(:register_puppet_oids)
197
+
198
+ expects_command_to_pass(%r{Generated certificate request in '#{csr_path}'})
199
+ end
200
+
201
+ it 'saves the CSR locally' do
202
+ expects_command_to_pass(%r{Generated certificate request in '#{csr_path}'})
203
+
204
+ expect(Puppet::FileSystem).to be_exist(csr_path)
205
+ end
206
+
207
+ it 'accepts dns alt names' do
208
+ Puppet[:dns_alt_names] = 'majortom'
209
+
210
+ expects_command_to_pass
211
+
212
+ csr = Puppet::SSL::CertificateRequest.new(name)
213
+ csr.read(csr_path)
214
+ expect(csr.subject_alt_names).to include('DNS:majortom')
215
+ end
216
+ end
217
+
174
218
  context 'when downloading a certificate' do
175
219
  before do
176
220
  ssl.command_line.args << 'download_cert'
@@ -347,6 +391,11 @@ describe Puppet::Application::Ssl, unless: Puppet::Util::Platform.jruby? do
347
391
  expects_command_to_fail(%r{Failed to connect to the CA to determine if certificate #{name} has been cleaned})
348
392
  end
349
393
 
394
+ it 'raises if we have extra args' do
395
+ ssl.command_line.args << 'hostname.example.biz'
396
+ expects_command_to_fail(/Extra arguments detected: hostname.example.biz/)
397
+ end
398
+
350
399
  context 'when deleting local CA' do
351
400
  before do
352
401
  ssl.command_line.args << '--localca'
@@ -3,46 +3,8 @@ require 'puppet/settings'
3
3
 
4
4
  describe "Defaults" do
5
5
  describe ".default_diffargs" do
6
- describe "on AIX" do
7
- before(:each) do
8
- allow(Facter).to receive(:value).with(:kernel).and_return("AIX")
9
- end
10
-
11
- describe "on 5.3" do
12
- before(:each) do
13
- allow(Facter).to receive(:value).with(:kernelmajversion).and_return("5300")
14
- end
15
-
16
- it "should be empty" do
17
- expect(Puppet.default_diffargs).to eq("")
18
- end
19
- end
20
-
21
- [ "",
22
- nil,
23
- "6300",
24
- "7300",
25
- ].each do |kernel_version|
26
- describe "on kernel version #{kernel_version.inspect}" do
27
- before(:each) do
28
- allow(Facter).to receive(:value).with(:kernelmajversion).and_return(kernel_version)
29
- end
30
-
31
- it "should be '-u'" do
32
- expect(Puppet.default_diffargs).to eq("-u")
33
- end
34
- end
35
- end
36
- end
37
-
38
- describe "on everything else" do
39
- before(:each) do
40
- allow(Facter).to receive(:value).with(:kernel).and_return("NOT_AIX")
41
- end
42
-
43
- it "should be '-u'" do
44
- expect(Puppet.default_diffargs).to eq("-u")
45
- end
6
+ it "should be '-u'" do
7
+ expect(Puppet.default_diffargs).to eq("-u")
46
8
  end
47
9
  end
48
10
 
@@ -1,6 +1,7 @@
1
1
  require 'spec_helper'
2
2
  require 'puppet_spec/files'
3
3
  require 'puppet/file_system'
4
+ require 'puppet/util'
4
5
 
5
6
  describe Puppet::FileSystem::PathPattern do
6
7
  include PuppetSpec::Files
@@ -132,6 +133,20 @@ describe Puppet::FileSystem::PathPattern do
132
133
  File.join(dir, "found_two")])
133
134
  end
134
135
 
136
+ it 'globs wildcard patterns properly' do
137
+ # See PUP-11788 and https://github.com/jruby/jruby/issues/7836.
138
+ pending 'JRuby does not properly handle Dir.glob' if Puppet::Util::Platform.jruby?
139
+
140
+ dir = tmpdir('globtest')
141
+ create_file_in(dir, 'foo.pp')
142
+ create_file_in(dir, 'foo.pp.pp')
143
+
144
+ pattern = Puppet::FileSystem::PathPattern.absolute(File.join(dir, '**/*.pp'))
145
+
146
+ expect(pattern.glob).to match_array([File.join(dir, 'foo.pp'),
147
+ File.join(dir, 'foo.pp.pp')])
148
+ end
149
+
135
150
  def create_file_in(dir, name)
136
151
  File.open(File.join(dir, name), "w") { |f| f.puts "data" }
137
152
  end
@@ -50,4 +50,10 @@ describe 'the split function' do
50
50
  it 'should handle pattern in Regexp Type form with missing regular expression' do
51
51
  expect(split('ab',type_parser.parse('Regexp'))).to eql(['a', 'b'])
52
52
  end
53
+
54
+ it 'should handle sensitive String' do
55
+ expect(split(Puppet::Pops::Types::PSensitiveType::Sensitive.new('a,b'), ',')).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
56
+ expect(split(Puppet::Pops::Types::PSensitiveType::Sensitive.new('a,b'), /,/)).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
57
+ expect(split(Puppet::Pops::Types::PSensitiveType::Sensitive.new('a,b'), type_parser.parse('Regexp[/,/]'))).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
58
+ end
53
59
  end
@@ -0,0 +1,17 @@
1
+ require 'spec_helper'
2
+
3
+ describe Puppet::SSL::CertificateSigner do
4
+ include PuppetSpec::Files
5
+
6
+ let(:wrong_key) { OpenSSL::PKey::RSA.new(512) }
7
+ let(:client_cert) { cert_fixture('signed.pem') }
8
+
9
+ # jruby-openssl >= 0.13.0 (JRuby >= 9.3.5.0) raises an error when signing a
10
+ # certificate when there is a discrepancy between the certificate and key.
11
+ it 'raises if client cert signature is invalid', if: Puppet::Util::Platform.jruby? && RUBY_VERSION.to_f >= 2.6 do
12
+ expect {
13
+ client_cert.sign(wrong_key, OpenSSL::Digest::SHA256.new)
14
+ }.to raise_error(OpenSSL::X509::CertificateError,
15
+ 'invalid public key data')
16
+ end
17
+ end
@@ -298,7 +298,7 @@ describe Puppet::SSL::SSLProvider do
298
298
  ).to eq(['CN=signed', 'CN=Test CA Subauthority', 'CN=Test CA'])
299
299
  end
300
300
 
301
- it 'raises if client cert signature is invalid' do
301
+ it 'raises if client cert signature is invalid', unless: Puppet::Util::Platform.jruby? && RUBY_VERSION.to_f >= 2.6 do
302
302
  client_cert.sign(wrong_key, OpenSSL::Digest::SHA256.new)
303
303
  expect {
304
304
  subject.create_context(**config.merge(client_cert: client_cert))
@@ -337,7 +337,7 @@ describe Puppet::SSL::SSLProvider do
337
337
  end
338
338
  end
339
339
 
340
- it 'raises if intermediate CA signature is invalid' do
340
+ it 'raises if intermediate CA signature is invalid', unless: Puppet::Util::Platform.jruby? && RUBY_VERSION.to_f >= 2.6 do
341
341
  int = global_cacerts.last
342
342
  int.sign(wrong_key, OpenSSL::Digest::SHA256.new)
343
343
 
@@ -29,6 +29,7 @@ describe Puppet::Util::Execution, if: !Puppet::Util::Platform.jruby? do
29
29
  allow(FFI::WIN32).to receive(:CloseHandle).with(thread_handle)
30
30
  else
31
31
  allow(Process).to receive(:waitpid2).with(pid, Process::WNOHANG).and_return(nil, [pid, double('child_status', :exitstatus => exitstatus)])
32
+ allow(Process).to receive(:waitpid2).with(pid, 0).and_return(nil, [pid, double('child_status', :exitstatus => exitstatus)])
32
33
  allow(Process).to receive(:waitpid2).with(pid).and_return([pid, double('child_status', :exitstatus => exitstatus)])
33
34
  end
34
35
  end
@@ -95,6 +95,31 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet::Util::Platform.windows? do
95
95
  end
96
96
  end
97
97
 
98
+ describe '.get_sids' do
99
+ it 'returns an array of SIDs given two an array of ADSI children' do
100
+ child1 = double('child1', name: 'Administrator', sid: 'S-1-5-21-3882680660-671291151-3888264257-500')
101
+ child2 = double('child2', name: 'Guest', sid: 'S-1-5-21-3882680660-671291151-3888264257-501')
102
+ allow(Puppet::Util::Windows::SID).to receive(:ads_to_principal).with(child1).and_return('Administrator')
103
+ allow(Puppet::Util::Windows::SID).to receive(:ads_to_principal).with(child2).and_return('Guest')
104
+ sids = Puppet::Util::Windows::ADSI::ADSIObject.get_sids([child1, child2])
105
+ expect(sids).to eq(['Administrator', 'Guest'])
106
+ end
107
+
108
+ it 'returns an array of SIDs given an ADSI child and ads_to_principal returning domain failure' do
109
+ child = double('child1', name: 'Administrator', sid: 'S-1-5-21-3882680660-671291151-3888264257-500')
110
+ allow(Puppet::Util::Windows::SID).to receive(:ads_to_principal).with(child).and_raise(Puppet::Util::Windows::Error.new('', Puppet::Util::Windows::SID::ERROR_TRUSTED_DOMAIN_FAILURE))
111
+ sids = Puppet::Util::Windows::ADSI::ADSIObject.get_sids([child])
112
+ expect(sids[0]).to eq(Puppet::Util::Windows::SID::Principal.new(child.name, child.sid, child.name, nil, :SidTypeUnknown))
113
+ end
114
+
115
+ it 'returns an array of SIDs given an ADSI child and ads_to_principal returning relationship failure' do
116
+ child = double('child1', name: 'Administrator', sid: 'S-1-5-21-3882680660-671291151-3888264257-500')
117
+ allow(Puppet::Util::Windows::SID).to receive(:ads_to_principal).with(child).and_raise(Puppet::Util::Windows::Error.new('', Puppet::Util::Windows::SID::ERROR_TRUSTED_RELATIONSHIP_FAILURE))
118
+ sids = Puppet::Util::Windows::ADSI::ADSIObject.get_sids([child])
119
+ expect(sids[0]).to eq(Puppet::Util::Windows::SID::Principal.new(child.name, child.sid, child.name, nil, :SidTypeUnknown))
120
+ end
121
+ end
122
+
98
123
  describe Puppet::Util::Windows::ADSI::User do
99
124
  let(:username) { 'testuser' }
100
125
  let(:domain) { 'DOMAIN' }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puppet
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.25.0
4
+ version: 7.27.0
5
5
  platform: x64-mingw32
6
6
  authors:
7
7
  - Puppet Labs
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-06-13 00:00:00.000000000 Z
11
+ date: 2023-10-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: facter
@@ -172,22 +172,16 @@ dependencies:
172
172
  name: ffi
173
173
  requirement: !ruby/object:Gem::Requirement
174
174
  requirements:
175
- - - ">"
176
- - !ruby/object:Gem::Version
177
- version: 1.9.24
178
- - - "<"
175
+ - - '='
179
176
  - !ruby/object:Gem::Version
180
- version: '2'
177
+ version: 1.15.5
181
178
  type: :runtime
182
179
  prerelease: false
183
180
  version_requirements: !ruby/object:Gem::Requirement
184
181
  requirements:
185
- - - ">"
186
- - !ruby/object:Gem::Version
187
- version: 1.9.24
188
- - - "<"
182
+ - - '='
189
183
  - !ruby/object:Gem::Version
190
- version: '2'
184
+ version: 1.15.5
191
185
  - !ruby/object:Gem::Dependency
192
186
  name: minitar
193
187
  requirement: !ruby/object:Gem::Requirement
@@ -2413,6 +2407,7 @@ files:
2413
2407
  - spec/unit/ssl/base_spec.rb
2414
2408
  - spec/unit/ssl/certificate_request_attributes_spec.rb
2415
2409
  - spec/unit/ssl/certificate_request_spec.rb
2410
+ - spec/unit/ssl/certificate_signer_spec.rb
2416
2411
  - spec/unit/ssl/certificate_spec.rb
2417
2412
  - spec/unit/ssl/digest_spec.rb
2418
2413
  - spec/unit/ssl/oids_spec.rb
@@ -2575,7 +2570,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
2575
2570
  - !ruby/object:Gem::Version
2576
2571
  version: 1.3.1
2577
2572
  requirements: []
2578
- rubygems_version: 3.4.12
2573
+ rubygems_version: 3.4.20
2579
2574
  signing_key:
2580
2575
  specification_version: 4
2581
2576
  summary: Puppet, an automated configuration management tool
@@ -3676,6 +3671,7 @@ test_files:
3676
3671
  - spec/unit/ssl/base_spec.rb
3677
3672
  - spec/unit/ssl/certificate_request_attributes_spec.rb
3678
3673
  - spec/unit/ssl/certificate_request_spec.rb
3674
+ - spec/unit/ssl/certificate_signer_spec.rb
3679
3675
  - spec/unit/ssl/certificate_spec.rb
3680
3676
  - spec/unit/ssl/digest_spec.rb
3681
3677
  - spec/unit/ssl/oids_spec.rb