RubyGems - puppet - Versions diffs - 7.4.0-universal-darwin → 7.8.0-universal-darwin - Mend

puppet 7.4.0-universal-darwin → 7.8.0-universal-darwin

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (685) hide show

checksums.yaml +4 -4
data/CONTRIBUTING.md +2 -2
data/Gemfile +2 -1
data/Gemfile.lock +30 -24
data/ext/osx/puppet.plist +2 -0
data/install.rb +11 -11
data/lib/hiera_puppet.rb +1 -1
data/lib/puppet.rb +37 -37
data/lib/puppet/agent.rb +6 -6
data/lib/puppet/agent/disabler.rb +1 -1
data/lib/puppet/agent/locker.rb +2 -2
data/lib/puppet/application.rb +6 -6
data/lib/puppet/application/agent.rb +18 -11
data/lib/puppet/application/apply.rb +6 -5
data/lib/puppet/application/catalog.rb +1 -1
data/lib/puppet/application/config.rb +1 -1
data/lib/puppet/application/describe.rb +1 -1
data/lib/puppet/application/device.rb +8 -7
data/lib/puppet/application/doc.rb +7 -7
data/lib/puppet/application/epp.rb +2 -2
data/lib/puppet/application/face_base.rb +2 -2
data/lib/puppet/application/facts.rb +1 -1
data/lib/puppet/application/filebucket.rb +2 -2
data/lib/puppet/application/generate.rb +1 -1
data/lib/puppet/application/help.rb +1 -1
data/lib/puppet/application/indirection_base.rb +1 -1
data/lib/puppet/application/lookup.rb +6 -6
data/lib/puppet/application/module.rb +1 -1
data/lib/puppet/application/node.rb +1 -1
data/lib/puppet/application/parser.rb +2 -2
data/lib/puppet/application/plugin.rb +1 -1
data/lib/puppet/application/report.rb +1 -1
data/lib/puppet/application/resource.rb +3 -2
data/lib/puppet/application/script.rb +6 -5
data/lib/puppet/application/ssl.rb +13 -2
data/lib/puppet/application_support.rb +4 -4
data/lib/puppet/compilable_resource_type.rb +1 -1
data/lib/puppet/concurrent/lock.rb +1 -1
data/lib/puppet/configurer.rb +4 -4
data/lib/puppet/configurer/downloader.rb +4 -3
data/lib/puppet/configurer/fact_handler.rb +3 -3
data/lib/puppet/configurer/plugin_handler.rb +1 -1
data/lib/puppet/confine.rb +1 -1
data/lib/puppet/confine/boolean.rb +1 -1
data/lib/puppet/confine/exists.rb +1 -1
data/lib/puppet/confine/false.rb +1 -1
data/lib/puppet/confine/feature.rb +1 -1
data/lib/puppet/confine/true.rb +1 -1
data/lib/puppet/confine/variable.rb +1 -1
data/lib/puppet/confine_collection.rb +1 -1
data/lib/puppet/confiner.rb +1 -1
data/lib/puppet/context.rb +2 -2
data/lib/puppet/context/trusted_information.rb +1 -1
data/lib/puppet/daemon.rb +2 -2
data/lib/puppet/data_binding.rb +1 -1
data/lib/puppet/datatypes/error.rb +1 -1
data/lib/puppet/defaults.rb +18 -12
data/lib/puppet/environments.rb +17 -2
data/lib/puppet/etc.rb +1 -1
data/lib/puppet/external/pson/common.rb +1 -1
data/lib/puppet/external/pson/pure.rb +3 -3
data/lib/puppet/face.rb +1 -1
data/lib/puppet/face/catalog.rb +1 -1
data/lib/puppet/face/config.rb +2 -2
data/lib/puppet/face/epp.rb +6 -6
data/lib/puppet/face/facts.rb +2 -2
data/lib/puppet/face/generate.rb +2 -2
data/lib/puppet/face/help.rb +3 -3
data/lib/puppet/face/module.rb +3 -3
data/lib/puppet/face/module/install.rb +2 -2
data/lib/puppet/face/node.rb +1 -1
data/lib/puppet/face/parser.rb +4 -4
data/lib/puppet/face/plugin.rb +2 -2
data/lib/puppet/face/report.rb +1 -1
data/lib/puppet/face/resource.rb +1 -1
data/lib/puppet/feature/base.rb +2 -2
data/lib/puppet/feature/bolt.rb +1 -1
data/lib/puppet/feature/cfpropertylist.rb +1 -1
data/lib/puppet/feature/eventlog.rb +1 -1
data/lib/puppet/feature/hiera_eyaml.rb +1 -1
data/lib/puppet/feature/hocon.rb +1 -1
data/lib/puppet/feature/libuser.rb +2 -2
data/lib/puppet/feature/msgpack.rb +1 -1
data/lib/puppet/feature/pe_license.rb +1 -1
data/lib/puppet/feature/selinux.rb +1 -1
data/lib/puppet/feature/ssh.rb +1 -1
data/lib/puppet/feature/telnet.rb +1 -1
data/lib/puppet/feature/zlib.rb +1 -1
data/lib/puppet/ffi/posix.rb +2 -2
data/lib/puppet/ffi/posix/constants.rb +1 -1
data/lib/puppet/ffi/posix/functions.rb +1 -1
data/lib/puppet/ffi/windows.rb +4 -4
data/lib/puppet/ffi/windows/api_types.rb +3 -3
data/lib/puppet/ffi/windows/constants.rb +1 -1
data/lib/puppet/ffi/windows/functions.rb +1 -1
data/lib/puppet/ffi/windows/structs.rb +1 -1
data/lib/puppet/file_bucket/dipper.rb +4 -4
data/lib/puppet/file_bucket/file.rb +3 -3
data/lib/puppet/file_serving/base.rb +2 -2
data/lib/puppet/file_serving/configuration.rb +10 -10
data/lib/puppet/file_serving/configuration/parser.rb +2 -2
data/lib/puppet/file_serving/content.rb +3 -3
data/lib/puppet/file_serving/fileset.rb +16 -4
data/lib/puppet/file_serving/http_metadata.rb +1 -1
data/lib/puppet/file_serving/metadata.rb +6 -6
data/lib/puppet/file_serving/mount.rb +4 -4
data/lib/puppet/file_serving/mount/file.rb +1 -1
data/lib/puppet/file_serving/mount/locales.rb +1 -1
data/lib/puppet/file_serving/mount/modules.rb +1 -1
data/lib/puppet/file_serving/mount/pluginfacts.rb +1 -1
data/lib/puppet/file_serving/mount/plugins.rb +1 -1
data/lib/puppet/file_serving/mount/tasks.rb +1 -1
data/lib/puppet/file_serving/terminus_helper.rb +2 -2
data/lib/puppet/file_serving/terminus_selector.rb +1 -1
data/lib/puppet/file_system.rb +9 -9
data/lib/puppet/file_system/jruby.rb +1 -1
data/lib/puppet/file_system/memory_file.rb +8 -1
data/lib/puppet/file_system/path_pattern.rb +1 -1
data/lib/puppet/file_system/uniquefile.rb +1 -1
data/lib/puppet/file_system/windows.rb +4 -2
data/lib/puppet/forge.rb +5 -5
data/lib/puppet/forge/cache.rb +1 -1
data/lib/puppet/forge/errors.rb +3 -3
data/lib/puppet/forge/repository.rb +4 -4
data/lib/puppet/functions.rb +1 -1
data/lib/puppet/functions/all.rb +1 -1
data/lib/puppet/functions/camelcase.rb +1 -1
data/lib/puppet/functions/capitalize.rb +2 -2
data/lib/puppet/functions/downcase.rb +2 -2
data/lib/puppet/functions/get.rb +5 -5
data/lib/puppet/functions/group_by.rb +13 -5
data/lib/puppet/functions/lest.rb +1 -1
data/lib/puppet/functions/new.rb +100 -100
data/lib/puppet/functions/partition.rb +12 -4
data/lib/puppet/functions/require.rb +5 -5
data/lib/puppet/functions/sort.rb +3 -3
data/lib/puppet/functions/tree_each.rb +7 -9
data/lib/puppet/functions/type.rb +4 -4
data/lib/puppet/functions/upcase.rb +2 -2
data/lib/puppet/functions/versioncmp.rb +1 -1
data/lib/puppet/generate/models/type/type.rb +1 -1
data/lib/puppet/generate/type.rb +2 -2
data/lib/puppet/gettext/config.rb +3 -3
data/lib/puppet/gettext/module_translations.rb +1 -1
data/lib/puppet/graph.rb +6 -6
data/lib/puppet/graph/simple_graph.rb +2 -2
data/lib/puppet/http.rb +26 -26
data/lib/puppet/http/factory.rb +6 -2
data/lib/puppet/http/proxy.rb +1 -1
data/lib/puppet/http/resolver/server_list.rb +15 -4
data/lib/puppet/http/service/compiler.rb +73 -1
data/lib/puppet/http/service/file_server.rb +3 -2
data/lib/puppet/indirector.rb +5 -5
data/lib/puppet/indirector/catalog/compiler.rb +7 -6
data/lib/puppet/indirector/catalog/json.rb +2 -2
data/lib/puppet/indirector/catalog/msgpack.rb +2 -2
data/lib/puppet/indirector/catalog/rest.rb +2 -2
data/lib/puppet/indirector/catalog/store_configs.rb +2 -2
data/lib/puppet/indirector/catalog/yaml.rb +2 -2
data/lib/puppet/indirector/code.rb +1 -1
data/lib/puppet/indirector/data_binding/hiera.rb +1 -1
data/lib/puppet/indirector/data_binding/none.rb +1 -1
data/lib/puppet/indirector/direct_file_server.rb +2 -2
data/lib/puppet/indirector/envelope.rb +1 -1
data/lib/puppet/indirector/errors.rb +1 -1
data/lib/puppet/indirector/exec.rb +2 -2
data/lib/puppet/indirector/face.rb +1 -1
data/lib/puppet/indirector/facts/facter.rb +2 -2
data/lib/puppet/indirector/facts/json.rb +3 -3
data/lib/puppet/indirector/facts/memory.rb +2 -2
data/lib/puppet/indirector/facts/network_device.rb +2 -2
data/lib/puppet/indirector/facts/rest.rb +2 -2
data/lib/puppet/indirector/facts/store_configs.rb +2 -2
data/lib/puppet/indirector/facts/yaml.rb +3 -3
data/lib/puppet/indirector/file_bucket_file/file.rb +4 -4
data/lib/puppet/indirector/file_bucket_file/rest.rb +2 -2
data/lib/puppet/indirector/file_bucket_file/selector.rb +1 -1
data/lib/puppet/indirector/file_content.rb +1 -1
data/lib/puppet/indirector/file_content/file.rb +3 -3
data/lib/puppet/indirector/file_content/file_server.rb +3 -3
data/lib/puppet/indirector/file_content/rest.rb +3 -3
data/lib/puppet/indirector/file_content/selector.rb +4 -4
data/lib/puppet/indirector/file_metadata.rb +1 -1
data/lib/puppet/indirector/file_metadata/file.rb +3 -3
data/lib/puppet/indirector/file_metadata/file_server.rb +3 -3
data/lib/puppet/indirector/file_metadata/http.rb +3 -3
data/lib/puppet/indirector/file_metadata/rest.rb +4 -3
data/lib/puppet/indirector/file_metadata/selector.rb +4 -4
data/lib/puppet/indirector/file_server.rb +4 -4
data/lib/puppet/indirector/generic_http.rb +1 -1
data/lib/puppet/indirector/hiera.rb +1 -1
data/lib/puppet/indirector/indirection.rb +5 -5
data/lib/puppet/indirector/json.rb +2 -2
data/lib/puppet/indirector/memory.rb +1 -1
data/lib/puppet/indirector/msgpack.rb +2 -2
data/lib/puppet/indirector/node/exec.rb +2 -2
data/lib/puppet/indirector/node/json.rb +2 -2
data/lib/puppet/indirector/node/memory.rb +2 -2
data/lib/puppet/indirector/node/msgpack.rb +2 -2
data/lib/puppet/indirector/node/plain.rb +2 -2
data/lib/puppet/indirector/node/rest.rb +2 -2
data/lib/puppet/indirector/node/store_configs.rb +2 -2
data/lib/puppet/indirector/node/yaml.rb +2 -2
data/lib/puppet/indirector/none.rb +1 -1
data/lib/puppet/indirector/plain.rb +1 -1
data/lib/puppet/indirector/report/json.rb +2 -2
data/lib/puppet/indirector/report/msgpack.rb +2 -2
data/lib/puppet/indirector/report/processor.rb +3 -3
data/lib/puppet/indirector/report/rest.rb +1 -1
data/lib/puppet/indirector/report/yaml.rb +2 -2
data/lib/puppet/indirector/request.rb +3 -3
data/lib/puppet/indirector/resource/ral.rb +1 -1
data/lib/puppet/indirector/resource/store_configs.rb +2 -2
data/lib/puppet/indirector/terminus.rb +5 -5
data/lib/puppet/indirector/yaml.rb +2 -2
data/lib/puppet/info_service.rb +3 -3
data/lib/puppet/info_service/class_information_service.rb +3 -3
data/lib/puppet/info_service/plan_information_service.rb +1 -1
data/lib/puppet/info_service/task_information_service.rb +1 -1
data/lib/puppet/interface.rb +10 -10
data/lib/puppet/interface/documentation.rb +1 -1
data/lib/puppet/loaders.rb +21 -25
data/lib/puppet/metatype/manager.rb +3 -3
data/lib/puppet/module.rb +5 -4
data/lib/puppet/module/plan.rb +1 -1
data/lib/puppet/module/task.rb +1 -1
data/lib/puppet/module_tool.rb +10 -10
data/lib/puppet/module_tool/applications.rb +7 -7
data/lib/puppet/module_tool/applications/application.rb +2 -2
data/lib/puppet/module_tool/applications/checksummer.rb +2 -2
data/lib/puppet/module_tool/applications/installer.rb +7 -7
data/lib/puppet/module_tool/applications/unpacker.rb +2 -2
data/lib/puppet/module_tool/applications/upgrader.rb +5 -5
data/lib/puppet/module_tool/checksums.rb +1 -1
data/lib/puppet/module_tool/contents_description.rb +1 -1
data/lib/puppet/module_tool/dependency.rb +2 -2
data/lib/puppet/module_tool/errors.rb +6 -6
data/lib/puppet/module_tool/install_directory.rb +2 -2
data/lib/puppet/module_tool/installed_modules.rb +2 -2
data/lib/puppet/module_tool/local_tarball.rb +2 -2
data/lib/puppet/module_tool/metadata.rb +3 -3
data/lib/puppet/module_tool/tar.rb +4 -4
data/lib/puppet/network/format.rb +1 -1
data/lib/puppet/network/format_handler.rb +3 -3
data/lib/puppet/network/format_support.rb +1 -1
data/lib/puppet/network/formats.rb +2 -2
data/lib/puppet/network/http.rb +17 -14
data/lib/puppet/network/http/api.rb +11 -7
data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
data/lib/puppet/network/http/api/master.rb +3 -2
data/lib/puppet/network/http/api/master/v3.rb +2 -25
data/lib/puppet/network/http/api/master/v3/environments.rb +2 -33
data/lib/puppet/network/http/api/server.rb +10 -0
data/lib/puppet/network/http/api/server/v3.rb +39 -0
data/lib/puppet/network/http/api/server/v3/environments.rb +48 -0
data/lib/puppet/network/http/connection.rb +1 -1
data/lib/puppet/network/http/error.rb +1 -1
data/lib/puppet/network/http/handler.rb +3 -3
data/lib/puppet/network/http_pool.rb +1 -1
data/lib/puppet/node.rb +3 -3
data/lib/puppet/node/environment.rb +15 -8
data/lib/puppet/node/facts.rb +3 -3
data/lib/puppet/pal/pal_api.rb +10 -10
data/lib/puppet/pal/pal_impl.rb +3 -3
data/lib/puppet/parameter.rb +4 -4
data/lib/puppet/parameter/boolean.rb +1 -1
data/lib/puppet/parameter/package_options.rb +1 -1
data/lib/puppet/parameter/path.rb +1 -1
data/lib/puppet/parameter/value.rb +1 -1
data/lib/puppet/parameter/value_collection.rb +1 -1
data/lib/puppet/parser.rb +10 -10
data/lib/puppet/parser/ast.rb +8 -8
data/lib/puppet/parser/ast/hostclass.rb +1 -1
data/lib/puppet/parser/ast/pops_bridge.rb +2 -2
data/lib/puppet/parser/catalog_compiler.rb +2 -2
data/lib/puppet/parser/compiler.rb +5 -5
data/lib/puppet/parser/e4_parser_adapter.rb +1 -1
data/lib/puppet/parser/functions.rb +4 -4
data/lib/puppet/parser/functions/digest.rb +1 -1
data/lib/puppet/parser/functions/file.rb +1 -1
data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
data/lib/puppet/parser/functions/versioncmp.rb +1 -1
data/lib/puppet/parser/parser_factory.rb +2 -2
data/lib/puppet/parser/resource.rb +3 -3
data/lib/puppet/parser/scope.rb +3 -3
data/lib/puppet/parser/script_compiler.rb +2 -2
data/lib/puppet/parser/templatewrapper.rb +2 -2
data/lib/puppet/parser/type_loader.rb +1 -1
data/lib/puppet/plugins/configuration.rb +5 -5
data/lib/puppet/pops.rb +57 -57
data/lib/puppet/pops/evaluator/deferred_resolver.rb +1 -1
data/lib/puppet/pops/evaluator/evaluator_impl.rb +7 -7
data/lib/puppet/pops/evaluator/external_syntax_support.rb +1 -1
data/lib/puppet/pops/loader/base_loader.rb +42 -32
data/lib/puppet/pops/loader/dependency_loader.rb +2 -2
data/lib/puppet/pops/loader/loader.rb +15 -5
data/lib/puppet/pops/loader/module_loaders.rb +8 -8
data/lib/puppet/pops/loader/predefined_loader.rb +4 -0
data/lib/puppet/pops/loader/runtime3_type_loader.rb +1 -1
data/lib/puppet/pops/loader/static_loader.rb +4 -0
data/lib/puppet/pops/loader/task_instantiator.rb +1 -1
data/lib/puppet/pops/loaders.rb +4 -4
data/lib/puppet/pops/lookup/invocation.rb +1 -1
data/lib/puppet/pops/model/ast_transformer.rb +1 -1
data/lib/puppet/pops/model/pn_transformer.rb +1 -1
data/lib/puppet/pops/parser/eparser.rb +2 -2
data/lib/puppet/pops/parser/evaluating_parser.rb +1 -1
data/lib/puppet/pops/parser/lexer2.rb +5 -9
data/lib/puppet/pops/parser/lexer_support.rb +1 -1
data/lib/puppet/pops/parser/parser_support.rb +4 -4
data/lib/puppet/pops/puppet_stack.rb +1 -1
data/lib/puppet/pops/serialization/json.rb +1 -1
data/lib/puppet/pops/serialization/json_path.rb +1 -1
data/lib/puppet/pops/time/timespan.rb +1 -1
data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
data/lib/puppet/pops/types/p_type_set_type.rb +1 -1
data/lib/puppet/pops/types/string_converter.rb +1 -1
data/lib/puppet/pops/types/type_calculator.rb +1 -1
data/lib/puppet/pops/types/type_formatter.rb +1 -1
data/lib/puppet/pops/types/type_parser.rb +1 -1
data/lib/puppet/pops/types/types.rb +1 -1
data/lib/puppet/pops/validation/checker4_0.rb +1 -2
data/lib/puppet/property.rb +3 -3
data/lib/puppet/property/boolean.rb +1 -1
data/lib/puppet/property/ensure.rb +1 -1
data/lib/puppet/property/keyvalue.rb +1 -1
data/lib/puppet/property/list.rb +1 -1
data/lib/puppet/property/ordered_list.rb +1 -1
data/lib/puppet/provider.rb +2 -2
data/lib/puppet/provider/confine.rb +2 -2
data/lib/puppet/provider/exec.rb +2 -2
data/lib/puppet/provider/exec/posix.rb +1 -1
data/lib/puppet/provider/exec/windows.rb +1 -1
data/lib/puppet/provider/file/posix.rb +1 -1
data/lib/puppet/provider/file/windows.rb +1 -1
data/lib/puppet/provider/group/aix.rb +1 -1
data/lib/puppet/provider/group/directoryservice.rb +1 -1
data/lib/puppet/provider/group/groupadd.rb +2 -2
data/lib/puppet/provider/group/ldap.rb +1 -1
data/lib/puppet/provider/group/pw.rb +1 -1
data/lib/puppet/provider/group/windows_adsi.rb +1 -1
data/lib/puppet/provider/ldap.rb +2 -2
data/lib/puppet/provider/nameservice.rb +1 -1
data/lib/puppet/provider/nameservice/directoryservice.rb +3 -3
data/lib/puppet/provider/nameservice/objectadd.rb +1 -1
data/lib/puppet/provider/nameservice/pw.rb +1 -1
data/lib/puppet/provider/package.rb +1 -1
data/lib/puppet/provider/package/aix.rb +2 -2
data/lib/puppet/provider/package/appdmg.rb +2 -2
data/lib/puppet/provider/package/apple.rb +1 -1
data/lib/puppet/provider/package/apt.rb +5 -5
data/lib/puppet/provider/package/dnfmodule.rb +2 -2
data/lib/puppet/provider/package/dpkg.rb +1 -1
data/lib/puppet/provider/package/gem.rb +3 -3
data/lib/puppet/provider/package/hpux.rb +1 -1
data/lib/puppet/provider/package/macports.rb +2 -2
data/lib/puppet/provider/package/nim.rb +13 -8
data/lib/puppet/provider/package/openbsd.rb +1 -1
data/lib/puppet/provider/package/opkg.rb +1 -1
data/lib/puppet/provider/package/pacman.rb +1 -1
data/lib/puppet/provider/package/pip.rb +3 -3
data/lib/puppet/provider/package/pkg.rb +2 -2
data/lib/puppet/provider/package/pkgdmg.rb +3 -3
data/lib/puppet/provider/package/pkgin.rb +1 -1
data/lib/puppet/provider/package/pkgng.rb +1 -1
data/lib/puppet/provider/package/portage.rb +1 -1
data/lib/puppet/provider/package/portupgrade.rb +1 -1
data/lib/puppet/provider/package/puppet_gem.rb +12 -1
data/lib/puppet/provider/package/puppetserver_gem.rb +0 -0
data/lib/puppet/provider/package/rpm.rb +2 -2
data/lib/puppet/provider/package/sun.rb +1 -1
data/lib/puppet/provider/package/windows.rb +3 -3
data/lib/puppet/provider/package/windows/exe_package.rb +1 -1
data/lib/puppet/provider/package/windows/msi_package.rb +1 -1
data/lib/puppet/provider/package/windows/package.rb +4 -4
data/lib/puppet/provider/package/yum.rb +6 -6
data/lib/puppet/provider/package/zypper.rb +3 -3
data/lib/puppet/provider/package_targetable.rb +1 -1
data/lib/puppet/provider/parsedfile.rb +3 -3
data/lib/puppet/provider/service/base.rb +6 -4
data/lib/puppet/provider/service/daemontools.rb +0 -1
data/lib/puppet/provider/service/debian.rb +3 -5
data/lib/puppet/provider/service/freebsd.rb +1 -1
data/lib/puppet/provider/service/init.rb +1 -1
data/lib/puppet/provider/service/launchd.rb +9 -3
data/lib/puppet/provider/service/service.rb +28 -3
data/lib/puppet/provider/service/smf.rb +0 -24
data/lib/puppet/provider/service/src.rb +2 -2
data/lib/puppet/provider/service/systemd.rb +18 -8
data/lib/puppet/provider/service/windows.rb +38 -0
data/lib/puppet/provider/user/aix.rb +2 -2
data/lib/puppet/provider/user/directoryservice.rb +26 -13
data/lib/puppet/provider/user/ldap.rb +1 -1
data/lib/puppet/provider/user/openbsd.rb +1 -1
data/lib/puppet/provider/user/pw.rb +1 -1
data/lib/puppet/provider/user/user_role_add.rb +2 -2
data/lib/puppet/provider/user/useradd.rb +12 -5
data/lib/puppet/provider/user/windows_adsi.rb +1 -1
data/lib/puppet/reference/configuration.rb +1 -1
data/lib/puppet/reference/indirection.rb +4 -4
data/lib/puppet/reference/report.rb +1 -1
data/lib/puppet/reports.rb +1 -1
data/lib/puppet/reports/http.rb +2 -2
data/lib/puppet/reports/log.rb +1 -1
data/lib/puppet/reports/store.rb +2 -2
data/lib/puppet/resource.rb +4 -4
data/lib/puppet/resource/catalog.rb +5 -5
data/lib/puppet/resource/status.rb +2 -2
data/lib/puppet/resource/type.rb +4 -4
data/lib/puppet/resource/type_collection.rb +4 -4
data/lib/puppet/runtime.rb +1 -1
data/lib/puppet/scheduler.rb +4 -4
data/lib/puppet/settings.rb +31 -30
data/lib/puppet/settings/autosign_setting.rb +1 -1
data/lib/puppet/settings/base_setting.rb +2 -2
data/lib/puppet/settings/certificate_revocation_setting.rb +1 -1
data/lib/puppet/settings/config_file.rb +1 -1
data/lib/puppet/settings/environment_conf.rb +1 -0
data/lib/puppet/settings/errors.rb +1 -1
data/lib/puppet/settings/priority_setting.rb +3 -3
data/lib/puppet/ssl.rb +11 -11
data/lib/puppet/ssl/base.rb +3 -3
data/lib/puppet/ssl/certificate.rb +1 -1
data/lib/puppet/ssl/certificate_request.rb +2 -2
data/lib/puppet/ssl/certificate_request_attributes.rb +2 -2
data/lib/puppet/ssl/oids.rb +1 -1
data/lib/puppet/ssl/openssl_loader.rb +1 -1
data/lib/puppet/ssl/ssl_context.rb +1 -1
data/lib/puppet/ssl/ssl_provider.rb +1 -1
data/lib/puppet/ssl/state_machine.rb +2 -2
data/lib/puppet/ssl/verifier.rb +5 -1
data/lib/puppet/syntax_checkers/base64.rb +1 -1
data/lib/puppet/syntax_checkers/epp.rb +1 -1
data/lib/puppet/syntax_checkers/json.rb +1 -1
data/lib/puppet/syntax_checkers/pp.rb +1 -1
data/lib/puppet/transaction.rb +11 -11
data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
data/lib/puppet/transaction/event.rb +4 -4
data/lib/puppet/transaction/event_manager.rb +1 -1
data/lib/puppet/transaction/persistence.rb +1 -1
data/lib/puppet/transaction/report.rb +2 -2
data/lib/puppet/transaction/resource_harness.rb +1 -1
data/lib/puppet/type.rb +14 -14
data/lib/puppet/type/component.rb +3 -3
data/lib/puppet/type/file.rb +37 -19
data/lib/puppet/type/file/checksum.rb +1 -1
data/lib/puppet/type/file/checksum_value.rb +2 -2
data/lib/puppet/type/file/content.rb +2 -2
data/lib/puppet/type/file/data_sync.rb +2 -2
data/lib/puppet/type/file/ensure.rb +1 -1
data/lib/puppet/type/file/group.rb +1 -1
data/lib/puppet/type/file/mode.rb +1 -1
data/lib/puppet/type/file/selcontext.rb +2 -2
data/lib/puppet/type/file/source.rb +4 -4
data/lib/puppet/type/filebucket.rb +1 -1
data/lib/puppet/type/group.rb +2 -2
data/lib/puppet/type/package.rb +2 -2
data/lib/puppet/type/resources.rb +2 -2
data/lib/puppet/type/service.rb +18 -38
data/lib/puppet/type/tidy.rb +24 -5
data/lib/puppet/type/user.rb +42 -24
data/lib/puppet/util.rb +43 -34
data/lib/puppet/util/at_fork.rb +3 -3
data/lib/puppet/util/at_fork/solaris.rb +1 -1
data/lib/puppet/util/autoload.rb +4 -4
data/lib/puppet/util/checksums.rb +3 -3
data/lib/puppet/util/colors.rb +1 -1
data/lib/puppet/util/command_line.rb +6 -6
data/lib/puppet/util/command_line/puppet_option_parser.rb +2 -2
data/lib/puppet/util/execution.rb +2 -2
data/lib/puppet/util/feature.rb +2 -2
data/lib/puppet/util/filetype.rb +1 -1
data/lib/puppet/util/http_proxy.rb +1 -1
data/lib/puppet/util/inifile.rb +2 -2
data/lib/puppet/util/instance_loader.rb +3 -3
data/lib/puppet/util/json_lockfile.rb +1 -1
data/lib/puppet/util/ldap/connection.rb +1 -1
data/lib/puppet/util/ldap/generator.rb +1 -1
data/lib/puppet/util/ldap/manager.rb +3 -3
data/lib/puppet/util/limits.rb +1 -1
data/lib/puppet/util/log.rb +6 -6
data/lib/puppet/util/log/destinations.rb +1 -1
data/lib/puppet/util/logging.rb +2 -2
data/lib/puppet/util/metric.rb +2 -2
data/lib/puppet/util/monkey_patches.rb +14 -3
data/lib/puppet/util/network_device/base.rb +3 -3
data/lib/puppet/util/network_device/config.rb +2 -2
data/lib/puppet/util/network_device/transport.rb +1 -1
data/lib/puppet/util/network_device/transport/base.rb +2 -2
data/lib/puppet/util/package/version/range.rb +6 -6
data/lib/puppet/util/package/version/range/eq.rb +1 -1
data/lib/puppet/util/package/version/range/gt.rb +1 -1
data/lib/puppet/util/package/version/range/gt_eq.rb +1 -1
data/lib/puppet/util/package/version/range/lt.rb +1 -1
data/lib/puppet/util/package/version/range/lt_eq.rb +1 -1
data/lib/puppet/util/package/version/range/min_max.rb +1 -1
data/lib/puppet/util/package/version/range/simple.rb +1 -1
data/lib/puppet/util/package/version/rpm.rb +1 -1
data/lib/puppet/util/pidlock.rb +1 -1
data/lib/puppet/util/plist.rb +1 -1
data/lib/puppet/util/posix.rb +1 -1
data/lib/puppet/util/profiler.rb +3 -3
data/lib/puppet/util/profiler/aggregate.rb +2 -2
data/lib/puppet/util/profiler/object_counts.rb +1 -1
data/lib/puppet/util/profiler/wall_clock.rb +1 -1
data/lib/puppet/util/provider_features.rb +2 -2
data/lib/puppet/util/rdoc.rb +2 -2
data/lib/puppet/util/rdoc/generators/puppet_generator.rb +2 -2
data/lib/puppet/util/rdoc/parser.rb +6 -6
data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc2.rb +1 -1
data/lib/puppet/util/reference.rb +1 -1
data/lib/puppet/util/resource_template.rb +2 -2
data/lib/puppet/util/rubygems.rb +1 -1
data/lib/puppet/util/selinux.rb +30 -4
data/lib/puppet/util/skip_tags.rb +1 -1
data/lib/puppet/util/storage.rb +1 -1
data/lib/puppet/util/suidmanager.rb +2 -2
data/lib/puppet/util/symbolic_file_mode.rb +1 -1
data/lib/puppet/util/tag_set.rb +1 -1
data/lib/puppet/util/tagging.rb +1 -1
data/lib/puppet/util/watched_file.rb +1 -1
data/lib/puppet/util/watcher.rb +3 -3
data/lib/puppet/util/windows.rb +20 -20
data/lib/puppet/util/windows/access_control_entry.rb +1 -1
data/lib/puppet/util/windows/adsi.rb +47 -1
data/lib/puppet/util/windows/daemon.rb +1 -1
data/lib/puppet/util/windows/error.rb +2 -2
data/lib/puppet/util/windows/file.rb +1 -1
data/lib/puppet/util/windows/monkey_patches/process.rb +2 -2
data/lib/puppet/util/windows/principal.rb +10 -3
data/lib/puppet/util/windows/process.rb +2 -2
data/lib/puppet/util/windows/registry.rb +1 -1
data/lib/puppet/util/windows/root_certs.rb +2 -2
data/lib/puppet/util/windows/security.rb +1 -1
data/lib/puppet/util/windows/security_descriptor.rb +1 -1
data/lib/puppet/util/windows/service.rb +1 -1
data/lib/puppet/util/windows/sid.rb +5 -3
data/lib/puppet/util/windows/user.rb +1 -1
data/lib/puppet/vendor.rb +1 -1
data/lib/puppet/version.rb +1 -1
data/lib/puppet/x509.rb +4 -4
data/lib/puppet/x509/cert_provider.rb +1 -1
data/lib/puppet/x509/pem_store.rb +1 -1
data/lib/puppet_pal.rb +2 -2
data/locales/puppet.pot +183 -175
data/man/man5/puppet.conf.5 +266 -240
data/man/man8/puppet-agent.8 +1 -1
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +1 -1
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +1 -1
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-module.8 +1 -1
data/man/man8/puppet-node.8 +1 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +5 -1
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
data/spec/fixtures/ssl/ca.pem +57 -35
data/spec/fixtures/ssl/crl.pem +28 -18
data/spec/fixtures/ssl/ec-key.pem +11 -11
data/spec/fixtures/ssl/ec.pem +33 -24
data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
data/spec/fixtures/ssl/encrypted-key.pem +108 -58
data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
data/spec/fixtures/ssl/intermediate.pem +57 -36
data/spec/fixtures/ssl/pluto-key.pem +107 -57
data/spec/fixtures/ssl/pluto.pem +52 -30
data/spec/fixtures/ssl/request-key.pem +107 -57
data/spec/fixtures/ssl/request.pem +47 -26
data/spec/fixtures/ssl/revoked-key.pem +107 -57
data/spec/fixtures/ssl/revoked.pem +52 -30
data/spec/fixtures/ssl/signed-key.pem +107 -57
data/spec/fixtures/ssl/signed.pem +52 -30
data/spec/fixtures/ssl/tampered-cert.pem +52 -30
data/spec/fixtures/ssl/tampered-csr.pem +47 -26
data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
data/spec/fixtures/ssl/unknown-ca.pem +55 -33
data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
data/spec/integration/application/plugin_spec.rb +1 -1
data/spec/integration/application/resource_spec.rb +30 -0
data/spec/integration/http/client_spec.rb +12 -0
data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
data/spec/integration/parser/collection_spec.rb +10 -0
data/spec/integration/type/file_spec.rb +5 -5
data/spec/integration/util/windows/adsi_spec.rb +18 -0
data/spec/integration/util/windows/principal_spec.rb +21 -0
data/spec/integration/util/windows/registry_spec.rb +6 -0
data/spec/lib/puppet/test_ca.rb +2 -2
data/spec/lib/puppet_spec/files.rb +1 -1
data/spec/shared_contexts/provider.rb +16 -0
data/spec/spec_helper.rb +11 -1
data/spec/unit/application/agent_spec.rb +7 -2
data/spec/unit/application/facts_spec.rb +5 -5
data/spec/unit/application/ssl_spec.rb +23 -0
data/spec/unit/configurer/downloader_spec.rb +6 -0
data/spec/unit/configurer_spec.rb +23 -0
data/spec/unit/environments_spec.rb +164 -88
data/spec/unit/file_bucket/dipper_spec.rb +1 -1
data/spec/unit/file_serving/fileset_spec.rb +60 -0
data/spec/unit/file_system_spec.rb +9 -0
data/spec/unit/functions4_spec.rb +17 -8
data/spec/unit/gettext/config_spec.rb +12 -0
data/spec/unit/http/factory_spec.rb +19 -0
data/spec/unit/http/service/compiler_spec.rb +123 -0
data/spec/unit/indirector/catalog/compiler_spec.rb +14 -10
data/spec/unit/module_spec.rb +1 -1
data/spec/unit/network/http/api/master_spec.rb +38 -0
data/spec/unit/network/http/api/{master → server}/v3/environments_spec.rb +2 -2
data/spec/unit/network/http/api/{master → server}/v3_spec.rb +19 -19
data/spec/unit/network/http/api_spec.rb +11 -11
data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
data/spec/unit/pops/loaders/dependency_loader_spec.rb +1 -1
data/spec/unit/pops/lookup/context_spec.rb +1 -1
data/spec/unit/pops/parser/lexer2_spec.rb +0 -4
data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
data/spec/unit/pops/types/type_parser_spec.rb +2 -1
data/spec/unit/pops/validator/validator_spec.rb +20 -43
data/spec/unit/provider/package/dnfmodule_spec.rb +13 -4
data/spec/unit/provider/package/gem_spec.rb +3 -1
data/spec/unit/provider/package/nim_spec.rb +42 -0
data/spec/unit/provider/package/pip2_spec.rb +3 -1
data/spec/unit/provider/package/pip3_spec.rb +3 -1
data/spec/unit/provider/package/pip_spec.rb +3 -1
data/spec/unit/provider/package/pkg_spec.rb +44 -44
data/spec/unit/provider/package/puppet_gem_spec.rb +31 -1
data/spec/unit/provider/package/puppetserver_gem_spec.rb +2 -0
data/spec/unit/provider/service/base_spec.rb +8 -8
data/spec/unit/provider/service/bsd_spec.rb +0 -4
data/spec/unit/provider/service/daemontools_spec.rb +1 -1
data/spec/unit/provider/service/debian_spec.rb +15 -17
data/spec/unit/provider/service/freebsd_spec.rb +1 -1
data/spec/unit/provider/service/gentoo_spec.rb +19 -14
data/spec/unit/provider/service/init_spec.rb +29 -20
data/spec/unit/provider/service/launchd_spec.rb +10 -12
data/spec/unit/provider/service/openbsd_spec.rb +21 -35
data/spec/unit/provider/service/openrc_spec.rb +15 -14
data/spec/unit/provider/service/openwrt_spec.rb +3 -1
data/spec/unit/provider/service/redhat_spec.rb +20 -19
data/spec/unit/provider/service/smf_spec.rb +6 -5
data/spec/unit/provider/service/src_spec.rb +5 -10
data/spec/unit/provider/service/systemd_spec.rb +80 -29
data/spec/unit/provider/service/upstart_spec.rb +25 -20
data/spec/unit/provider/service/windows_spec.rb +202 -0
data/spec/unit/provider/user/directoryservice_spec.rb +67 -35
data/spec/unit/provider/user/useradd_spec.rb +21 -6
data/spec/unit/resource/catalog_spec.rb +1 -1
data/spec/unit/ssl/state_machine_spec.rb +19 -5
data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
data/spec/unit/transaction_spec.rb +18 -20
data/spec/unit/type/file/selinux_spec.rb +3 -3
data/spec/unit/type/service_spec.rb +59 -188
data/spec/unit/type/tidy_spec.rb +17 -7
data/spec/unit/type/user_spec.rb +45 -0
data/spec/unit/util/at_fork_spec.rb +9 -9
data/spec/unit/util/posix_spec.rb +1 -1
data/spec/unit/util/selinux_spec.rb +87 -16
data/spec/unit/util/windows/sid_spec.rb +6 -0
data/tasks/generate_cert_fixtures.rake +2 -2
metadata +17 -16
data/spec/lib/matchers/include.rb +0 -27
data/spec/lib/matchers/include_spec.rb +0 -32
data/spec/unit/pops/parser/parse_application_spec.rb +0 -13
data/spec/unit/pops/parser/parse_capabilities_spec.rb +0 -23
data/spec/unit/pops/parser/parse_site_spec.rb +0 -43

data/spec/unit/provider/service/windows_spec.rb CHANGED Viewed

@@ -270,4 +270,206 @@ describe 'Puppet::Type::Service::Provider::Windows',
       }.to raise_error(Puppet::Error, /Cannot enable #{name}/)
     end
   end
+  describe "when managing logon credentials" do
+    before do
+      allow(Puppet::Util::Windows::ADSI).to receive(:computer_name).and_return(computer_name)
+      allow(Puppet::Util::Windows::SID).to receive(:name_to_principal).and_return(principal)
+      allow(Puppet::Util::Windows::Service).to receive(:set_startup_configuration).and_return(nil)
+    end
+    let(:computer_name) { 'myPC' }
+    describe "#logonaccount=" do
+      before do
+        allow(Puppet::Util::Windows::User).to receive(:password_is?).and_return(true)
+        resource[:logonaccount] = user_input
+        provider.logonaccount_insync?(user_input)
+      end
+      let(:user_input) { principal.account }
+      let(:principal) do
+        Puppet::Util::Windows::SID::Principal.new("myUser", nil, nil, computer_name, :SidTypeUser)
+      end
+      context "when given user is 'myUser'" do
+        it "should fail when the `Log On As A Service` right is missing from given user" do
+          allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("")
+          expect { provider.logonaccount=(user_input) }.to raise_error(Puppet::Error, /".\\#{principal.account}" is missing the 'Log On As A Service' right./)
+        end
+        it "should fail when the `Log On As A Service` right is set to denied for given user" do
+          allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("SeDenyServiceLogonRight")
+          expect { provider.logonaccount=(user_input) }.to raise_error(Puppet::Error, /".\\#{principal.account}" has the 'Log On As A Service' right set to denied./)
+        end
+        it "should not fail when given user has the `Log On As A Service` right" do
+          allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("SeServiceLogonRight")
+          expect { provider.logonaccount=(user_input) }.not_to raise_error
+        end
+        ['myUser', 'myPC\\myUser', ".\\myUser", "MYPC\\mYuseR"].each do |user_input_variant|
+          let(:user_input) { user_input_variant }
+          it "should succesfully munge #{user_input_variant} to '.\\myUser'" do
+            allow(Puppet::Util::Windows::User).to receive(:get_rights).with(principal.domain_account).and_return("SeServiceLogonRight")
+            expect { provider.logonaccount=(user_input) }.not_to raise_error
+            expect(resource[:logonaccount]).to eq(".\\myUser")
+          end
+        end
+      end
+      context "when given user is a system account" do
+        before do
+          allow(Puppet::Util::Windows::User).to receive(:default_system_account?).and_return(true)
+        end
+        let(:user_input) { principal.account }
+        let(:principal) do
+          Puppet::Util::Windows::SID::Principal.new("LOCAL SERVICE", nil, nil, "NT AUTHORITY", :SidTypeUser)
+        end
+        it "should not fail when given user is a default system account even if the `Log On As A Service` right is missing" do
+          expect(Puppet::Util::Windows::User).not_to receive(:get_rights)
+          expect { provider.logonaccount=(user_input) }.not_to raise_error
+        end
+        ['LocalSystem', '.\LocalSystem', 'myPC\LocalSystem', 'lOcALsysTem'].each do |user_input_variant|
+          let(:user_input) { user_input_variant }
+          it "should succesfully munge #{user_input_variant} to 'LocalSystem'" do
+            expect { provider.logonaccount=(user_input) }.not_to raise_error
+            expect(resource[:logonaccount]).to eq('LocalSystem')
+          end
+        end
+      end
+      context "when domain is different from computer name" do
+        before do
+          allow(Puppet::Util::Windows::User).to receive(:get_rights).and_return("SeServiceLogonRight")
+        end
+        context "when given user is from AD" do
+          let(:user_input) { 'myRemoteUser' }
+          let(:principal) do
+            Puppet::Util::Windows::SID::Principal.new("myRemoteUser", nil, nil, "AD", :SidTypeUser)
+          end
+          it "should not raise any error" do
+            expect { provider.logonaccount=(user_input) }.not_to raise_error
+          end
+          it "should succesfully be munged" do
+            expect { provider.logonaccount=(user_input) }.not_to raise_error
+            expect(resource[:logonaccount]).to eq('AD\myRemoteUser')
+          end
+        end
+        context "when given user is LocalService" do
+          let(:user_input) { 'LocalService' }
+          let(:principal) do
+            Puppet::Util::Windows::SID::Principal.new("LOCAL SERVICE", nil, nil, "NT AUTHORITY", :SidTypeWellKnownGroup)
+          end
+          it "should succesfully munge well known user" do
+            expect { provider.logonaccount=(user_input) }.not_to raise_error
+            expect(resource[:logonaccount]).to eq('NT AUTHORITY\LOCAL SERVICE')
+          end
+        end
+        context "when given user is in SID form" do
+          let(:user_input) { 'S-1-5-20' }
+          let(:principal) do
+            Puppet::Util::Windows::SID::Principal.new("NETWORK SERVICE", nil, nil, "NT AUTHORITY", :SidTypeUser)
+          end
+          it "should succesfully munge" do
+            expect { provider.logonaccount=(user_input) }.not_to raise_error
+            expect(resource[:logonaccount]).to eq('NT AUTHORITY\NETWORK SERVICE')
+          end
+        end
+        context "when given user is actually a group" do
+          let(:principal) do
+            Puppet::Util::Windows::SID::Principal.new("Administrators", nil, nil, "BUILTIN", :SidTypeAlias)
+          end
+          let(:user_input) { 'Administrators' }
+          it "should fail when sid type is not user or well known user" do
+            expect { provider.logonaccount=(user_input) }.to raise_error(Puppet::Error, /"BUILTIN\\#{user_input}" is not a valid account/)
+          end
+        end
+      end
+    end
+    describe "#logonpassword=" do
+      before do
+        allow(Puppet::Util::Windows::User).to receive(:get_rights).and_return('SeServiceLogonRight')
+        resource[:logonaccount] = account
+        resource[:logonpassword] = user_input
+        provider.logonaccount_insync?(account)
+      end
+      let(:account) { 'LocalSystem' }
+      describe "when given logonaccount is a predefined_local_account" do
+        let(:user_input) { 'pass' }
+        let(:principal) { nil }
+        it "should pass validation when given account is 'LocalSystem'" do
+          allow(Puppet::Util::Windows::User).to receive(:localsystem?).with('LocalSystem').and_return(true)
+          allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with('LocalSystem').and_return(true)
+          expect(Puppet::Util::Windows::User).not_to receive(:password_is?)
+          expect { provider.logonpassword=(user_input) }.not_to raise_error
+        end
+        ['LOCAL SERVICE', 'NETWORK SERVICE', 'SYSTEM'].each do |predefined_local_account|
+          describe "when given account is #{predefined_local_account}" do
+            let(:account) { 'predefined_local_account' }
+            let(:principal) do
+              Puppet::Util::Windows::SID::Principal.new(account, nil, nil, "NT AUTHORITY", :SidTypeUser)
+            end
+            it "should pass validation" do
+              allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(principal.account).and_return(false)
+              allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(principal.domain_account).and_return(false)
+              expect(Puppet::Util::Windows::User).to receive(:default_system_account?).with(principal.domain_account).and_return(true).twice
+              expect(Puppet::Util::Windows::User).not_to receive(:password_is?)
+              expect { provider.logonpassword=(user_input) }.not_to raise_error
+            end
+          end
+        end
+      end
+      describe "when given logonaccount is not a predefined local account" do
+        before do
+          allow(Puppet::Util::Windows::User).to receive(:localsystem?).with(".\\#{principal.account}").and_return(false)
+          allow(Puppet::Util::Windows::User).to receive(:default_system_account?).with(".\\#{principal.account}").and_return(false)
+        end
+        let(:account) { 'myUser' }
+        let(:principal) do
+          Puppet::Util::Windows::SID::Principal.new(account, nil, nil, computer_name, :SidTypeUser)
+        end
+        describe "when password is proven correct" do
+          let(:user_input) { 'myPass' }
+          it "should pass validation" do
+            allow(Puppet::Util::Windows::User).to receive(:password_is?).with('myUser', 'myPass', '.').and_return(true)
+            expect { provider.logonpassword=(user_input) }.not_to raise_error
+          end
+        end
+        describe "when password is not proven correct" do
+          let(:user_input) { 'myWrongPass' }
+          it "should not pass validation" do
+            allow(Puppet::Util::Windows::User).to receive(:password_is?).with('myUser', 'myWrongPass', '.').and_return(false)
+            expect { provider.logonpassword=(user_input) }.to raise_error(Puppet::Error, /The given password is invalid for user '.\\myUser'/)
+          end
+        end
+      end
+    end
+  end
 end

data/spec/unit/provider/user/directoryservice_spec.rb CHANGED Viewed

@@ -925,28 +925,75 @@ end
       }
     end
-    it 'should call set_salted_sha512 on 10.7 when given a salted-SHA512 password hash' do
-      expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
-      expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(sha512_shadowhashdata)
-      expect(provider.class).to receive(:get_os_version).and_return('10.7')
-      expect(provider).to receive(:set_salted_sha512).with(sample_users_plist, sha512_shadowhashdata, sha512_password_hash)
-      provider.write_password_to_users_plist(sha512_password_hash)
+    before do
+      allow(provider).to receive(:merge_attribute_with_dscl).with('Users', username, 'AuthenticationAuthority', any_args)
     end
-    it 'should call set_salted_pbkdf2 on 10.8 when given a PBKDF2 password hash' do
-      expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
-      expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
-      expect(provider.class).to receive(:get_os_version).and_return('10.8')
-      expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
-      provider.write_password_to_users_plist(pbkdf2_password_hash)
+    describe 'when on macOS 11 (Big Sur) or greater' do
+      before do
+        allow(provider.class).to receive(:get_os_version).and_return('11.0.0')
+      end
+      it 'should add salted_sha512_pbkdf2 AuthenticationAuthority key if missing' do
+        expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
+        expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
+        expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
+        expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(true)
+        expect(Puppet).to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
+        provider.write_password_to_users_plist(pbkdf2_password_hash)
+      end
+      it 'should not add salted_sha512_pbkdf2 AuthenticationAuthority key if not missing' do
+        expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
+        expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
+        expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
+        expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
+        expect(Puppet).not_to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
+        provider.write_password_to_users_plist(pbkdf2_password_hash)
+      end
     end
-    it "should delete the SALTED-SHA512 key in the shadow_hash_data hash if it exists on a 10.8 system and write_password_to_users_plist has been called to set the user's password" do
-      expect(provider).to receive(:get_users_plist).and_return('users_plist')
-      expect(provider).to receive(:get_shadow_hash_data).with('users_plist').and_return(sha512_shadowhashdata)
-      expect(provider.class).to receive(:get_os_version).and_return('10.8')
-      expect(provider).to receive(:set_salted_pbkdf2).with('users_plist', {}, 'entropy', pbkdf2_password_hash)
-      provider.write_password_to_users_plist(pbkdf2_password_hash)
+    describe 'when on macOS version lower than 11' do
+      before do
+        allow(provider.class).to receive(:get_os_version)
+        allow(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
+      end
+      it 'should not add salted_sha512_pbkdf2 AuthenticationAuthority' do
+        expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
+        expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
+        expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
+        expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
+        expect(Puppet).not_to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
+        provider.write_password_to_users_plist(pbkdf2_password_hash)
+      end
+      it 'should call set_salted_sha512 on 10.7 when given a salted-SHA512 password hash' do
+        expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
+        expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(sha512_shadowhashdata)
+        expect(provider.class).to receive(:get_os_version).and_return('10.7')
+        expect(provider).to receive(:set_salted_sha512).with(sample_users_plist, sha512_shadowhashdata, sha512_password_hash)
+        provider.write_password_to_users_plist(sha512_password_hash)
+      end
+      it 'should call set_salted_pbkdf2 on 10.8 when given a PBKDF2 password hash' do
+        expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
+        expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
+        expect(provider.class).to receive(:get_os_version).and_return('10.8')
+        expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
+        provider.write_password_to_users_plist(pbkdf2_password_hash)
+      end
+      it "should delete the SALTED-SHA512 key in the shadow_hash_data hash if it exists on a 10.8 system and write_password_to_users_plist has been called to set the user's password" do
+        expect(provider).to receive(:get_users_plist).and_return('users_plist')
+        expect(provider).to receive(:get_shadow_hash_data).with('users_plist').and_return(sha512_shadowhashdata)
+        expect(provider.class).to receive(:get_os_version).and_return('10.8')
+        expect(provider).to receive(:set_salted_pbkdf2).with('users_plist', {}, 'entropy', pbkdf2_password_hash)
+        provider.write_password_to_users_plist(pbkdf2_password_hash)
+      end
     end
   end
@@ -974,16 +1021,7 @@ end
   describe '#set_shadow_hash_data' do
     let(:users_plist) { {'ShadowHashData' => ['string_data'] } }
-    it 'should flush the plist data to disk on OS X < 10.15' do
-      allow(provider.class).to receive(:get_os_version).and_return('10.12')
-      expect(provider).to receive(:write_users_plist_to_disk)
-      provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
-    end
-    it 'should flush the plist data a temporary file on OS X >= 10.15' do
-      allow(provider.class).to receive(:get_os_version).and_return('10.15')
+    it 'should flush the plist data to a temporary file' do
       expect(provider).to receive(:write_and_import_shadow_hash_data)
       provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
     end
@@ -1033,13 +1071,6 @@ end
     end
   end
-  describe '#write_users_plist_to_disk' do
-    it 'should save the passed plist to disk and convert it to a binary plist' do
-      expect(Puppet::Util::Plist).to receive(:write_plist_file).with(user_plist_xml, "#{users_plist_dir}/nonexistent_user.plist", :binary)
-      provider.write_users_plist_to_disk(user_plist_xml)
-    end
-  end
   describe '#write_and_import_shadow_hash_data' do
     it 'should save the passed plist to a temporary file and import it' do
       tmpfile = double('tempfile', :path => "/tmp/dsimport_#{username}", :flush => nil)
@@ -1203,6 +1234,7 @@ end
     before :each do
       allow(provider.class).to receive(:get_all_users).and_return(all_users_hash)
       allow(provider.class).to receive(:get_list_of_groups).and_return(group_plist_hash_guid)
+      allow(provider).to receive(:merge_attribute_with_dscl).with('Users', username, 'AuthenticationAuthority', any_args)
       provider.class.prefetch({})
     end

data/spec/unit/provider/user/useradd_spec.rb CHANGED Viewed

@@ -360,14 +360,14 @@ describe Puppet::Type.type(:user).provider(:useradd) do
       resource[:forcelocal] = true
       allow(Puppet::FileSystem).to receive(:exist?).with('/etc/passwd').and_return(true)
       allow(Puppet::FileSystem).to receive(:each_line).with('/etc/passwd').and_yield(content)
-      expect(provider.gid).to eq('999')
+      expect(provider.gid).to eq(999)
     end
     it "should fall back to nameservice GID when forcelocal is false" do
       resource[:forcelocal] = false
-      allow(provider).to receive(:get).with(:gid).and_return('1234')
+      allow(provider).to receive(:get).with(:gid).and_return(1234)
       expect(provider).not_to receive(:localgid)
-      expect(provider.gid).to eq('1234')
+      expect(provider.gid).to eq(1234)
     end
   end
@@ -375,21 +375,36 @@ describe Puppet::Type.type(:user).provider(:useradd) do
     before { described_class.has_feature :manages_local_users_and_groups }
     let(:content) do
-      <<~EOF
+      StringIO.new(<<~EOF)
       group1:x:0:myuser
       group2:x:999:
       group3:x:998:myuser
       EOF
     end
+    let(:content_with_empty_line) do
+      StringIO.new(<<~EOF)
+      group1:x:0:myuser
+      group2:x:999:
+      group3:x:998:myuser
+      EOF
+    end
     it "should return the local groups string when forcelocal is true" do
       resource[:forcelocal] = true
-      group1, group2, group3 = content.split
       allow(Puppet::FileSystem).to receive(:exist?).with('/etc/group').and_return(true)
-      allow(Puppet::FileSystem).to receive(:each_line).with('/etc/group').and_yield(group1).and_yield(group2).and_yield(group3)
+      allow(File).to receive(:open).with(Pathname.new('/etc/group')).and_yield(content)
       expect(provider.groups).to eq(['group1', 'group3'])
     end
+    it "does not raise when parsing empty lines in /etc/group" do
+      resource[:forcelocal] = true
+      allow(Puppet::FileSystem).to receive(:exist?).with('/etc/group').and_return(true)
+      allow(File).to receive(:open).with(Pathname.new('/etc/group')).and_yield(content_with_empty_line)
+      expect { provider.groups }.not_to raise_error
+    end
     it "should fall back to nameservice groups when forcelocal is false" do
       resource[:forcelocal] = false
       allow(Puppet::Util::POSIX).to receive(:groups_of).with('myuser').and_return(['remote groups'])

data/spec/unit/resource/catalog_spec.rb CHANGED Viewed

@@ -205,7 +205,7 @@ describe Puppet::Resource::Catalog, "when compiling" do
     end
     it "should set itself as the catalog for each converted resource" do
-      @catalog.vertices.each { |v| expect(v.catalog.object_id).to equal(@catalog.object_id) }
+      @catalog.vertices.each { |v| expect(v.catalog.object_id).to eql(@catalog.object_id) }
     end
     # This tests #931.

data/spec/unit/ssl/state_machine_spec.rb CHANGED Viewed

@@ -31,6 +31,14 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
     allow(Kernel).to receive(:sleep)
   end
+  def expected_digest(name, content)
+    OpenSSL::Digest.new(name).hexdigest(content)
+  end
+  def to_fingerprint(digest)
+    digest.scan(/../).join(':').upcase
+  end
   context 'when passing keyword arguments' do
     it "accepts digest" do
       expect(described_class.new(digest: 'SHA512').digest).to eq('SHA512')
@@ -395,29 +403,35 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
       it 'verifies CA cert bundle if a ca_fingerprint is given case-insensitively' do
         Puppet[:log_level] = :info
-        machine = described_class.new(digest: 'SHA256', ca_fingerprint: 'caacf69bbbcdad9dbcda92dd2da3608b639d1aea4c314d6cc6823cdb32d8e0f8')
+        digest = expected_digest('SHA256', cacert_pem)
+        fingerprint = to_fingerprint(digest)
+        machine = described_class.new(digest: 'SHA256', ca_fingerprint: digest.downcase)
         state = Puppet::SSL::StateMachine::NeedCACerts.new(machine)
         state.next_state
-        expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA256) CA:AC:F6:9B:BB:CD:AD:9D:BC:DA:92:DD:2D:A3:60:8B:63:9D:1A:EA:4C:31:4D:6C:C6:82:3C:DB:32:D8:E0:F8"))
+        expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA256) #{fingerprint}"))
       end
       it 'verifies CA cert bundle using non-default fingerprint' do
         Puppet[:log_level] = :info
-        machine = described_class.new(digest: 'SHA512', ca_fingerprint: '3c9d1482b878913ad95c9631feac5090cb05c6eab9496178d6fd5c14a023da3b1a8650a3cbaac516d9a48caf0b0742e1ed7eebf55105c024c74834a45056a9d9')
+        digest = expected_digest('SHA512', cacert_pem)
+        machine = described_class.new(digest: 'SHA512', ca_fingerprint: digest)
         state = Puppet::SSL::StateMachine::NeedCACerts.new(machine)
         state.next_state
-        expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA512) 3C:9D:14:82:B8:78:91:3A:D9:5C:96:31:FE:AC:50:90:CB:05:C6:EA:B9:49:61:78:D6:FD:5C:14:A0:23:DA:3B:1A:86:50:A3:CB:AA:C5:16:D9:A4:8C:AF:0B:07:42:E1:ED:7E:EB:F5:51:05:C0:24:C7:48:34:A4:50:56:A9:D9"))
+        expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA512) #{to_fingerprint(digest)}"))
       end
       it 'returns an error if verification fails' do
         machine = described_class.new(digest: 'SHA256', ca_fingerprint: 'wrong!')
         state = Puppet::SSL::StateMachine::NeedCACerts.new(machine)
+        fingerprint = to_fingerprint(expected_digest('SHA256', cacert_pem))
         st = state.next_state
         expect(st).to be_an_instance_of(Puppet::SSL::StateMachine::Error)
-        expect(st.message).to eq("CA bundle with digest (SHA256) CA:AC:F6:9B:BB:CD:AD:9D:BC:DA:92:DD:2D:A3:60:8B:63:9D:1A:EA:4C:31:4D:6C:C6:82:3C:DB:32:D8:E0:F8 did not match expected digest WR:ON:G!")
+        expect(st.message).to eq("CA bundle with digest (SHA256) #{fingerprint} did not match expected digest WR:ON:G!")
       end
     end
   end