puppet 7.7.0-universal-darwin → 7.8.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +2 -2
- data/Gemfile +2 -1
- data/Gemfile.lock +9 -9
- data/ext/osx/puppet.plist +2 -0
- data/lib/puppet/defaults.rb +3 -1
- data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
- data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
- data/lib/puppet/provider/package/apt.rb +3 -3
- data/lib/puppet/provider/package/nim.rb +11 -6
- data/lib/puppet/provider/package/yum.rb +3 -3
- data/lib/puppet/provider/package/zypper.rb +3 -3
- data/lib/puppet/provider/service/freebsd.rb +1 -1
- data/lib/puppet/provider/service/systemd.rb +6 -1
- data/lib/puppet/provider/user/directoryservice.rb +24 -11
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/type/service.rb +8 -9
- data/lib/puppet/type/user.rb +38 -20
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +36 -40
- data/man/man5/puppet.conf.5 +5 -2
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/integration/application/resource_spec.rb +30 -0
- data/spec/unit/functions4_spec.rb +17 -8
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
- data/spec/unit/provider/package/nim_spec.rb +42 -0
- data/spec/unit/provider/service/freebsd_spec.rb +1 -1
- data/spec/unit/provider/service/systemd_spec.rb +12 -0
- data/spec/unit/provider/user/directoryservice_spec.rb +67 -35
- data/spec/unit/type/service_spec.rb +49 -34
- data/spec/unit/type/user_spec.rb +45 -0
- metadata +4 -2
data/man/man8/puppet-ssl.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET\-SSL" "8" "
|
4
|
+
.TH "PUPPET\-SSL" "8" "June 2021" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients
|
data/man/man8/puppet.8
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPET" "8" "
|
4
|
+
.TH "PUPPET" "8" "June 2021" "Puppet, Inc." "Puppet manual"
|
5
5
|
.
|
6
6
|
.SH "NAME"
|
7
7
|
\fBpuppet\fR
|
@@ -25,4 +25,4 @@ Specialized:
|
|
25
25
|
catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
|
26
26
|
.
|
27
27
|
.P
|
28
|
-
See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v7\.
|
28
|
+
See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v7\.8\.0
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'puppet_spec/files'
|
3
|
+
|
4
|
+
describe "puppet resource", unless: Puppet::Util::Platform.jruby? do
|
5
|
+
include PuppetSpec::Files
|
6
|
+
|
7
|
+
let(:resource) { Puppet::Application[:resource] }
|
8
|
+
|
9
|
+
describe "when handling file and tidy types" do
|
10
|
+
let!(:dir) { dir_containing('testdir', 'testfile' => 'contents') }
|
11
|
+
|
12
|
+
it 'does not raise when generating file resources' do
|
13
|
+
resource.command_line.args = ['file', dir, 'ensure=directory', 'recurse=true']
|
14
|
+
|
15
|
+
expect {
|
16
|
+
resource.run
|
17
|
+
}.to output(/ensure.+=> 'directory'/).to_stdout
|
18
|
+
end
|
19
|
+
|
20
|
+
it 'correctly cleans up a given path' do
|
21
|
+
resource.command_line.args = ['tidy', dir, 'rmdirs=true', 'recurse=true']
|
22
|
+
|
23
|
+
expect {
|
24
|
+
resource.run
|
25
|
+
}.to output(/Notice: \/File\[#{dir}\]\/ensure: removed/).to_stdout
|
26
|
+
|
27
|
+
expect(Puppet::FileSystem.exist?(dir)).to be false
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -39,6 +39,15 @@ describe 'the 4x function api' do
|
|
39
39
|
|
40
40
|
let(:loader) { FunctionAPISpecModule::TestFunctionLoader.new }
|
41
41
|
|
42
|
+
def parse_eval(code, here)
|
43
|
+
if here.respond_to?(:source_location)
|
44
|
+
eval(code, here, here.source_location[0], here.source_location[1])
|
45
|
+
else
|
46
|
+
# this can be removed when ruby < 2.6 is dropped
|
47
|
+
eval(code, here)
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
42
51
|
it 'allows a simple function to be created without dispatch declaration' do
|
43
52
|
f = Puppet::Functions.create_function('min') do
|
44
53
|
def min(x,y)
|
@@ -484,7 +493,7 @@ describe 'the 4x function api' do
|
|
484
493
|
the_loader = loader()
|
485
494
|
here = get_binding(the_loader)
|
486
495
|
expect do
|
487
|
-
|
496
|
+
parse_eval(<<-CODE, here)
|
488
497
|
Puppet::Functions.create_function('testing::test') do
|
489
498
|
local_types do
|
490
499
|
type 'MyType += Array[Integer]'
|
@@ -505,7 +514,7 @@ describe 'the 4x function api' do
|
|
505
514
|
the_loader = loader()
|
506
515
|
here = get_binding(the_loader)
|
507
516
|
expect do
|
508
|
-
|
517
|
+
parse_eval(<<-CODE, here)
|
509
518
|
Puppet::Functions.create_function('testing::test') do
|
510
519
|
dispatch :test do
|
511
520
|
param 'Array[1+=1]', :x
|
@@ -525,7 +534,7 @@ describe 'the 4x function api' do
|
|
525
534
|
it 'uses return_type to validate returned value' do
|
526
535
|
the_loader = loader()
|
527
536
|
here = get_binding(the_loader)
|
528
|
-
fc =
|
537
|
+
fc = parse_eval(<<-CODE, here)
|
529
538
|
Puppet::Functions.create_function('testing::test') do
|
530
539
|
dispatch :test do
|
531
540
|
param 'Integer', :x
|
@@ -547,7 +556,7 @@ describe 'the 4x function api' do
|
|
547
556
|
the_loader = loader()
|
548
557
|
the_loader.add_type('myalias', type_alias_t('MyAlias', 'Integer'))
|
549
558
|
here = get_binding(the_loader)
|
550
|
-
fc =
|
559
|
+
fc = parse_eval(<<-CODE, here)
|
551
560
|
Puppet::Functions.create_function('testing::test') do
|
552
561
|
dispatch :test do
|
553
562
|
param 'MyAlias', :x
|
@@ -567,7 +576,7 @@ describe 'the 4x function api' do
|
|
567
576
|
it 'reports a reference to an unresolved type' do
|
568
577
|
the_loader = loader()
|
569
578
|
here = get_binding(the_loader)
|
570
|
-
fc =
|
579
|
+
fc = parse_eval(<<-CODE, here)
|
571
580
|
Puppet::Functions.create_function('testing::test') do
|
572
581
|
dispatch :test do
|
573
582
|
param 'MyAlias', :x
|
@@ -586,7 +595,7 @@ describe 'the 4x function api' do
|
|
586
595
|
it 'create local Type aliases' do
|
587
596
|
the_loader = loader()
|
588
597
|
here = get_binding(the_loader)
|
589
|
-
fc =
|
598
|
+
fc = parse_eval(<<-CODE, here)
|
590
599
|
Puppet::Functions.create_function('testing::test') do
|
591
600
|
local_types do
|
592
601
|
type 'MyType = Array[Integer]'
|
@@ -608,7 +617,7 @@ describe 'the 4x function api' do
|
|
608
617
|
it 'create nested local Type aliases' do
|
609
618
|
the_loader = loader()
|
610
619
|
here = get_binding(the_loader)
|
611
|
-
fc =
|
620
|
+
fc = parse_eval(<<-CODE, here)
|
612
621
|
Puppet::Functions.create_function('testing::test') do
|
613
622
|
local_types do
|
614
623
|
type 'InnerType = Array[Integer]'
|
@@ -631,7 +640,7 @@ describe 'the 4x function api' do
|
|
631
640
|
it 'create self referencing local Type aliases' do
|
632
641
|
the_loader = loader()
|
633
642
|
here = get_binding(the_loader)
|
634
|
-
fc =
|
643
|
+
fc = parse_eval(<<-CODE, here)
|
635
644
|
Puppet::Functions.create_function('testing::test') do
|
636
645
|
local_types do
|
637
646
|
type 'Tree = Hash[String,Variant[String,Tree]]'
|
@@ -125,6 +125,24 @@ describe 'Semantic Versions' do
|
|
125
125
|
expect(eval_and_collect_notices(code)).to eql(['true', 'false'])
|
126
126
|
end
|
127
127
|
|
128
|
+
it 'can be compared to another instance created from arguments' do
|
129
|
+
code = <<-CODE
|
130
|
+
$x = SemVer('1.2.3-rc4+5')
|
131
|
+
$y = SemVer(1, 2, 3, 'rc4', '5')
|
132
|
+
notice($x == $y)
|
133
|
+
CODE
|
134
|
+
expect(eval_and_collect_notices(code)).to eql(['true'])
|
135
|
+
end
|
136
|
+
|
137
|
+
it 'can be compared to another instance created from a hash' do
|
138
|
+
code = <<-CODE
|
139
|
+
$x = SemVer('1.2.3-rc4+5')
|
140
|
+
$y = SemVer(major => 1, minor => 2, patch => 3, prerelease => 'rc4', build => '5')
|
141
|
+
notice($x == $y)
|
142
|
+
CODE
|
143
|
+
expect(eval_and_collect_notices(code)).to eql(['true'])
|
144
|
+
end
|
145
|
+
|
128
146
|
it 'can be compared to another instance for magnitude' do
|
129
147
|
code = <<-CODE
|
130
148
|
$x = SemVer('1.1.1')
|
@@ -113,6 +113,24 @@ describe 'Sensitive Type' do
|
|
113
113
|
expect(eval_and_collect_notices(code)).to eq(['Sensitive[Integer] != Sensitive[String]'])
|
114
114
|
end
|
115
115
|
|
116
|
+
it 'equals another instance with the same value' do
|
117
|
+
code =<<-CODE
|
118
|
+
$i = Sensitive('secret')
|
119
|
+
$o = Sensitive('secret')
|
120
|
+
notice($i == $o)
|
121
|
+
CODE
|
122
|
+
expect(eval_and_collect_notices(code)).to eq(['true'])
|
123
|
+
end
|
124
|
+
|
125
|
+
it 'has equal hash keys for same values' do
|
126
|
+
code =<<-CODE
|
127
|
+
$i = Sensitive('secret')
|
128
|
+
$o = Sensitive('secret')
|
129
|
+
notice({$i => 1} == {$o => 1})
|
130
|
+
CODE
|
131
|
+
expect(eval_and_collect_notices(code)).to eq(['true'])
|
132
|
+
end
|
133
|
+
|
116
134
|
it 'can be created from another sensitive instance ' do
|
117
135
|
code =<<-CODE
|
118
136
|
$o = Sensitive("hunter2")
|
@@ -191,6 +191,27 @@ OUTPUT
|
|
191
191
|
expect(versions[version]).to eq(:rpm)
|
192
192
|
end
|
193
193
|
end
|
194
|
+
|
195
|
+
it "should be able to parse RPM package listings with letters in version" do
|
196
|
+
showres_output = <<END
|
197
|
+
cairo ALL @@R:cairo _all_filesets
|
198
|
+
@@R:cairo-1.14.6-2waixX11 1.14.6-2waixX11
|
199
|
+
END
|
200
|
+
packages = subject.send(:parse_showres_output, showres_output)
|
201
|
+
expect(Set.new(packages.keys)).to eq(Set.new(['cairo']))
|
202
|
+
versions = packages['cairo']
|
203
|
+
expect(versions.has_key?('1.14.6-2waixX11')).to eq(true)
|
204
|
+
expect(versions['1.14.6-2waixX11']).to eq(:rpm)
|
205
|
+
end
|
206
|
+
|
207
|
+
it "should raise error when parsing invalid RPM package listings" do
|
208
|
+
showres_output = <<END
|
209
|
+
cairo ALL @@R:cairo _all_filesets
|
210
|
+
@@R:cairo-invalid_version invalid_version
|
211
|
+
END
|
212
|
+
expect{ subject.send(:parse_showres_output, showres_output) }.to raise_error(Puppet::Error,
|
213
|
+
/Unable to parse output from nimclient showres: package string does not match expected rpm package string format/)
|
214
|
+
end
|
194
215
|
end
|
195
216
|
|
196
217
|
context "#determine_latest_version" do
|
@@ -220,6 +241,27 @@ END
|
|
220
241
|
it "should return :installp for installp/bff packages" do
|
221
242
|
expect(subject.send(:determine_package_type, bff_showres_output, 'mypackage.foo', '1.2.3.4')).to eq(:installp)
|
222
243
|
end
|
244
|
+
|
245
|
+
it "should return :installp for security updates" do
|
246
|
+
nimclient_showres_output = <<END
|
247
|
+
bos.net ALL @@S:bos.net _all_filesets
|
248
|
+
+ 7.2.0.1 TCP/IP ntp Applications @@S:bos.net.tcp.ntp 7.2.0.1
|
249
|
+
+ 7.2.0.2 TCP/IP ntp Applications @@S:bos.net.tcp.ntp 7.2.0.2
|
250
|
+
|
251
|
+
END
|
252
|
+
expect(subject.send(:determine_package_type, nimclient_showres_output, 'bos.net.tcp.ntp', '7.2.0.2')).to eq(:installp)
|
253
|
+
end
|
254
|
+
|
255
|
+
it "should raise error when invalid header format is given" do
|
256
|
+
nimclient_showres_output = <<END
|
257
|
+
bos.net ALL @@INVALID_TYPE:bos.net _all_filesets
|
258
|
+
+ 7.2.0.1 TCP/IP ntp Applications @@INVALID_TYPE:bos.net.tcp.ntp 7.2.0.1
|
259
|
+
+ 7.2.0.2 TCP/IP ntp Applications @@INVALID_TYPE:bos.net.tcp.ntp 7.2.0.2
|
260
|
+
|
261
|
+
END
|
262
|
+
expect{ subject.send(:determine_package_type, nimclient_showres_output, 'bos.net.tcp.ntp', '7.2.0.2') }.to raise_error(
|
263
|
+
Puppet::Error, /Unable to parse output from nimclient showres: line does not match expected package header format/)
|
264
|
+
end
|
223
265
|
end
|
224
266
|
end
|
225
267
|
end
|
@@ -82,7 +82,7 @@ OUTPUT
|
|
82
82
|
allow(Puppet::FileSystem).to receive(:exist?).with('/etc/rc.conf').and_return(true)
|
83
83
|
allow(File).to receive(:read).with('/etc/rc.conf').and_return("openntpd_enable=\"NO\"\nntpd_enable=\"NO\"\n")
|
84
84
|
fh = double('fh')
|
85
|
-
allow(
|
85
|
+
allow(Puppet::FileSystem).to receive(:replace_file).with('/etc/rc.conf').and_yield(fh)
|
86
86
|
expect(fh).to receive(:<<).with("openntpd_enable=\"NO\"\nntpd_enable=\"YES\"\n")
|
87
87
|
allow(Puppet::FileSystem).to receive(:exist?).with('/etc/rc.conf.local').and_return(false)
|
88
88
|
allow(Puppet::FileSystem).to receive(:exist?).with('/etc/rc.conf.d/ntpd').and_return(false)
|
@@ -362,6 +362,9 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
|
|
362
362
|
describe "#mask" do
|
363
363
|
it "should run systemctl to disable and mask a service" do
|
364
364
|
provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
|
365
|
+
expect(provider).to receive(:execute).
|
366
|
+
with(['/bin/systemctl','cat', '--', 'sshd.service'], :failonfail => false).
|
367
|
+
and_return(Puppet::Util::Execution::ProcessOutput.new("# /lib/systemd/system/sshd.service\n...", 0))
|
365
368
|
# :disable is the only call in the provider that uses a symbol instead of
|
366
369
|
# a string.
|
367
370
|
# This should be made consistent in the future and all tests updated.
|
@@ -369,6 +372,15 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
|
|
369
372
|
expect(provider).to receive(:systemctl).with(:mask, '--', 'sshd.service')
|
370
373
|
provider.mask
|
371
374
|
end
|
375
|
+
|
376
|
+
it "masks a service that doesn't exist" do
|
377
|
+
provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'doesnotexist.service'))
|
378
|
+
expect(provider).to receive(:execute).
|
379
|
+
with(['/bin/systemctl','cat', '--', 'doesnotexist.service'], :failonfail => false).
|
380
|
+
and_return(Puppet::Util::Execution::ProcessOutput.new("No files found for doesnotexist.service.\n", 1))
|
381
|
+
expect(provider).to receive(:systemctl).with(:mask, '--', 'doesnotexist.service')
|
382
|
+
provider.mask
|
383
|
+
end
|
372
384
|
end
|
373
385
|
|
374
386
|
# Note: systemd provider does not care about hasstatus or a custom status
|
@@ -925,28 +925,75 @@ end
|
|
925
925
|
}
|
926
926
|
end
|
927
927
|
|
928
|
-
|
929
|
-
|
930
|
-
expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(sha512_shadowhashdata)
|
931
|
-
expect(provider.class).to receive(:get_os_version).and_return('10.7')
|
932
|
-
expect(provider).to receive(:set_salted_sha512).with(sample_users_plist, sha512_shadowhashdata, sha512_password_hash)
|
933
|
-
provider.write_password_to_users_plist(sha512_password_hash)
|
928
|
+
before do
|
929
|
+
allow(provider).to receive(:merge_attribute_with_dscl).with('Users', username, 'AuthenticationAuthority', any_args)
|
934
930
|
end
|
935
931
|
|
936
|
-
|
937
|
-
|
938
|
-
|
939
|
-
|
940
|
-
|
941
|
-
|
932
|
+
describe 'when on macOS 11 (Big Sur) or greater' do
|
933
|
+
before do
|
934
|
+
allow(provider.class).to receive(:get_os_version).and_return('11.0.0')
|
935
|
+
end
|
936
|
+
|
937
|
+
it 'should add salted_sha512_pbkdf2 AuthenticationAuthority key if missing' do
|
938
|
+
expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
|
939
|
+
expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
|
940
|
+
expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
|
941
|
+
expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(true)
|
942
|
+
|
943
|
+
expect(Puppet).to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
|
944
|
+
provider.write_password_to_users_plist(pbkdf2_password_hash)
|
945
|
+
end
|
946
|
+
|
947
|
+
it 'should not add salted_sha512_pbkdf2 AuthenticationAuthority key if not missing' do
|
948
|
+
expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
|
949
|
+
expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
|
950
|
+
expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
|
951
|
+
expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
|
952
|
+
|
953
|
+
expect(Puppet).not_to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
|
954
|
+
provider.write_password_to_users_plist(pbkdf2_password_hash)
|
955
|
+
end
|
942
956
|
end
|
943
957
|
|
944
|
-
|
945
|
-
|
946
|
-
|
947
|
-
|
948
|
-
|
949
|
-
|
958
|
+
describe 'when on macOS version lower than 11' do
|
959
|
+
before do
|
960
|
+
allow(provider.class).to receive(:get_os_version)
|
961
|
+
allow(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
|
962
|
+
end
|
963
|
+
|
964
|
+
it 'should not add salted_sha512_pbkdf2 AuthenticationAuthority' do
|
965
|
+
expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
|
966
|
+
expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
|
967
|
+
expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
|
968
|
+
expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
|
969
|
+
|
970
|
+
expect(Puppet).not_to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
|
971
|
+
provider.write_password_to_users_plist(pbkdf2_password_hash)
|
972
|
+
end
|
973
|
+
|
974
|
+
it 'should call set_salted_sha512 on 10.7 when given a salted-SHA512 password hash' do
|
975
|
+
expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
|
976
|
+
expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(sha512_shadowhashdata)
|
977
|
+
expect(provider.class).to receive(:get_os_version).and_return('10.7')
|
978
|
+
expect(provider).to receive(:set_salted_sha512).with(sample_users_plist, sha512_shadowhashdata, sha512_password_hash)
|
979
|
+
provider.write_password_to_users_plist(sha512_password_hash)
|
980
|
+
end
|
981
|
+
|
982
|
+
it 'should call set_salted_pbkdf2 on 10.8 when given a PBKDF2 password hash' do
|
983
|
+
expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
|
984
|
+
expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
|
985
|
+
expect(provider.class).to receive(:get_os_version).and_return('10.8')
|
986
|
+
expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
|
987
|
+
provider.write_password_to_users_plist(pbkdf2_password_hash)
|
988
|
+
end
|
989
|
+
|
990
|
+
it "should delete the SALTED-SHA512 key in the shadow_hash_data hash if it exists on a 10.8 system and write_password_to_users_plist has been called to set the user's password" do
|
991
|
+
expect(provider).to receive(:get_users_plist).and_return('users_plist')
|
992
|
+
expect(provider).to receive(:get_shadow_hash_data).with('users_plist').and_return(sha512_shadowhashdata)
|
993
|
+
expect(provider.class).to receive(:get_os_version).and_return('10.8')
|
994
|
+
expect(provider).to receive(:set_salted_pbkdf2).with('users_plist', {}, 'entropy', pbkdf2_password_hash)
|
995
|
+
provider.write_password_to_users_plist(pbkdf2_password_hash)
|
996
|
+
end
|
950
997
|
end
|
951
998
|
end
|
952
999
|
|
@@ -974,16 +1021,7 @@ end
|
|
974
1021
|
describe '#set_shadow_hash_data' do
|
975
1022
|
let(:users_plist) { {'ShadowHashData' => ['string_data'] } }
|
976
1023
|
|
977
|
-
it 'should flush the plist data to
|
978
|
-
allow(provider.class).to receive(:get_os_version).and_return('10.12')
|
979
|
-
|
980
|
-
expect(provider).to receive(:write_users_plist_to_disk)
|
981
|
-
provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
|
982
|
-
end
|
983
|
-
|
984
|
-
it 'should flush the plist data a temporary file on OS X >= 10.15' do
|
985
|
-
allow(provider.class).to receive(:get_os_version).and_return('10.15')
|
986
|
-
|
1024
|
+
it 'should flush the plist data to a temporary file' do
|
987
1025
|
expect(provider).to receive(:write_and_import_shadow_hash_data)
|
988
1026
|
provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
|
989
1027
|
end
|
@@ -1033,13 +1071,6 @@ end
|
|
1033
1071
|
end
|
1034
1072
|
end
|
1035
1073
|
|
1036
|
-
describe '#write_users_plist_to_disk' do
|
1037
|
-
it 'should save the passed plist to disk and convert it to a binary plist' do
|
1038
|
-
expect(Puppet::Util::Plist).to receive(:write_plist_file).with(user_plist_xml, "#{users_plist_dir}/nonexistent_user.plist", :binary)
|
1039
|
-
provider.write_users_plist_to_disk(user_plist_xml)
|
1040
|
-
end
|
1041
|
-
end
|
1042
|
-
|
1043
1074
|
describe '#write_and_import_shadow_hash_data' do
|
1044
1075
|
it 'should save the passed plist to a temporary file and import it' do
|
1045
1076
|
tmpfile = double('tempfile', :path => "/tmp/dsimport_#{username}", :flush => nil)
|
@@ -1203,6 +1234,7 @@ end
|
|
1203
1234
|
before :each do
|
1204
1235
|
allow(provider.class).to receive(:get_all_users).and_return(all_users_hash)
|
1205
1236
|
allow(provider.class).to receive(:get_list_of_groups).and_return(group_plist_hash_guid)
|
1237
|
+
allow(provider).to receive(:merge_attribute_with_dscl).with('Users', username, 'AuthenticationAuthority', any_args)
|
1206
1238
|
provider.class.prefetch({})
|
1207
1239
|
end
|
1208
1240
|
|
@@ -72,50 +72,65 @@ describe test_title, "when validating attribute values" do
|
|
72
72
|
allow(@provider.class).to receive(:supports_parameter?).and_return(true)
|
73
73
|
end
|
74
74
|
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
75
|
+
describe "for value without required features" do
|
76
|
+
before :each do
|
77
|
+
allow(@provider).to receive(:satisfies?)
|
78
|
+
end
|
79
79
|
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
80
|
+
it "should not support :mask as a value" do
|
81
|
+
expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :mask) }.to raise_error(
|
82
|
+
Puppet::ResourceError,
|
83
|
+
/Provider .+ must have features 'maskable' to set 'enable' to 'mask'/
|
84
|
+
)
|
85
|
+
end
|
84
86
|
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
87
|
+
it "should not support :manual as a value" do
|
88
|
+
expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :manual) }.to raise_error(
|
89
|
+
Puppet::ResourceError,
|
90
|
+
/Provider .+ must have features 'manual_startable' to set 'enable' to 'manual'/
|
91
|
+
)
|
92
|
+
end
|
89
93
|
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
+
it "should not support :mask as a value" do
|
95
|
+
expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed) }.to raise_error(
|
96
|
+
Puppet::ResourceError,
|
97
|
+
/Provider .+ must have features 'delayed_startable' to set 'enable' to 'delayed'/
|
98
|
+
)
|
99
|
+
end
|
94
100
|
end
|
95
101
|
|
96
|
-
|
97
|
-
|
102
|
+
describe "for value with required features" do
|
103
|
+
before :each do
|
104
|
+
allow(@provider).to receive(:satisfies?).and_return(:true)
|
105
|
+
end
|
106
|
+
|
107
|
+
it "should support :true as a value" do
|
108
|
+
srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :true)
|
109
|
+
expect(srv.should(:enable)).to eq(:true)
|
110
|
+
end
|
98
111
|
|
99
|
-
|
100
|
-
|
101
|
-
|
112
|
+
it "should support :false as a value" do
|
113
|
+
srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :false)
|
114
|
+
expect(srv.should(:enable)).to eq(:false)
|
115
|
+
end
|
102
116
|
|
103
|
-
|
104
|
-
|
117
|
+
it "should support :mask as a value" do
|
118
|
+
srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :mask)
|
119
|
+
expect(srv.should(:enable)).to eq(:mask)
|
120
|
+
end
|
105
121
|
|
106
|
-
|
107
|
-
Puppet::
|
108
|
-
|
109
|
-
|
110
|
-
|
122
|
+
it "should support :manual as a value on Windows" do
|
123
|
+
allow(Puppet::Util::Platform).to receive(:windows?).and_return(true)
|
124
|
+
srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :manual)
|
125
|
+
expect(srv.should(:enable)).to eq(:manual)
|
126
|
+
end
|
111
127
|
|
112
|
-
|
113
|
-
|
128
|
+
it "should support :delayed as a value on Windows" do
|
129
|
+
allow(Puppet::Util::Platform).to receive(:windows?).and_return(true)
|
114
130
|
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
)
|
131
|
+
srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed)
|
132
|
+
expect(srv.should(:enable)).to eq(:delayed)
|
133
|
+
end
|
119
134
|
end
|
120
135
|
end
|
121
136
|
|