puppet 7.7.0 → 7.8.0

data/man/man8/puppet-ssl.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SSL" "8" "May 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SSL" "8" "June 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients

data/man/man8/puppet.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET" "8" "May 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET" "8" "June 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
 catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
 .
 .P
-See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v7\.7\.0
+See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v7\.8\.0

data/spec/integration/application/resource_spec.rb

@@ -0,0 +1,30 @@
+require 'spec_helper'
+require 'puppet_spec/files'
+
+describe "puppet resource", unless: Puppet::Util::Platform.jruby? do
+  include PuppetSpec::Files
+
+  let(:resource) { Puppet::Application[:resource] }
+
+  describe "when handling file and tidy types" do
+    let!(:dir) { dir_containing('testdir', 'testfile' => 'contents') }
+
+    it 'does not raise when generating file resources' do
+      resource.command_line.args = ['file', dir, 'ensure=directory', 'recurse=true']
+
+      expect {
+        resource.run
+      }.to output(/ensure.+=> 'directory'/).to_stdout
+    end
+
+    it 'correctly cleans up a given path' do
+      resource.command_line.args = ['tidy', dir, 'rmdirs=true', 'recurse=true']
+
+      expect {
+        resource.run
+      }.to output(/Notice: \/File\[#{dir}\]\/ensure: removed/).to_stdout
+
+      expect(Puppet::FileSystem.exist?(dir)).to be false
+    end
+  end
+end

data/spec/unit/functions4_spec.rb

@@ -39,6 +39,15 @@ describe 'the 4x function api' do
 
   let(:loader) { FunctionAPISpecModule::TestFunctionLoader.new }
 
+  def parse_eval(code, here)
+    if here.respond_to?(:source_location)
+      eval(code, here, here.source_location[0], here.source_location[1])
+    else
+      # this can be removed when ruby < 2.6 is dropped
+      eval(code, here)
+    end
+  end
+
   it 'allows a simple function to be created without dispatch declaration' do
     f = Puppet::Functions.create_function('min') do
       def min(x,y)
@@ -484,7 +493,7 @@ describe 'the 4x function api' do
         the_loader = loader()
         here = get_binding(the_loader)
         expect do
-          eval(<<-CODE, here)
+          parse_eval(<<-CODE, here)
             Puppet::Functions.create_function('testing::test') do
               local_types do
                 type 'MyType += Array[Integer]'
@@ -505,7 +514,7 @@ describe 'the 4x function api' do
         the_loader = loader()
         here = get_binding(the_loader)
         expect do
-          eval(<<-CODE, here)
+          parse_eval(<<-CODE, here)
             Puppet::Functions.create_function('testing::test') do
               dispatch :test do
                 param 'Array[1+=1]', :x
@@ -525,7 +534,7 @@ describe 'the 4x function api' do
       it 'uses return_type to validate returned value' do
         the_loader = loader()
         here = get_binding(the_loader)
-        fc = eval(<<-CODE, here)
+        fc = parse_eval(<<-CODE, here)
           Puppet::Functions.create_function('testing::test') do
             dispatch :test do
               param 'Integer', :x
@@ -547,7 +556,7 @@ describe 'the 4x function api' do
         the_loader = loader()
         the_loader.add_type('myalias', type_alias_t('MyAlias', 'Integer'))
         here = get_binding(the_loader)
-        fc = eval(<<-CODE, here)
+        fc = parse_eval(<<-CODE, here)
           Puppet::Functions.create_function('testing::test') do
             dispatch :test do
               param 'MyAlias', :x
@@ -567,7 +576,7 @@ describe 'the 4x function api' do
       it 'reports a reference to an unresolved type' do
         the_loader = loader()
         here = get_binding(the_loader)
-        fc = eval(<<-CODE, here)
+        fc = parse_eval(<<-CODE, here)
           Puppet::Functions.create_function('testing::test') do
             dispatch :test do
               param 'MyAlias', :x
@@ -586,7 +595,7 @@ describe 'the 4x function api' do
       it 'create local Type aliases' do
         the_loader = loader()
         here = get_binding(the_loader)
-        fc = eval(<<-CODE, here)
+        fc = parse_eval(<<-CODE, here)
           Puppet::Functions.create_function('testing::test') do
             local_types do
               type 'MyType = Array[Integer]'
@@ -608,7 +617,7 @@ describe 'the 4x function api' do
       it 'create nested local Type aliases' do
         the_loader = loader()
         here = get_binding(the_loader)
-        fc = eval(<<-CODE, here)
+        fc = parse_eval(<<-CODE, here)
           Puppet::Functions.create_function('testing::test') do
             local_types do
               type 'InnerType = Array[Integer]'
@@ -631,7 +640,7 @@ describe 'the 4x function api' do
       it 'create self referencing local Type aliases' do
         the_loader = loader()
         here = get_binding(the_loader)
-        fc = eval(<<-CODE, here)
+        fc = parse_eval(<<-CODE, here)
           Puppet::Functions.create_function('testing::test') do
             local_types do
               type 'Tree = Hash[String,Variant[String,Tree]]'

data/spec/unit/pops/types/p_sem_ver_type_spec.rb

@@ -125,6 +125,24 @@ describe 'Semantic Versions' do
         expect(eval_and_collect_notices(code)).to eql(['true', 'false'])
       end
 
+      it 'can be compared to another instance created from arguments' do
+        code = <<-CODE
+          $x = SemVer('1.2.3-rc4+5')
+          $y = SemVer(1, 2, 3, 'rc4', '5')
+          notice($x == $y)
+        CODE
+        expect(eval_and_collect_notices(code)).to eql(['true'])
+      end
+
+      it 'can be compared to another instance created from a hash' do
+        code = <<-CODE
+          $x = SemVer('1.2.3-rc4+5')
+          $y = SemVer(major => 1, minor => 2, patch => 3, prerelease => 'rc4', build => '5')
+          notice($x == $y)
+        CODE
+        expect(eval_and_collect_notices(code)).to eql(['true'])
+      end
+
       it 'can be compared to another instance for magnitude' do
         code = <<-CODE
           $x = SemVer('1.1.1')

data/spec/unit/pops/types/p_sensitive_type_spec.rb

@@ -113,6 +113,24 @@ describe 'Sensitive Type' do
       expect(eval_and_collect_notices(code)).to eq(['Sensitive[Integer] != Sensitive[String]'])
     end
 
+    it 'equals another instance with the same value' do
+      code =<<-CODE
+        $i = Sensitive('secret')
+        $o = Sensitive('secret')
+        notice($i == $o)
+      CODE
+      expect(eval_and_collect_notices(code)).to eq(['true'])
+    end
+
+    it 'has equal hash keys for same values' do
+      code =<<-CODE
+        $i = Sensitive('secret')
+        $o = Sensitive('secret')
+        notice({$i => 1} == {$o => 1})
+      CODE
+      expect(eval_and_collect_notices(code)).to eq(['true'])
+    end
+
     it 'can be created from another sensitive instance ' do
       code =<<-CODE
         $o = Sensitive("hunter2")

data/spec/unit/provider/package/nim_spec.rb

@@ -191,6 +191,27 @@ OUTPUT
           expect(versions[version]).to eq(:rpm)
         end
       end
+
+      it "should be able to parse RPM package listings with letters in version" do
+        showres_output = <<END
+cairo                                                              ALL  @@R:cairo _all_filesets
+   @@R:cairo-1.14.6-2waixX11 1.14.6-2waixX11
+END
+        packages = subject.send(:parse_showres_output, showres_output)
+        expect(Set.new(packages.keys)).to eq(Set.new(['cairo']))
+        versions = packages['cairo']
+        expect(versions.has_key?('1.14.6-2waixX11')).to eq(true)
+        expect(versions['1.14.6-2waixX11']).to eq(:rpm)
+      end
+
+      it "should raise error when parsing invalid RPM package listings" do
+              showres_output = <<END
+cairo                                                              ALL  @@R:cairo _all_filesets
+   @@R:cairo-invalid_version invalid_version
+END
+        expect{ subject.send(:parse_showres_output, showres_output) }.to raise_error(Puppet::Error,
+          /Unable to parse output from nimclient showres: package string does not match expected rpm package string format/)
+      end
     end
 
     context "#determine_latest_version" do
@@ -220,6 +241,27 @@ END
       it "should return :installp for installp/bff packages" do
         expect(subject.send(:determine_package_type, bff_showres_output, 'mypackage.foo', '1.2.3.4')).to eq(:installp)
       end
+
+      it "should return :installp for security updates" do
+        nimclient_showres_output = <<END
+bos.net                                                            ALL  @@S:bos.net _all_filesets
+ + 7.2.0.1  TCP/IP ntp Applications                                     @@S:bos.net.tcp.ntp 7.2.0.1
+ + 7.2.0.2  TCP/IP ntp Applications                                     @@S:bos.net.tcp.ntp 7.2.0.2
+
+END
+        expect(subject.send(:determine_package_type, nimclient_showres_output, 'bos.net.tcp.ntp', '7.2.0.2')).to eq(:installp)
+      end
+
+      it "should raise error when invalid header format is given" do
+        nimclient_showres_output = <<END
+bos.net                                                            ALL  @@INVALID_TYPE:bos.net _all_filesets
+ + 7.2.0.1  TCP/IP ntp Applications                                     @@INVALID_TYPE:bos.net.tcp.ntp 7.2.0.1
+ + 7.2.0.2  TCP/IP ntp Applications                                     @@INVALID_TYPE:bos.net.tcp.ntp 7.2.0.2
+
+END
+        expect{ subject.send(:determine_package_type, nimclient_showres_output, 'bos.net.tcp.ntp', '7.2.0.2') }.to raise_error(
+          Puppet::Error, /Unable to parse output from nimclient showres: line does not match expected package header format/)
+      end
     end
   end
 end

data/spec/unit/provider/service/freebsd_spec.rb

@@ -82,7 +82,7 @@ OUTPUT
     allow(Puppet::FileSystem).to receive(:exist?).with('/etc/rc.conf').and_return(true)
     allow(File).to receive(:read).with('/etc/rc.conf').and_return("openntpd_enable=\"NO\"\nntpd_enable=\"NO\"\n")
     fh = double('fh')
-    allow(File).to receive(:open).with('/etc/rc.conf', File::WRONLY).and_yield(fh)
+    allow(Puppet::FileSystem).to receive(:replace_file).with('/etc/rc.conf').and_yield(fh)
     expect(fh).to receive(:<<).with("openntpd_enable=\"NO\"\nntpd_enable=\"YES\"\n")
     allow(Puppet::FileSystem).to receive(:exist?).with('/etc/rc.conf.local').and_return(false)
     allow(Puppet::FileSystem).to receive(:exist?).with('/etc/rc.conf.d/ntpd').and_return(false)

data/spec/unit/provider/service/systemd_spec.rb

@@ -362,6 +362,9 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
   describe "#mask" do
     it "should run systemctl to disable and mask a service" do
       provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'sshd.service'))
+      expect(provider).to receive(:execute).
+                            with(['/bin/systemctl','cat', '--', 'sshd.service'], :failonfail => false).
+                            and_return(Puppet::Util::Execution::ProcessOutput.new("# /lib/systemd/system/sshd.service\n...", 0))
       # :disable is the only call in the provider that uses a symbol instead of
       # a string.
       # This should be made consistent in the future and all tests updated.
@@ -369,6 +372,15 @@ Jun 14 21:43:23 foo.example.com systemd[1]: sshd.service lacks both ExecStart= a
       expect(provider).to receive(:systemctl).with(:mask, '--', 'sshd.service')
       provider.mask
     end
+
+    it "masks a service that doesn't exist" do
+      provider = provider_class.new(Puppet::Type.type(:service).new(:name => 'doesnotexist.service'))
+      expect(provider).to receive(:execute).
+                            with(['/bin/systemctl','cat', '--', 'doesnotexist.service'], :failonfail => false).
+                            and_return(Puppet::Util::Execution::ProcessOutput.new("No files found for doesnotexist.service.\n", 1))
+      expect(provider).to receive(:systemctl).with(:mask, '--', 'doesnotexist.service')
+      provider.mask
+    end
   end
 
   # Note: systemd provider does not care about hasstatus or a custom status

data/spec/unit/provider/user/directoryservice_spec.rb

@@ -925,28 +925,75 @@ end
       }
     end
 
-    it 'should call set_salted_sha512 on 10.7 when given a salted-SHA512 password hash' do
-      expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
-      expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(sha512_shadowhashdata)
-      expect(provider.class).to receive(:get_os_version).and_return('10.7')
-      expect(provider).to receive(:set_salted_sha512).with(sample_users_plist, sha512_shadowhashdata, sha512_password_hash)
-      provider.write_password_to_users_plist(sha512_password_hash)
+    before do
+      allow(provider).to receive(:merge_attribute_with_dscl).with('Users', username, 'AuthenticationAuthority', any_args)
     end
 
-    it 'should call set_salted_pbkdf2 on 10.8 when given a PBKDF2 password hash' do
-      expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
-      expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
-      expect(provider.class).to receive(:get_os_version).and_return('10.8')
-      expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
-      provider.write_password_to_users_plist(pbkdf2_password_hash)
+    describe 'when on macOS 11 (Big Sur) or greater' do
+      before do
+        allow(provider.class).to receive(:get_os_version).and_return('11.0.0')
+      end
+
+      it 'should add salted_sha512_pbkdf2 AuthenticationAuthority key if missing' do
+        expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
+        expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
+        expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
+        expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(true)
+
+        expect(Puppet).to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
+        provider.write_password_to_users_plist(pbkdf2_password_hash)
+      end
+
+      it 'should not add salted_sha512_pbkdf2 AuthenticationAuthority key if not missing' do
+        expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
+        expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
+        expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
+        expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
+
+        expect(Puppet).not_to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
+        provider.write_password_to_users_plist(pbkdf2_password_hash)
+      end
     end
 
-    it "should delete the SALTED-SHA512 key in the shadow_hash_data hash if it exists on a 10.8 system and write_password_to_users_plist has been called to set the user's password" do
-      expect(provider).to receive(:get_users_plist).and_return('users_plist')
-      expect(provider).to receive(:get_shadow_hash_data).with('users_plist').and_return(sha512_shadowhashdata)
-      expect(provider.class).to receive(:get_os_version).and_return('10.8')
-      expect(provider).to receive(:set_salted_pbkdf2).with('users_plist', {}, 'entropy', pbkdf2_password_hash)
-      provider.write_password_to_users_plist(pbkdf2_password_hash)
+    describe 'when on macOS version lower than 11' do
+      before do
+        allow(provider.class).to receive(:get_os_version)
+        allow(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
+      end
+
+      it 'should not add salted_sha512_pbkdf2 AuthenticationAuthority' do
+        expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
+        expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
+        expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
+        expect(provider).to receive(:needs_sha512_pbkdf2_authentication_authority_to_be_added?).and_return(false)
+
+        expect(Puppet).not_to receive(:debug).with("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user 'nonexistent_user'")
+        provider.write_password_to_users_plist(pbkdf2_password_hash)
+      end
+
+      it 'should call set_salted_sha512 on 10.7 when given a salted-SHA512 password hash' do
+        expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
+        expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(sha512_shadowhashdata)
+        expect(provider.class).to receive(:get_os_version).and_return('10.7')
+        expect(provider).to receive(:set_salted_sha512).with(sample_users_plist, sha512_shadowhashdata, sha512_password_hash)
+        provider.write_password_to_users_plist(sha512_password_hash)
+      end
+
+      it 'should call set_salted_pbkdf2 on 10.8 when given a PBKDF2 password hash' do
+        expect(provider).to receive(:get_users_plist).and_return(sample_users_plist)
+        expect(provider).to receive(:get_shadow_hash_data).with(sample_users_plist).and_return(pbkdf2_shadowhashdata)
+        expect(provider.class).to receive(:get_os_version).and_return('10.8')
+        expect(provider).to receive(:set_salted_pbkdf2).with(sample_users_plist, pbkdf2_shadowhashdata, 'entropy', pbkdf2_password_hash)
+        provider.write_password_to_users_plist(pbkdf2_password_hash)
+      end
+
+      it "should delete the SALTED-SHA512 key in the shadow_hash_data hash if it exists on a 10.8 system and write_password_to_users_plist has been called to set the user's password" do
+        expect(provider).to receive(:get_users_plist).and_return('users_plist')
+        expect(provider).to receive(:get_shadow_hash_data).with('users_plist').and_return(sha512_shadowhashdata)
+        expect(provider.class).to receive(:get_os_version).and_return('10.8')
+        expect(provider).to receive(:set_salted_pbkdf2).with('users_plist', {}, 'entropy', pbkdf2_password_hash)
+        provider.write_password_to_users_plist(pbkdf2_password_hash)
+      end
     end
   end
 
@@ -974,16 +1021,7 @@ end
   describe '#set_shadow_hash_data' do
     let(:users_plist) { {'ShadowHashData' => ['string_data'] } }
 
-    it 'should flush the plist data to disk on OS X < 10.15' do
-      allow(provider.class).to receive(:get_os_version).and_return('10.12')
-
-      expect(provider).to receive(:write_users_plist_to_disk)
-      provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
-    end
-
-    it 'should flush the plist data a temporary file on OS X >= 10.15' do
-      allow(provider.class).to receive(:get_os_version).and_return('10.15')
-
+    it 'should flush the plist data to a temporary file' do
       expect(provider).to receive(:write_and_import_shadow_hash_data)
       provider.set_shadow_hash_data(users_plist, pbkdf2_embedded_plist)
     end
@@ -1033,13 +1071,6 @@ end
     end
   end
 
-  describe '#write_users_plist_to_disk' do
-    it 'should save the passed plist to disk and convert it to a binary plist' do
-      expect(Puppet::Util::Plist).to receive(:write_plist_file).with(user_plist_xml, "#{users_plist_dir}/nonexistent_user.plist", :binary)
-      provider.write_users_plist_to_disk(user_plist_xml)
-    end
-  end
-
   describe '#write_and_import_shadow_hash_data' do
     it 'should save the passed plist to a temporary file and import it' do
       tmpfile = double('tempfile', :path => "/tmp/dsimport_#{username}", :flush => nil)
@@ -1203,6 +1234,7 @@ end
     before :each do
       allow(provider.class).to receive(:get_all_users).and_return(all_users_hash)
       allow(provider.class).to receive(:get_list_of_groups).and_return(group_plist_hash_guid)
+      allow(provider).to receive(:merge_attribute_with_dscl).with('Users', username, 'AuthenticationAuthority', any_args)
       provider.class.prefetch({})
     end
 

data/spec/unit/type/service_spec.rb

@@ -72,50 +72,65 @@ describe test_title, "when validating attribute values" do
       allow(@provider.class).to receive(:supports_parameter?).and_return(true)
     end
 
-    it "should support :true as a value" do
-      srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :true)
-      expect(srv.should(:enable)).to eq(:true)
-    end
+    describe "for value without required features" do
+      before :each do
+        allow(@provider).to receive(:satisfies?)
+      end
 
-    it "should support :false as a value" do
-      srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :false)
-      expect(srv.should(:enable)).to eq(:false)
-    end
+      it "should not support :mask as a value" do
+        expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :mask) }.to raise_error(
+          Puppet::ResourceError,
+          /Provider .+ must have features 'maskable' to set 'enable' to 'mask'/
+        )
+      end
 
-    it "should support :mask as a value" do
-      srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :mask)
-      expect(srv.should(:enable)).to eq(:mask)
-    end
+      it "should not support :manual as a value" do
+        expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :manual) }.to raise_error(
+          Puppet::ResourceError,
+          /Provider .+ must have features 'manual_startable' to set 'enable' to 'manual'/
+        )
+      end
 
-    it "should support :manual as a value on Windows" do
-      allow(Puppet::Util::Platform).to receive(:windows?).and_return(true)
-      srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :manual)
-      expect(srv.should(:enable)).to eq(:manual)
+      it "should not support :mask as a value" do
+        expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed) }.to raise_error(
+          Puppet::ResourceError,
+          /Provider .+ must have features 'delayed_startable' to set 'enable' to 'delayed'/
+        )
+      end
     end
 
-    it "should support :delayed as a value on Windows" do
-      allow(Puppet::Util::Platform).to receive(:windows?).and_return(true)
+    describe "for value with required features" do
+      before :each do
+        allow(@provider).to receive(:satisfies?).and_return(:true)
+      end
+
+      it "should support :true as a value" do
+        srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :true)
+        expect(srv.should(:enable)).to eq(:true)
+      end
 
-      srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed)
-      expect(srv.should(:enable)).to eq(:delayed)
-    end
+      it "should support :false as a value" do
+        srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :false)
+        expect(srv.should(:enable)).to eq(:false)
+      end
 
-    it "should not support :manual as a value when not on Windows" do
-      allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
+      it "should support :mask as a value" do
+        srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :mask)
+        expect(srv.should(:enable)).to eq(:mask)
+      end
 
-      expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :manual) }.to raise_error(
-        Puppet::Error,
-        /Setting enable to manual is only supported on Microsoft Windows\./
-      )
-    end
+      it "should support :manual as a value on Windows" do
+        allow(Puppet::Util::Platform).to receive(:windows?).and_return(true)
+        srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :manual)
+        expect(srv.should(:enable)).to eq(:manual)
+      end
 
-    it "should not support :delayed as a value when not on Windows" do
-      allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
+      it "should support :delayed as a value on Windows" do
+        allow(Puppet::Util::Platform).to receive(:windows?).and_return(true)
 
-      expect { Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed) }.to raise_error(
-        Puppet::Error,
-        /Setting enable to delayed is only supported on Microsoft Windows\./
-      )
+        srv = Puppet::Type.type(:service).new(:name => "yay", :enable => :delayed)
+        expect(srv.should(:enable)).to eq(:delayed)
+      end
     end
   end