puppet 7.8.0-universal-darwin → 7.9.0-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (146) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +5 -5
  3. data/Gemfile.lock +9 -9
  4. data/README.md +4 -4
  5. data/ext/project_data.yaml +1 -0
  6. data/install.rb +0 -4
  7. data/lib/puppet.rb +3 -3
  8. data/lib/puppet/application/filebucket.rb +1 -0
  9. data/lib/puppet/application/resource.rb +15 -2
  10. data/lib/puppet/application/ssl.rb +1 -0
  11. data/lib/puppet/defaults.rb +7 -0
  12. data/lib/puppet/environments.rb +10 -0
  13. data/lib/puppet/face/help/action.erb +1 -0
  14. data/lib/puppet/face/help/face.erb +1 -0
  15. data/lib/puppet/face/node/clean.rb +1 -1
  16. data/lib/puppet/file_system/file_impl.rb +1 -1
  17. data/lib/puppet/file_system/windows.rb +2 -2
  18. data/lib/puppet/forge.rb +3 -3
  19. data/lib/puppet/forge/cache.rb +1 -1
  20. data/lib/puppet/functions/empty.rb +8 -0
  21. data/lib/puppet/functions/strftime.rb +1 -0
  22. data/lib/puppet/functions/unwrap.rb +17 -2
  23. data/lib/puppet/indirector/resource/ral.rb +6 -1
  24. data/lib/puppet/interface/documentation.rb +1 -0
  25. data/lib/puppet/module_tool/applications/installer.rb +4 -0
  26. data/lib/puppet/module_tool/errors/shared.rb +17 -0
  27. data/lib/puppet/module_tool/tar/mini.rb +1 -1
  28. data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
  29. data/lib/puppet/provider/exec/posix.rb +16 -4
  30. data/lib/puppet/provider/package/pip.rb +15 -3
  31. data/lib/puppet/provider/package/windows.rb +14 -1
  32. data/lib/puppet/provider/package/windows/exe_package.rb +30 -1
  33. data/lib/puppet/provider/package/windows/package.rb +2 -1
  34. data/lib/puppet/provider/parsedfile.rb +3 -0
  35. data/lib/puppet/resource/type_collection.rb +2 -0
  36. data/lib/puppet/settings.rb +30 -7
  37. data/lib/puppet/settings/config_file.rb +1 -8
  38. data/lib/puppet/settings/value_translator.rb +0 -1
  39. data/lib/puppet/type/exec.rb +16 -3
  40. data/lib/puppet/type/file/mode.rb +6 -0
  41. data/lib/puppet/type/tidy.rb +1 -1
  42. data/lib/puppet/type/user.rb +1 -1
  43. data/lib/puppet/util/monkey_patches.rb +2 -17
  44. data/lib/puppet/util/symbolic_file_mode.rb +29 -17
  45. data/lib/puppet/util/windows/sid.rb +3 -1
  46. data/lib/puppet/version.rb +1 -1
  47. data/lib/puppet/x509/cert_provider.rb +3 -21
  48. data/locales/puppet.pot +207 -171
  49. data/man/man5/puppet.conf.5 +2 -2
  50. data/man/man8/puppet-agent.8 +1 -1
  51. data/man/man8/puppet-apply.8 +1 -1
  52. data/man/man8/puppet-catalog.8 +9 -9
  53. data/man/man8/puppet-config.8 +1 -1
  54. data/man/man8/puppet-describe.8 +1 -1
  55. data/man/man8/puppet-device.8 +1 -1
  56. data/man/man8/puppet-doc.8 +1 -1
  57. data/man/man8/puppet-epp.8 +1 -1
  58. data/man/man8/puppet-facts.8 +7 -7
  59. data/man/man8/puppet-filebucket.8 +1 -1
  60. data/man/man8/puppet-generate.8 +1 -1
  61. data/man/man8/puppet-help.8 +1 -1
  62. data/man/man8/puppet-lookup.8 +1 -1
  63. data/man/man8/puppet-module.8 +1 -1
  64. data/man/man8/puppet-node.8 +5 -5
  65. data/man/man8/puppet-parser.8 +1 -1
  66. data/man/man8/puppet-plugin.8 +1 -1
  67. data/man/man8/puppet-report.8 +5 -5
  68. data/man/man8/puppet-resource.8 +1 -1
  69. data/man/man8/puppet-script.8 +1 -1
  70. data/man/man8/puppet-ssl.8 +1 -1
  71. data/man/man8/puppet.8 +2 -2
  72. data/spec/fixtures/ssl/127.0.0.1-key.pem +106 -106
  73. data/spec/fixtures/ssl/127.0.0.1.pem +48 -48
  74. data/spec/fixtures/ssl/bad-basic-constraints.pem +54 -54
  75. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +51 -51
  76. data/spec/fixtures/ssl/ca.pem +52 -52
  77. data/spec/fixtures/ssl/crl.pem +25 -25
  78. data/spec/fixtures/ssl/ec-key-openssl.pem +8 -0
  79. data/spec/fixtures/ssl/ec-key-pk8.pem +5 -0
  80. data/spec/fixtures/ssl/ec-key.pem +11 -11
  81. data/spec/fixtures/ssl/ec.pem +32 -32
  82. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  83. data/spec/fixtures/ssl/encrypted-key.pem +107 -107
  84. data/spec/fixtures/ssl/intermediate-agent-crl.pem +25 -25
  85. data/spec/fixtures/ssl/intermediate-agent.pem +54 -54
  86. data/spec/fixtures/ssl/intermediate-crl.pem +28 -28
  87. data/spec/fixtures/ssl/intermediate.pem +51 -51
  88. data/spec/fixtures/ssl/oid-key.pem +117 -0
  89. data/spec/fixtures/ssl/oid.pem +69 -0
  90. data/spec/fixtures/ssl/pluto-key.pem +106 -106
  91. data/spec/fixtures/ssl/pluto.pem +50 -50
  92. data/spec/fixtures/ssl/request-key.pem +106 -106
  93. data/spec/fixtures/ssl/request.pem +45 -45
  94. data/spec/fixtures/ssl/revoked-key.pem +106 -106
  95. data/spec/fixtures/ssl/revoked.pem +49 -49
  96. data/spec/fixtures/ssl/signed-key.pem +106 -106
  97. data/spec/fixtures/ssl/signed.pem +47 -47
  98. data/spec/fixtures/ssl/tampered-cert.pem +49 -49
  99. data/spec/fixtures/ssl/tampered-csr.pem +45 -45
  100. data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
  101. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +106 -106
  102. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -48
  103. data/spec/fixtures/ssl/unknown-ca-key.pem +106 -106
  104. data/spec/fixtures/ssl/unknown-ca.pem +52 -52
  105. data/spec/integration/application/filebucket_spec.rb +11 -0
  106. data/spec/integration/application/module_spec.rb +21 -0
  107. data/spec/integration/application/resource_spec.rb +35 -1
  108. data/spec/integration/application/ssl_spec.rb +20 -0
  109. data/spec/integration/defaults_spec.rb +5 -0
  110. data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
  111. data/spec/integration/indirector/facts/facter_spec.rb +90 -36
  112. data/spec/integration/type/exec_spec.rb +70 -45
  113. data/spec/lib/puppet/test_ca.rb +5 -0
  114. data/spec/lib/puppet_spec/settings.rb +1 -0
  115. data/spec/unit/environments_spec.rb +35 -0
  116. data/spec/unit/file_system_spec.rb +6 -0
  117. data/spec/unit/functions/assert_type_spec.rb +1 -1
  118. data/spec/unit/functions/empty_spec.rb +10 -0
  119. data/spec/unit/functions/lookup_spec.rb +23 -0
  120. data/spec/unit/functions/unwrap_spec.rb +8 -0
  121. data/spec/unit/functions4_spec.rb +2 -2
  122. data/spec/unit/indirector/resource/ral_spec.rb +40 -75
  123. data/spec/unit/module_tool/applications/installer_spec.rb +13 -2
  124. data/spec/unit/parser/compiler_spec.rb +29 -0
  125. data/spec/unit/parser/templatewrapper_spec.rb +12 -2
  126. data/spec/unit/pops/loaders/dependency_loader_spec.rb +0 -9
  127. data/spec/unit/pops/parser/lexer2_spec.rb +0 -4
  128. data/spec/unit/provider/package/pip_spec.rb +37 -0
  129. data/spec/unit/provider/package/windows/exe_package_spec.rb +17 -0
  130. data/spec/unit/provider/parsedfile_spec.rb +10 -0
  131. data/spec/unit/resource/type_collection_spec.rb +16 -0
  132. data/spec/unit/resource/type_spec.rb +2 -2
  133. data/spec/unit/settings/config_file_spec.rb +1 -11
  134. data/spec/unit/settings/value_translator_spec.rb +4 -5
  135. data/spec/unit/settings_spec.rb +120 -79
  136. data/spec/unit/ssl/ssl_provider_spec.rb +18 -16
  137. data/spec/unit/type/exec_spec.rb +76 -29
  138. data/spec/unit/type/file/source_spec.rb +4 -4
  139. data/spec/unit/type/tidy_spec.rb +7 -0
  140. data/spec/unit/util/ldap/connection_spec.rb +10 -10
  141. data/spec/unit/util/ldap/manager_spec.rb +2 -2
  142. data/spec/unit/util/windows/sid_spec.rb +39 -4
  143. data/spec/unit/util_spec.rb +1 -3
  144. data/spec/unit/x509/cert_provider_spec.rb +9 -1
  145. data/tasks/generate_cert_fixtures.rake +10 -1
  146. metadata +16 -3
@@ -505,28 +505,30 @@ describe Puppet::SSL::SSLProvider do
505
505
  }.to raise_error(Puppet::Error, /The client certificate is missing from/)
506
506
  end
507
507
 
508
- it 'loads the private key and client cert' do
509
- ssl_context = subject.load_context
508
+ context 'loading private keys', unless: RUBY_PLATFORM == 'java' do
509
+ it 'loads the private key and client cert' do
510
+ ssl_context = subject.load_context
510
511
 
511
- expect(ssl_context.private_key).to be_an(OpenSSL::PKey::RSA)
512
- expect(ssl_context.client_cert).to be_an(OpenSSL::X509::Certificate)
513
- end
512
+ expect(ssl_context.private_key).to be_an(OpenSSL::PKey::RSA)
513
+ expect(ssl_context.client_cert).to be_an(OpenSSL::X509::Certificate)
514
+ end
514
515
 
515
- it 'loads a password protected key and client cert' do
516
- FileUtils.cp(File.join(PuppetSpec::FIXTURE_DIR, 'ssl', 'encrypted-key.pem'), File.join(Puppet[:privatekeydir], 'signed.pem'))
516
+ it 'loads a password protected key and client cert' do
517
+ FileUtils.cp(File.join(PuppetSpec::FIXTURE_DIR, 'ssl', 'encrypted-key.pem'), File.join(Puppet[:privatekeydir], 'signed.pem'))
517
518
 
518
- ssl_context = subject.load_context(password: '74695716c8b6')
519
+ ssl_context = subject.load_context(password: '74695716c8b6')
519
520
 
520
- expect(ssl_context.private_key).to be_an(OpenSSL::PKey::RSA)
521
- expect(ssl_context.client_cert).to be_an(OpenSSL::X509::Certificate)
522
- end
521
+ expect(ssl_context.private_key).to be_an(OpenSSL::PKey::RSA)
522
+ expect(ssl_context.client_cert).to be_an(OpenSSL::X509::Certificate)
523
+ end
523
524
 
524
- it 'raises if the password is incorrect' do
525
- FileUtils.cp(File.join(PuppetSpec::FIXTURE_DIR, 'ssl', 'encrypted-key.pem'), File.join(Puppet[:privatekeydir], 'signed.pem'))
525
+ it 'raises if the password is incorrect' do
526
+ FileUtils.cp(File.join(PuppetSpec::FIXTURE_DIR, 'ssl', 'encrypted-key.pem'), File.join(Puppet[:privatekeydir], 'signed.pem'))
526
527
 
527
- expect {
528
- subject.load_context(password: 'wrongpassword')
529
- }.to raise_error(Puppet::SSL::SSLError, /Failed to load private key for host 'signed': Could not parse PKey/)
528
+ expect {
529
+ subject.load_context(password: 'wrongpassword')
530
+ }.to raise_error(Puppet::SSL::SSLError, /Failed to load private key for host 'signed': Could not parse PKey/)
531
+ end
530
532
  end
531
533
  end
532
534
 
@@ -239,6 +239,19 @@ RSpec.describe Puppet::Type.type(:exec) do
239
239
  expect(dependencies.collect(&:to_s)).to eq([Puppet::Relationship.new(tmp, execer).to_s])
240
240
  end
241
241
 
242
+ it "should be able to autorequire files mentioned in the array command" do
243
+ foo = make_absolute('/bin/foo')
244
+ catalog = Puppet::Resource::Catalog.new
245
+ tmp = Puppet::Type.type(:file).new(:name => foo)
246
+ execer = Puppet::Type.type(:exec).new(:name => 'test array', :command => [foo, 'bar'])
247
+
248
+ catalog.add_resource tmp
249
+ catalog.add_resource execer
250
+ dependencies = execer.autorequire(catalog)
251
+
252
+ expect(dependencies.collect(&:to_s)).to eq([Puppet::Relationship.new(tmp, execer).to_s])
253
+ end
254
+
242
255
  describe "when handling the path parameter" do
243
256
  expect = %w{one two three four}
244
257
  { "an array" => expect,
@@ -346,7 +359,13 @@ RSpec.describe Puppet::Type.type(:exec) do
346
359
  end
347
360
 
348
361
  shared_examples_for "all exec command parameters" do |param|
349
- { "relative" => "example", "absolute" => "/bin/example" }.sort.each do |name, command|
362
+ array_cmd = ["/bin/example", "*"]
363
+ array_cmd = [["/bin/example", "*"]] if [:onlyif, :unless].include?(param)
364
+
365
+ commands = { "relative" => "example", "absolute" => "/bin/example" }
366
+ commands["array"] = array_cmd
367
+
368
+ commands.sort.each do |name, command|
350
369
  describe "if command is #{name}" do
351
370
  before :each do
352
371
  @param = param
@@ -379,45 +398,44 @@ RSpec.describe Puppet::Type.type(:exec) do
379
398
  end
380
399
 
381
400
  shared_examples_for "all exec command parameters that take arrays" do |param|
382
- describe "when given an array of inputs" do
383
- before :each do
384
- @test = Puppet::Type.type(:exec).new(:name => @executable)
385
- end
401
+ [
402
+ %w{one two three},
403
+ [%w{one -a}, %w{two, -b}, 'three']
404
+ ].each do |input|
405
+ context "when given #{input.inspect} as input" do
406
+ let(:resource) { Puppet::Type.type(:exec).new(:name => @executable) }
386
407
 
387
- it "should accept the array when all commands return valid" do
388
- input = %w{one two three}
389
- expect(@test.provider).to receive(:validatecmd).exactly(input.length).times.and_return(true)
390
- @test[param] = input
391
- expect(@test[param]).to eq(input)
392
- end
408
+ it "accepts the array when all commands return valid" do
409
+ input = %w{one two three}
410
+ allow(resource.provider).to receive(:validatecmd).exactly(input.length).times.and_return(true)
411
+ resource[param] = input
412
+ expect(resource[param]).to eq(input)
413
+ end
393
414
 
394
- it "should reject the array when any commands return invalid" do
395
- input = %w{one two three}
396
- expect(@test.provider).to receive(:validatecmd).with(input.first).and_return(false)
397
- input[1..-1].each do |cmd|
398
- expect(@test.provider).to receive(:validatecmd).with(cmd).and_return(true)
415
+ it "rejects the array when any commands return invalid" do
416
+ input = %w{one two three}
417
+ allow(resource.provider).to receive(:validatecmd).with(input[0]).and_return(true)
418
+ allow(resource.provider).to receive(:validatecmd).with(input[1]).and_raise(Puppet::Error)
419
+
420
+ expect { resource[param] = input }.to raise_error(Puppet::ResourceError, /Parameter #{param} failed/)
399
421
  end
400
- @test[param] = input
401
- expect(@test[param]).to eq(input)
402
- end
403
422
 
404
- it "should reject the array when all commands return invalid" do
405
- input = %w{one two three}
406
- expect(@test.provider).to receive(:validatecmd).exactly(input.length).times.and_return(false)
407
- @test[param] = input
408
- expect(@test[param]).to eq(input)
423
+ it "stops at the first invalid command" do
424
+ input = %w{one two three}
425
+ allow(resource.provider).to receive(:validatecmd).with(input[0]).and_raise(Puppet::Error)
426
+
427
+ expect(resource.provider).not_to receive(:validatecmd).with(input[1])
428
+ expect(resource.provider).not_to receive(:validatecmd).with(input[2])
429
+ expect { resource[param] = input }.to raise_error(Puppet::ResourceError, /Parameter #{param} failed/)
430
+ end
409
431
  end
410
432
  end
411
433
  end
412
434
 
413
435
  describe "when setting command" do
414
436
  subject { described_class.new(:name => @command) }
415
- it "fails when passed an Array" do
416
- expect { subject[:command] = [] }.to raise_error Puppet::Error, /Command must be a String/
417
- end
418
-
419
437
  it "fails when passed a Hash" do
420
- expect { subject[:command] = {} }.to raise_error Puppet::Error, /Command must be a String/
438
+ expect { subject[:command] = {} }.to raise_error Puppet::Error, /Command must be a String or Array<String>/
421
439
  end
422
440
  end
423
441
 
@@ -759,6 +777,35 @@ RSpec.describe Puppet::Type.type(:exec) do
759
777
  end
760
778
  end
761
779
 
780
+ context 'with an array of arrays with multiple items' do
781
+ before do
782
+ [true, false].each do |check|
783
+ allow(@test.provider).to receive(:run).with([@pass, '--flag'], check).
784
+ and_return(['test output', @pass_status])
785
+ allow(@test.provider).to receive(:run).with([@fail, '--flag'], check).
786
+ and_return(['test output', @fail_status])
787
+ allow(@test.provider).to receive(:run).with([@pass], check).
788
+ and_return(['test output', @pass_status])
789
+ allow(@test.provider).to receive(:run).with([@fail], check).
790
+ and_return(['test output', @fail_status])
791
+ end
792
+ end
793
+ it "runs if all the commands exits non-zero" do
794
+ @test[param] = [[@fail, '--flag'], [@fail], [@fail, '--flag']]
795
+ expect(@test.check_all_attributes).to eq(true)
796
+ end
797
+
798
+ it "does not run if one command exits zero" do
799
+ @test[param] = [[@pass, '--flag'], [@pass], [@fail, '--flag']]
800
+ expect(@test.check_all_attributes).to eq(false)
801
+ end
802
+
803
+ it "does not run if all command exits zero" do
804
+ @test[param] = [[@pass, '--flag'], [@pass], [@pass, '--flag']]
805
+ expect(@test.check_all_attributes).to eq(false)
806
+ end
807
+ end
808
+
762
809
  it "should emit output to debug" do
763
810
  Puppet::Util::Log.level = :debug
764
811
  @test[param] = @fail
@@ -263,7 +263,7 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
263
263
 
264
264
  expect(@resource[:owner]).to eq(100)
265
265
  expect(@resource[:group]).to eq(200)
266
- expect(@resource[:mode]).to eq("173")
266
+ expect(@resource[:mode]).to eq("0173")
267
267
 
268
268
  # Metadata calls it checksum and checksum_type, we call it content and checksum.
269
269
  expect(@resource[:content]).to eq(@metadata.checksum)
@@ -280,7 +280,7 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
280
280
 
281
281
  expect(@resource[:owner]).to eq(1)
282
282
  expect(@resource[:group]).to eq(2)
283
- expect(@resource[:mode]).to eq('173')
283
+ expect(@resource[:mode]).to eq('0173')
284
284
  expect(@resource[:content]).not_to eq(@metadata.checksum)
285
285
  expect(@resource[:checksum]).not_to eq(@metadata.checksum_type.to_sym)
286
286
  end
@@ -317,7 +317,7 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
317
317
 
318
318
  expect(@resource[:owner]).to eq(100)
319
319
  expect(@resource[:group]).to eq(200)
320
- expect(@resource[:mode]).to eq("173")
320
+ expect(@resource[:mode]).to eq("0173")
321
321
  end
322
322
 
323
323
  it "copies the remote owner" do
@@ -335,7 +335,7 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
335
335
  it "copies the remote mode" do
336
336
  @source.copy_source_values
337
337
 
338
- expect(@resource[:mode]).to eq("173")
338
+ expect(@resource[:mode]).to eq("0173")
339
339
  end
340
340
  end
341
341
 
@@ -280,6 +280,13 @@ describe tidy do
280
280
  @ager.tidy?(@basepath, @stat)
281
281
  end
282
282
 
283
+ it "should return true if the specified age is 0" do
284
+ @tidy[:age] = "0"
285
+ expect(@stat).to receive(:mtime).and_return(Time.now)
286
+
287
+ expect(@ager).to be_tidy(@basepath, @stat)
288
+ end
289
+
283
290
  it "should return false if the file is more recent than the specified age" do
284
291
  expect(@stat).to receive(:mtime).and_return(Time.now)
285
292
 
@@ -29,7 +29,7 @@ describe Puppet::Util::Ldap::Connection do
29
29
  allow(LDAP::Conn).to receive(:new).and_return(@ldapconn)
30
30
  allow(LDAP::SSLConn).to receive(:new).and_return(@ldapconn)
31
31
 
32
- @connection = Puppet::Util::Ldap::Connection.new("host", "port")
32
+ @connection = Puppet::Util::Ldap::Connection.new("host", 1234)
33
33
  end
34
34
 
35
35
 
@@ -39,31 +39,31 @@ describe Puppet::Util::Ldap::Connection do
39
39
  end
40
40
 
41
41
  it "should allow specification of a user and password" do
42
- expect { Puppet::Util::Ldap::Connection.new("myhost", "myport", :user => "blah", :password => "boo") }.not_to raise_error
42
+ expect { Puppet::Util::Ldap::Connection.new("myhost", 1234, :user => "blah", :password => "boo") }.not_to raise_error
43
43
  end
44
44
 
45
45
  it "should allow specification of ssl" do
46
- expect { Puppet::Util::Ldap::Connection.new("myhost", "myport", :ssl => :tsl) }.not_to raise_error
46
+ expect { Puppet::Util::Ldap::Connection.new("myhost", 1234, :ssl => :tsl) }.not_to raise_error
47
47
  end
48
48
 
49
49
  it "should support requiring a new connection" do
50
- expect { Puppet::Util::Ldap::Connection.new("myhost", "myport", :reset => true) }.not_to raise_error
50
+ expect { Puppet::Util::Ldap::Connection.new("myhost", 1234, :reset => true) }.not_to raise_error
51
51
  end
52
52
 
53
53
  it "should fail if ldap is unavailable" do
54
54
  expect(Puppet.features).to receive(:ldap?).and_return(false)
55
55
 
56
- expect { Puppet::Util::Ldap::Connection.new("host", "port") }.to raise_error(Puppet::Error)
56
+ expect { Puppet::Util::Ldap::Connection.new("host", 1234) }.to raise_error(Puppet::Error)
57
57
  end
58
58
 
59
59
  it "should use neither ssl nor tls by default" do
60
- expect(LDAP::Conn).to receive(:new).with("host", "port").and_return(@ldapconn)
60
+ expect(LDAP::Conn).to receive(:new).with("host", 1234).and_return(@ldapconn)
61
61
 
62
62
  @connection.start
63
63
  end
64
64
 
65
65
  it "should use LDAP::SSLConn if ssl is requested" do
66
- expect(LDAP::SSLConn).to receive(:new).with("host", "port").and_return(@ldapconn)
66
+ expect(LDAP::SSLConn).to receive(:new).with("host", 1234).and_return(@ldapconn)
67
67
 
68
68
  @connection.ssl = true
69
69
 
@@ -71,7 +71,7 @@ describe Puppet::Util::Ldap::Connection do
71
71
  end
72
72
 
73
73
  it "should use LDAP::SSLConn and tls if tls is requested" do
74
- expect(LDAP::SSLConn).to receive(:new).with("host", "port", true).and_return(@ldapconn)
74
+ expect(LDAP::SSLConn).to receive(:new).with("host", 1234, true).and_return(@ldapconn)
75
75
 
76
76
  @connection.ssl = :tls
77
77
 
@@ -121,8 +121,8 @@ describe Puppet::Util::Ldap::Connection do
121
121
  end
122
122
 
123
123
  it "should use the :ldapport setting to determine the port" do
124
- Puppet[:ldapport] = "456"
125
- expect(Puppet::Util::Ldap::Connection).to receive(:new).with(anything, "456", anything)
124
+ Puppet[:ldapport] = 456
125
+ expect(Puppet::Util::Ldap::Connection).to receive(:new).with(anything, 456, anything)
126
126
  Puppet::Util::Ldap::Connection.instance
127
127
  end
128
128
 
@@ -245,8 +245,8 @@ describe Puppet::Util::Ldap::Manager, :if => Puppet.features.ldap? do
245
245
  end
246
246
 
247
247
  it "should open the connection with its port set to the :ldapport" do
248
- Puppet[:ldapport] = "28"
249
- expect(Puppet::Util::Ldap::Connection).to receive(:new).with(anything, "28", anything).and_return(@conn)
248
+ Puppet[:ldapport] = 28
249
+ expect(Puppet::Util::Ldap::Connection).to receive(:new).with(anything, 28, anything).and_return(@conn)
250
250
 
251
251
  @manager.connect { |c| }
252
252
  end
@@ -131,38 +131,73 @@ describe "Puppet::Util::Windows::SID", :if => Puppet::Util::Platform.windows? do
131
131
  expect(subject.name_to_principal(unknown_name)).to be_nil
132
132
  end
133
133
 
134
+ it "should print a debug message if the account does not exist" do
135
+ expect(Puppet).to receive(:debug).with(/No mapping between account names and security IDs was done/)
136
+ subject.name_to_principal(unknown_name)
137
+ end
138
+
134
139
  it "should return a Puppet::Util::Windows::SID::Principal instance for any valid sid" do
135
140
  expect(subject.name_to_principal(sid)).to be_an_instance_of(Puppet::Util::Windows::SID::Principal)
136
141
  end
137
142
 
143
+ it "should not print debug messages for valid sid" do
144
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
145
+ expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
146
+ subject.name_to_principal(sid)
147
+ end
148
+
149
+ it "should print a debug message for invalid sid" do
150
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
151
+ expect(Puppet).to receive(:debug).with(/No mapping between account names and security IDs was done/)
152
+ subject.name_to_principal('S-1-5-21-INVALID-SID')
153
+ end
154
+
138
155
  it "should accept unqualified account name" do
139
156
  # NOTE: lookup by name works in localized environments only for a few instances
140
157
  # this works in French Windows, even though the account is really Syst\u00E8me
141
158
  expect(subject.name_to_principal('SYSTEM').sid).to eq(sid)
142
159
  end
143
160
 
161
+ it "should not print debug messages for unqualified account name" do
162
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
163
+ expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
164
+ subject.name_to_principal('SYSTEM')
165
+ end
166
+
144
167
  it "should be case-insensitive" do
145
168
  # NOTE: lookup by name works in localized environments only for a few instances
146
169
  # this works in French Windows, even though the account is really Syst\u00E8me
147
170
  expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal('system'))
148
171
  end
149
172
 
173
+ it "should not print debug messages for wrongly cased account name" do
174
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
175
+ expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
176
+ subject.name_to_principal('system')
177
+ end
178
+
150
179
  it "should be leading and trailing whitespace-insensitive" do
151
180
  # NOTE: lookup by name works in localized environments only for a few instances
152
181
  # this works in French Windows, even though the account is really Syst\u00E8me
153
182
  expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal(' SYSTEM '))
154
183
  end
155
184
 
185
+ it "should not print debug messages for account name with leading and trailing whitespace" do
186
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
187
+ expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
188
+ subject.name_to_principal(' SYSTEM ')
189
+ end
190
+
156
191
  it "should accept domain qualified account names" do
157
192
  # NOTE: lookup by name works in localized environments only for a few instances
158
193
  # this works in French Windows, even though the account is really AUTORITE NT\\Syst\u00E8me
159
194
  expect(subject.name_to_principal('NT AUTHORITY\SYSTEM').sid).to eq(sid)
160
195
  end
161
196
 
162
- it "should print a debug message on failures" do
163
- expect(Puppet).to receive(:debug).with(/Could not retrieve raw SID bytes from 'NonExistingUser'/)
164
- expect(Puppet).to receive(:debug).with(/No mapping between account names and security IDs was done/)
165
- subject.name_to_principal('NonExistingUser')
197
+ it "should not print debug messages for domain qualified account names" do
198
+ expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
199
+ expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
200
+ subject.name_to_principal('NT AUTHORITY\SYSTEM')
166
201
  end
167
202
  end
168
203
 
@@ -142,9 +142,7 @@ describe Puppet::Util do
142
142
 
143
143
  # In 2.3, the behavior is mostly correct when external codepage is 65001 / UTF-8
144
144
  it "works around Ruby bug 8822 (which fails to preserve UTF-8 properly when accessing ENV) (Ruby >= 2.3.x) ",
145
- :if => Puppet::Util::Platform.windows? do
146
-
147
- raise 'This test requires a non-UTF8 codepage' if Encoding.default_external == Encoding::UTF_8
145
+ :if => Puppet::Util::Platform.windows? && RUBY_VERSION.to_f < 3 do
148
146
 
149
147
  withenv_utf8 do |utf_8_key, utf_8_value, codepage_key|
150
148
  # Ruby 2.3 fixes access by the original UTF-8 key, and behaves differently than 2.1
@@ -223,7 +223,7 @@ describe Puppet::X509::CertProvider do
223
223
  end
224
224
 
225
225
  context 'when loading' do
226
- context 'private keys' do
226
+ context 'private keys', unless: RUBY_PLATFORM == 'java' do
227
227
  let(:provider) { create_provider(privatekeydir: fixture_dir) }
228
228
  let(:password) { '74695716c8b6' }
229
229
 
@@ -298,6 +298,14 @@ describe Puppet::X509::CertProvider do
298
298
  expect(provider.load_private_key('ec-key')).to be_a(OpenSSL::PKey::EC)
299
299
  end
300
300
 
301
+ it 'returns an EC key from PKCS#8 format' do
302
+ expect(provider.load_private_key('ec-key-pk8')).to be_a(OpenSSL::PKey::EC)
303
+ end
304
+
305
+ it 'returns an EC key from openssl format' do
306
+ expect(provider.load_private_key('ec-key-openssl')).to be_a(OpenSSL::PKey::EC)
307
+ end
308
+
301
309
  it 'decrypts an EC key using the password' do
302
310
  ec = provider.load_private_key('encrypted-ec-key', password: password)
303
311
  expect(ec).to be_a(OpenSSL::PKey::EC)
@@ -40,6 +40,7 @@ task(:gen_cert_fixtures) do
40
40
  # 127.0.0.1.pem | +- /CN=127.0.0.1 (with dns alt names)
41
41
  # tampered-cert.pem | +- /CN=signed (with different public key)
42
42
  # ec.pem | +- /CN=ec (with EC private key)
43
+ # oid.pem | +- /CN=oid (with custom oid)
43
44
  # |
44
45
  # + /CN=Test CA Agent Subauthority
45
46
  # | |
@@ -49,7 +50,7 @@ task(:gen_cert_fixtures) do
49
50
  #
50
51
  # bad-basic-constraints.pem /CN=Test CA (bad isCA constraint)
51
52
  #
52
- # unknown-ca.pemm /CN=Unknown CA
53
+ # unknown-ca.pem /CN=Unknown CA
53
54
  # |
54
55
  # unknown-127.0.0.1.pem +- /CN=127.0.0.1
55
56
  #
@@ -103,6 +104,14 @@ task(:gen_cert_fixtures) do
103
104
  save(dir, '127.0.0.1.pem', signed[:cert])
104
105
  save(dir, '127.0.0.1-key.pem', signed[:private_key])
105
106
 
107
+ # Create an SSL cert with extensions containing custom oids
108
+ extensions = [
109
+ ['1.3.6.1.4.1.34380.1.2.1.1', OpenSSL::ASN1::UTF8String.new('somevalue'), false],
110
+ ]
111
+ oid = ca.create_cert('oid', inter[:cert], inter[:private_key], extensions: extensions)
112
+ save(dir, 'oid.pem', oid[:cert])
113
+ save(dir, 'oid-key.pem', oid[:private_key])
114
+
106
115
  # Create a leaf/entity key and cert for host "revoked", issued by "Test CA Subauthority"
107
116
  # and revoke the cert
108
117
  revoked = ca.create_cert('revoked', inter[:cert], inter[:private_key])