puppet 7.8.0-x64-mingw32 → 7.9.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +5 -5
- data/Gemfile.lock +9 -9
- data/README.md +4 -4
- data/ext/project_data.yaml +1 -0
- data/install.rb +0 -4
- data/lib/puppet.rb +3 -3
- data/lib/puppet/application/filebucket.rb +1 -0
- data/lib/puppet/application/resource.rb +15 -2
- data/lib/puppet/application/ssl.rb +1 -0
- data/lib/puppet/defaults.rb +7 -0
- data/lib/puppet/environments.rb +10 -0
- data/lib/puppet/face/help/action.erb +1 -0
- data/lib/puppet/face/help/face.erb +1 -0
- data/lib/puppet/face/node/clean.rb +1 -1
- data/lib/puppet/file_system/file_impl.rb +1 -1
- data/lib/puppet/file_system/windows.rb +2 -2
- data/lib/puppet/forge.rb +3 -3
- data/lib/puppet/forge/cache.rb +1 -1
- data/lib/puppet/functions/empty.rb +8 -0
- data/lib/puppet/functions/strftime.rb +1 -0
- data/lib/puppet/functions/unwrap.rb +17 -2
- data/lib/puppet/indirector/resource/ral.rb +6 -1
- data/lib/puppet/interface/documentation.rb +1 -0
- data/lib/puppet/module_tool/applications/installer.rb +4 -0
- data/lib/puppet/module_tool/errors/shared.rb +17 -0
- data/lib/puppet/module_tool/tar/mini.rb +1 -1
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/provider/exec/posix.rb +16 -4
- data/lib/puppet/provider/package/pip.rb +15 -3
- data/lib/puppet/provider/package/windows.rb +14 -1
- data/lib/puppet/provider/package/windows/exe_package.rb +30 -1
- data/lib/puppet/provider/package/windows/package.rb +2 -1
- data/lib/puppet/provider/parsedfile.rb +3 -0
- data/lib/puppet/resource/type_collection.rb +2 -0
- data/lib/puppet/settings.rb +30 -7
- data/lib/puppet/settings/config_file.rb +1 -8
- data/lib/puppet/settings/value_translator.rb +0 -1
- data/lib/puppet/type/exec.rb +16 -3
- data/lib/puppet/type/file/mode.rb +6 -0
- data/lib/puppet/type/tidy.rb +1 -1
- data/lib/puppet/type/user.rb +1 -1
- data/lib/puppet/util/monkey_patches.rb +2 -17
- data/lib/puppet/util/symbolic_file_mode.rb +29 -17
- data/lib/puppet/util/windows/sid.rb +3 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509/cert_provider.rb +3 -21
- data/locales/puppet.pot +207 -171
- data/man/man5/puppet.conf.5 +2 -2
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +7 -7
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +106 -106
- data/spec/fixtures/ssl/127.0.0.1.pem +48 -48
- data/spec/fixtures/ssl/bad-basic-constraints.pem +54 -54
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +51 -51
- data/spec/fixtures/ssl/ca.pem +52 -52
- data/spec/fixtures/ssl/crl.pem +25 -25
- data/spec/fixtures/ssl/ec-key-openssl.pem +8 -0
- data/spec/fixtures/ssl/ec-key-pk8.pem +5 -0
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +32 -32
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +107 -107
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +25 -25
- data/spec/fixtures/ssl/intermediate-agent.pem +54 -54
- data/spec/fixtures/ssl/intermediate-crl.pem +28 -28
- data/spec/fixtures/ssl/intermediate.pem +51 -51
- data/spec/fixtures/ssl/oid-key.pem +117 -0
- data/spec/fixtures/ssl/oid.pem +69 -0
- data/spec/fixtures/ssl/pluto-key.pem +106 -106
- data/spec/fixtures/ssl/pluto.pem +50 -50
- data/spec/fixtures/ssl/request-key.pem +106 -106
- data/spec/fixtures/ssl/request.pem +45 -45
- data/spec/fixtures/ssl/revoked-key.pem +106 -106
- data/spec/fixtures/ssl/revoked.pem +49 -49
- data/spec/fixtures/ssl/signed-key.pem +106 -106
- data/spec/fixtures/ssl/signed.pem +47 -47
- data/spec/fixtures/ssl/tampered-cert.pem +49 -49
- data/spec/fixtures/ssl/tampered-csr.pem +45 -45
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +106 -106
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -48
- data/spec/fixtures/ssl/unknown-ca-key.pem +106 -106
- data/spec/fixtures/ssl/unknown-ca.pem +52 -52
- data/spec/integration/application/filebucket_spec.rb +11 -0
- data/spec/integration/application/module_spec.rb +21 -0
- data/spec/integration/application/resource_spec.rb +35 -1
- data/spec/integration/application/ssl_spec.rb +20 -0
- data/spec/integration/defaults_spec.rb +5 -0
- data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
- data/spec/integration/indirector/facts/facter_spec.rb +90 -36
- data/spec/integration/type/exec_spec.rb +70 -45
- data/spec/lib/puppet/test_ca.rb +5 -0
- data/spec/lib/puppet_spec/settings.rb +1 -0
- data/spec/unit/environments_spec.rb +35 -0
- data/spec/unit/file_system_spec.rb +6 -0
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +10 -0
- data/spec/unit/functions/lookup_spec.rb +23 -0
- data/spec/unit/functions/unwrap_spec.rb +8 -0
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/indirector/resource/ral_spec.rb +40 -75
- data/spec/unit/module_tool/applications/installer_spec.rb +13 -2
- data/spec/unit/parser/compiler_spec.rb +29 -0
- data/spec/unit/parser/templatewrapper_spec.rb +12 -2
- data/spec/unit/pops/loaders/dependency_loader_spec.rb +0 -9
- data/spec/unit/pops/parser/lexer2_spec.rb +0 -4
- data/spec/unit/provider/package/pip_spec.rb +37 -0
- data/spec/unit/provider/package/windows/exe_package_spec.rb +17 -0
- data/spec/unit/provider/parsedfile_spec.rb +10 -0
- data/spec/unit/resource/type_collection_spec.rb +16 -0
- data/spec/unit/resource/type_spec.rb +2 -2
- data/spec/unit/settings/config_file_spec.rb +1 -11
- data/spec/unit/settings/value_translator_spec.rb +4 -5
- data/spec/unit/settings_spec.rb +120 -79
- data/spec/unit/ssl/ssl_provider_spec.rb +18 -16
- data/spec/unit/type/exec_spec.rb +76 -29
- data/spec/unit/type/file/source_spec.rb +4 -4
- data/spec/unit/type/tidy_spec.rb +7 -0
- data/spec/unit/util/ldap/connection_spec.rb +10 -10
- data/spec/unit/util/ldap/manager_spec.rb +2 -2
- data/spec/unit/util/windows/sid_spec.rb +39 -4
- data/spec/unit/util_spec.rb +1 -3
- data/spec/unit/x509/cert_provider_spec.rb +9 -1
- data/tasks/generate_cert_fixtures.rake +10 -1
- metadata +16 -3
@@ -505,28 +505,30 @@ describe Puppet::SSL::SSLProvider do
|
|
505
505
|
}.to raise_error(Puppet::Error, /The client certificate is missing from/)
|
506
506
|
end
|
507
507
|
|
508
|
-
|
509
|
-
|
508
|
+
context 'loading private keys', unless: RUBY_PLATFORM == 'java' do
|
509
|
+
it 'loads the private key and client cert' do
|
510
|
+
ssl_context = subject.load_context
|
510
511
|
|
511
|
-
|
512
|
-
|
513
|
-
|
512
|
+
expect(ssl_context.private_key).to be_an(OpenSSL::PKey::RSA)
|
513
|
+
expect(ssl_context.client_cert).to be_an(OpenSSL::X509::Certificate)
|
514
|
+
end
|
514
515
|
|
515
|
-
|
516
|
-
|
516
|
+
it 'loads a password protected key and client cert' do
|
517
|
+
FileUtils.cp(File.join(PuppetSpec::FIXTURE_DIR, 'ssl', 'encrypted-key.pem'), File.join(Puppet[:privatekeydir], 'signed.pem'))
|
517
518
|
|
518
|
-
|
519
|
+
ssl_context = subject.load_context(password: '74695716c8b6')
|
519
520
|
|
520
|
-
|
521
|
-
|
522
|
-
|
521
|
+
expect(ssl_context.private_key).to be_an(OpenSSL::PKey::RSA)
|
522
|
+
expect(ssl_context.client_cert).to be_an(OpenSSL::X509::Certificate)
|
523
|
+
end
|
523
524
|
|
524
|
-
|
525
|
-
|
525
|
+
it 'raises if the password is incorrect' do
|
526
|
+
FileUtils.cp(File.join(PuppetSpec::FIXTURE_DIR, 'ssl', 'encrypted-key.pem'), File.join(Puppet[:privatekeydir], 'signed.pem'))
|
526
527
|
|
527
|
-
|
528
|
-
|
529
|
-
|
528
|
+
expect {
|
529
|
+
subject.load_context(password: 'wrongpassword')
|
530
|
+
}.to raise_error(Puppet::SSL::SSLError, /Failed to load private key for host 'signed': Could not parse PKey/)
|
531
|
+
end
|
530
532
|
end
|
531
533
|
end
|
532
534
|
|
data/spec/unit/type/exec_spec.rb
CHANGED
@@ -239,6 +239,19 @@ RSpec.describe Puppet::Type.type(:exec) do
|
|
239
239
|
expect(dependencies.collect(&:to_s)).to eq([Puppet::Relationship.new(tmp, execer).to_s])
|
240
240
|
end
|
241
241
|
|
242
|
+
it "should be able to autorequire files mentioned in the array command" do
|
243
|
+
foo = make_absolute('/bin/foo')
|
244
|
+
catalog = Puppet::Resource::Catalog.new
|
245
|
+
tmp = Puppet::Type.type(:file).new(:name => foo)
|
246
|
+
execer = Puppet::Type.type(:exec).new(:name => 'test array', :command => [foo, 'bar'])
|
247
|
+
|
248
|
+
catalog.add_resource tmp
|
249
|
+
catalog.add_resource execer
|
250
|
+
dependencies = execer.autorequire(catalog)
|
251
|
+
|
252
|
+
expect(dependencies.collect(&:to_s)).to eq([Puppet::Relationship.new(tmp, execer).to_s])
|
253
|
+
end
|
254
|
+
|
242
255
|
describe "when handling the path parameter" do
|
243
256
|
expect = %w{one two three four}
|
244
257
|
{ "an array" => expect,
|
@@ -346,7 +359,13 @@ RSpec.describe Puppet::Type.type(:exec) do
|
|
346
359
|
end
|
347
360
|
|
348
361
|
shared_examples_for "all exec command parameters" do |param|
|
349
|
-
|
362
|
+
array_cmd = ["/bin/example", "*"]
|
363
|
+
array_cmd = [["/bin/example", "*"]] if [:onlyif, :unless].include?(param)
|
364
|
+
|
365
|
+
commands = { "relative" => "example", "absolute" => "/bin/example" }
|
366
|
+
commands["array"] = array_cmd
|
367
|
+
|
368
|
+
commands.sort.each do |name, command|
|
350
369
|
describe "if command is #{name}" do
|
351
370
|
before :each do
|
352
371
|
@param = param
|
@@ -379,45 +398,44 @@ RSpec.describe Puppet::Type.type(:exec) do
|
|
379
398
|
end
|
380
399
|
|
381
400
|
shared_examples_for "all exec command parameters that take arrays" do |param|
|
382
|
-
|
383
|
-
|
384
|
-
|
385
|
-
|
401
|
+
[
|
402
|
+
%w{one two three},
|
403
|
+
[%w{one -a}, %w{two, -b}, 'three']
|
404
|
+
].each do |input|
|
405
|
+
context "when given #{input.inspect} as input" do
|
406
|
+
let(:resource) { Puppet::Type.type(:exec).new(:name => @executable) }
|
386
407
|
|
387
|
-
|
388
|
-
|
389
|
-
|
390
|
-
|
391
|
-
|
392
|
-
|
408
|
+
it "accepts the array when all commands return valid" do
|
409
|
+
input = %w{one two three}
|
410
|
+
allow(resource.provider).to receive(:validatecmd).exactly(input.length).times.and_return(true)
|
411
|
+
resource[param] = input
|
412
|
+
expect(resource[param]).to eq(input)
|
413
|
+
end
|
393
414
|
|
394
|
-
|
395
|
-
|
396
|
-
|
397
|
-
|
398
|
-
|
415
|
+
it "rejects the array when any commands return invalid" do
|
416
|
+
input = %w{one two three}
|
417
|
+
allow(resource.provider).to receive(:validatecmd).with(input[0]).and_return(true)
|
418
|
+
allow(resource.provider).to receive(:validatecmd).with(input[1]).and_raise(Puppet::Error)
|
419
|
+
|
420
|
+
expect { resource[param] = input }.to raise_error(Puppet::ResourceError, /Parameter #{param} failed/)
|
399
421
|
end
|
400
|
-
@test[param] = input
|
401
|
-
expect(@test[param]).to eq(input)
|
402
|
-
end
|
403
422
|
|
404
|
-
|
405
|
-
|
406
|
-
|
407
|
-
|
408
|
-
|
423
|
+
it "stops at the first invalid command" do
|
424
|
+
input = %w{one two three}
|
425
|
+
allow(resource.provider).to receive(:validatecmd).with(input[0]).and_raise(Puppet::Error)
|
426
|
+
|
427
|
+
expect(resource.provider).not_to receive(:validatecmd).with(input[1])
|
428
|
+
expect(resource.provider).not_to receive(:validatecmd).with(input[2])
|
429
|
+
expect { resource[param] = input }.to raise_error(Puppet::ResourceError, /Parameter #{param} failed/)
|
430
|
+
end
|
409
431
|
end
|
410
432
|
end
|
411
433
|
end
|
412
434
|
|
413
435
|
describe "when setting command" do
|
414
436
|
subject { described_class.new(:name => @command) }
|
415
|
-
it "fails when passed an Array" do
|
416
|
-
expect { subject[:command] = [] }.to raise_error Puppet::Error, /Command must be a String/
|
417
|
-
end
|
418
|
-
|
419
437
|
it "fails when passed a Hash" do
|
420
|
-
expect { subject[:command] = {} }.to raise_error Puppet::Error, /Command must be a String
|
438
|
+
expect { subject[:command] = {} }.to raise_error Puppet::Error, /Command must be a String or Array<String>/
|
421
439
|
end
|
422
440
|
end
|
423
441
|
|
@@ -759,6 +777,35 @@ RSpec.describe Puppet::Type.type(:exec) do
|
|
759
777
|
end
|
760
778
|
end
|
761
779
|
|
780
|
+
context 'with an array of arrays with multiple items' do
|
781
|
+
before do
|
782
|
+
[true, false].each do |check|
|
783
|
+
allow(@test.provider).to receive(:run).with([@pass, '--flag'], check).
|
784
|
+
and_return(['test output', @pass_status])
|
785
|
+
allow(@test.provider).to receive(:run).with([@fail, '--flag'], check).
|
786
|
+
and_return(['test output', @fail_status])
|
787
|
+
allow(@test.provider).to receive(:run).with([@pass], check).
|
788
|
+
and_return(['test output', @pass_status])
|
789
|
+
allow(@test.provider).to receive(:run).with([@fail], check).
|
790
|
+
and_return(['test output', @fail_status])
|
791
|
+
end
|
792
|
+
end
|
793
|
+
it "runs if all the commands exits non-zero" do
|
794
|
+
@test[param] = [[@fail, '--flag'], [@fail], [@fail, '--flag']]
|
795
|
+
expect(@test.check_all_attributes).to eq(true)
|
796
|
+
end
|
797
|
+
|
798
|
+
it "does not run if one command exits zero" do
|
799
|
+
@test[param] = [[@pass, '--flag'], [@pass], [@fail, '--flag']]
|
800
|
+
expect(@test.check_all_attributes).to eq(false)
|
801
|
+
end
|
802
|
+
|
803
|
+
it "does not run if all command exits zero" do
|
804
|
+
@test[param] = [[@pass, '--flag'], [@pass], [@pass, '--flag']]
|
805
|
+
expect(@test.check_all_attributes).to eq(false)
|
806
|
+
end
|
807
|
+
end
|
808
|
+
|
762
809
|
it "should emit output to debug" do
|
763
810
|
Puppet::Util::Log.level = :debug
|
764
811
|
@test[param] = @fail
|
@@ -263,7 +263,7 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
|
|
263
263
|
|
264
264
|
expect(@resource[:owner]).to eq(100)
|
265
265
|
expect(@resource[:group]).to eq(200)
|
266
|
-
expect(@resource[:mode]).to eq("
|
266
|
+
expect(@resource[:mode]).to eq("0173")
|
267
267
|
|
268
268
|
# Metadata calls it checksum and checksum_type, we call it content and checksum.
|
269
269
|
expect(@resource[:content]).to eq(@metadata.checksum)
|
@@ -280,7 +280,7 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
|
|
280
280
|
|
281
281
|
expect(@resource[:owner]).to eq(1)
|
282
282
|
expect(@resource[:group]).to eq(2)
|
283
|
-
expect(@resource[:mode]).to eq('
|
283
|
+
expect(@resource[:mode]).to eq('0173')
|
284
284
|
expect(@resource[:content]).not_to eq(@metadata.checksum)
|
285
285
|
expect(@resource[:checksum]).not_to eq(@metadata.checksum_type.to_sym)
|
286
286
|
end
|
@@ -317,7 +317,7 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
|
|
317
317
|
|
318
318
|
expect(@resource[:owner]).to eq(100)
|
319
319
|
expect(@resource[:group]).to eq(200)
|
320
|
-
expect(@resource[:mode]).to eq("
|
320
|
+
expect(@resource[:mode]).to eq("0173")
|
321
321
|
end
|
322
322
|
|
323
323
|
it "copies the remote owner" do
|
@@ -335,7 +335,7 @@ describe Puppet::Type.type(:file).attrclass(:source), :uses_checksums => true do
|
|
335
335
|
it "copies the remote mode" do
|
336
336
|
@source.copy_source_values
|
337
337
|
|
338
|
-
expect(@resource[:mode]).to eq("
|
338
|
+
expect(@resource[:mode]).to eq("0173")
|
339
339
|
end
|
340
340
|
end
|
341
341
|
|
data/spec/unit/type/tidy_spec.rb
CHANGED
@@ -280,6 +280,13 @@ describe tidy do
|
|
280
280
|
@ager.tidy?(@basepath, @stat)
|
281
281
|
end
|
282
282
|
|
283
|
+
it "should return true if the specified age is 0" do
|
284
|
+
@tidy[:age] = "0"
|
285
|
+
expect(@stat).to receive(:mtime).and_return(Time.now)
|
286
|
+
|
287
|
+
expect(@ager).to be_tidy(@basepath, @stat)
|
288
|
+
end
|
289
|
+
|
283
290
|
it "should return false if the file is more recent than the specified age" do
|
284
291
|
expect(@stat).to receive(:mtime).and_return(Time.now)
|
285
292
|
|
@@ -29,7 +29,7 @@ describe Puppet::Util::Ldap::Connection do
|
|
29
29
|
allow(LDAP::Conn).to receive(:new).and_return(@ldapconn)
|
30
30
|
allow(LDAP::SSLConn).to receive(:new).and_return(@ldapconn)
|
31
31
|
|
32
|
-
@connection = Puppet::Util::Ldap::Connection.new("host",
|
32
|
+
@connection = Puppet::Util::Ldap::Connection.new("host", 1234)
|
33
33
|
end
|
34
34
|
|
35
35
|
|
@@ -39,31 +39,31 @@ describe Puppet::Util::Ldap::Connection do
|
|
39
39
|
end
|
40
40
|
|
41
41
|
it "should allow specification of a user and password" do
|
42
|
-
expect { Puppet::Util::Ldap::Connection.new("myhost",
|
42
|
+
expect { Puppet::Util::Ldap::Connection.new("myhost", 1234, :user => "blah", :password => "boo") }.not_to raise_error
|
43
43
|
end
|
44
44
|
|
45
45
|
it "should allow specification of ssl" do
|
46
|
-
expect { Puppet::Util::Ldap::Connection.new("myhost",
|
46
|
+
expect { Puppet::Util::Ldap::Connection.new("myhost", 1234, :ssl => :tsl) }.not_to raise_error
|
47
47
|
end
|
48
48
|
|
49
49
|
it "should support requiring a new connection" do
|
50
|
-
expect { Puppet::Util::Ldap::Connection.new("myhost",
|
50
|
+
expect { Puppet::Util::Ldap::Connection.new("myhost", 1234, :reset => true) }.not_to raise_error
|
51
51
|
end
|
52
52
|
|
53
53
|
it "should fail if ldap is unavailable" do
|
54
54
|
expect(Puppet.features).to receive(:ldap?).and_return(false)
|
55
55
|
|
56
|
-
expect { Puppet::Util::Ldap::Connection.new("host",
|
56
|
+
expect { Puppet::Util::Ldap::Connection.new("host", 1234) }.to raise_error(Puppet::Error)
|
57
57
|
end
|
58
58
|
|
59
59
|
it "should use neither ssl nor tls by default" do
|
60
|
-
expect(LDAP::Conn).to receive(:new).with("host",
|
60
|
+
expect(LDAP::Conn).to receive(:new).with("host", 1234).and_return(@ldapconn)
|
61
61
|
|
62
62
|
@connection.start
|
63
63
|
end
|
64
64
|
|
65
65
|
it "should use LDAP::SSLConn if ssl is requested" do
|
66
|
-
expect(LDAP::SSLConn).to receive(:new).with("host",
|
66
|
+
expect(LDAP::SSLConn).to receive(:new).with("host", 1234).and_return(@ldapconn)
|
67
67
|
|
68
68
|
@connection.ssl = true
|
69
69
|
|
@@ -71,7 +71,7 @@ describe Puppet::Util::Ldap::Connection do
|
|
71
71
|
end
|
72
72
|
|
73
73
|
it "should use LDAP::SSLConn and tls if tls is requested" do
|
74
|
-
expect(LDAP::SSLConn).to receive(:new).with("host",
|
74
|
+
expect(LDAP::SSLConn).to receive(:new).with("host", 1234, true).and_return(@ldapconn)
|
75
75
|
|
76
76
|
@connection.ssl = :tls
|
77
77
|
|
@@ -121,8 +121,8 @@ describe Puppet::Util::Ldap::Connection do
|
|
121
121
|
end
|
122
122
|
|
123
123
|
it "should use the :ldapport setting to determine the port" do
|
124
|
-
Puppet[:ldapport] =
|
125
|
-
expect(Puppet::Util::Ldap::Connection).to receive(:new).with(anything,
|
124
|
+
Puppet[:ldapport] = 456
|
125
|
+
expect(Puppet::Util::Ldap::Connection).to receive(:new).with(anything, 456, anything)
|
126
126
|
Puppet::Util::Ldap::Connection.instance
|
127
127
|
end
|
128
128
|
|
@@ -245,8 +245,8 @@ describe Puppet::Util::Ldap::Manager, :if => Puppet.features.ldap? do
|
|
245
245
|
end
|
246
246
|
|
247
247
|
it "should open the connection with its port set to the :ldapport" do
|
248
|
-
Puppet[:ldapport] =
|
249
|
-
expect(Puppet::Util::Ldap::Connection).to receive(:new).with(anything,
|
248
|
+
Puppet[:ldapport] = 28
|
249
|
+
expect(Puppet::Util::Ldap::Connection).to receive(:new).with(anything, 28, anything).and_return(@conn)
|
250
250
|
|
251
251
|
@manager.connect { |c| }
|
252
252
|
end
|
@@ -131,38 +131,73 @@ describe "Puppet::Util::Windows::SID", :if => Puppet::Util::Platform.windows? do
|
|
131
131
|
expect(subject.name_to_principal(unknown_name)).to be_nil
|
132
132
|
end
|
133
133
|
|
134
|
+
it "should print a debug message if the account does not exist" do
|
135
|
+
expect(Puppet).to receive(:debug).with(/No mapping between account names and security IDs was done/)
|
136
|
+
subject.name_to_principal(unknown_name)
|
137
|
+
end
|
138
|
+
|
134
139
|
it "should return a Puppet::Util::Windows::SID::Principal instance for any valid sid" do
|
135
140
|
expect(subject.name_to_principal(sid)).to be_an_instance_of(Puppet::Util::Windows::SID::Principal)
|
136
141
|
end
|
137
142
|
|
143
|
+
it "should not print debug messages for valid sid" do
|
144
|
+
expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
|
145
|
+
expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
|
146
|
+
subject.name_to_principal(sid)
|
147
|
+
end
|
148
|
+
|
149
|
+
it "should print a debug message for invalid sid" do
|
150
|
+
expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
|
151
|
+
expect(Puppet).to receive(:debug).with(/No mapping between account names and security IDs was done/)
|
152
|
+
subject.name_to_principal('S-1-5-21-INVALID-SID')
|
153
|
+
end
|
154
|
+
|
138
155
|
it "should accept unqualified account name" do
|
139
156
|
# NOTE: lookup by name works in localized environments only for a few instances
|
140
157
|
# this works in French Windows, even though the account is really Syst\u00E8me
|
141
158
|
expect(subject.name_to_principal('SYSTEM').sid).to eq(sid)
|
142
159
|
end
|
143
160
|
|
161
|
+
it "should not print debug messages for unqualified account name" do
|
162
|
+
expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
|
163
|
+
expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
|
164
|
+
subject.name_to_principal('SYSTEM')
|
165
|
+
end
|
166
|
+
|
144
167
|
it "should be case-insensitive" do
|
145
168
|
# NOTE: lookup by name works in localized environments only for a few instances
|
146
169
|
# this works in French Windows, even though the account is really Syst\u00E8me
|
147
170
|
expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal('system'))
|
148
171
|
end
|
149
172
|
|
173
|
+
it "should not print debug messages for wrongly cased account name" do
|
174
|
+
expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
|
175
|
+
expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
|
176
|
+
subject.name_to_principal('system')
|
177
|
+
end
|
178
|
+
|
150
179
|
it "should be leading and trailing whitespace-insensitive" do
|
151
180
|
# NOTE: lookup by name works in localized environments only for a few instances
|
152
181
|
# this works in French Windows, even though the account is really Syst\u00E8me
|
153
182
|
expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal(' SYSTEM '))
|
154
183
|
end
|
155
184
|
|
185
|
+
it "should not print debug messages for account name with leading and trailing whitespace" do
|
186
|
+
expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
|
187
|
+
expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
|
188
|
+
subject.name_to_principal(' SYSTEM ')
|
189
|
+
end
|
190
|
+
|
156
191
|
it "should accept domain qualified account names" do
|
157
192
|
# NOTE: lookup by name works in localized environments only for a few instances
|
158
193
|
# this works in French Windows, even though the account is really AUTORITE NT\\Syst\u00E8me
|
159
194
|
expect(subject.name_to_principal('NT AUTHORITY\SYSTEM').sid).to eq(sid)
|
160
195
|
end
|
161
196
|
|
162
|
-
it "should print
|
163
|
-
expect(Puppet).
|
164
|
-
expect(Puppet).
|
165
|
-
subject.name_to_principal('
|
197
|
+
it "should not print debug messages for domain qualified account names" do
|
198
|
+
expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
|
199
|
+
expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
|
200
|
+
subject.name_to_principal('NT AUTHORITY\SYSTEM')
|
166
201
|
end
|
167
202
|
end
|
168
203
|
|
data/spec/unit/util_spec.rb
CHANGED
@@ -142,9 +142,7 @@ describe Puppet::Util do
|
|
142
142
|
|
143
143
|
# In 2.3, the behavior is mostly correct when external codepage is 65001 / UTF-8
|
144
144
|
it "works around Ruby bug 8822 (which fails to preserve UTF-8 properly when accessing ENV) (Ruby >= 2.3.x) ",
|
145
|
-
:if => Puppet::Util::Platform.windows? do
|
146
|
-
|
147
|
-
raise 'This test requires a non-UTF8 codepage' if Encoding.default_external == Encoding::UTF_8
|
145
|
+
:if => Puppet::Util::Platform.windows? && RUBY_VERSION.to_f < 3 do
|
148
146
|
|
149
147
|
withenv_utf8 do |utf_8_key, utf_8_value, codepage_key|
|
150
148
|
# Ruby 2.3 fixes access by the original UTF-8 key, and behaves differently than 2.1
|
@@ -223,7 +223,7 @@ describe Puppet::X509::CertProvider do
|
|
223
223
|
end
|
224
224
|
|
225
225
|
context 'when loading' do
|
226
|
-
context 'private keys' do
|
226
|
+
context 'private keys', unless: RUBY_PLATFORM == 'java' do
|
227
227
|
let(:provider) { create_provider(privatekeydir: fixture_dir) }
|
228
228
|
let(:password) { '74695716c8b6' }
|
229
229
|
|
@@ -298,6 +298,14 @@ describe Puppet::X509::CertProvider do
|
|
298
298
|
expect(provider.load_private_key('ec-key')).to be_a(OpenSSL::PKey::EC)
|
299
299
|
end
|
300
300
|
|
301
|
+
it 'returns an EC key from PKCS#8 format' do
|
302
|
+
expect(provider.load_private_key('ec-key-pk8')).to be_a(OpenSSL::PKey::EC)
|
303
|
+
end
|
304
|
+
|
305
|
+
it 'returns an EC key from openssl format' do
|
306
|
+
expect(provider.load_private_key('ec-key-openssl')).to be_a(OpenSSL::PKey::EC)
|
307
|
+
end
|
308
|
+
|
301
309
|
it 'decrypts an EC key using the password' do
|
302
310
|
ec = provider.load_private_key('encrypted-ec-key', password: password)
|
303
311
|
expect(ec).to be_a(OpenSSL::PKey::EC)
|
@@ -40,6 +40,7 @@ task(:gen_cert_fixtures) do
|
|
40
40
|
# 127.0.0.1.pem | +- /CN=127.0.0.1 (with dns alt names)
|
41
41
|
# tampered-cert.pem | +- /CN=signed (with different public key)
|
42
42
|
# ec.pem | +- /CN=ec (with EC private key)
|
43
|
+
# oid.pem | +- /CN=oid (with custom oid)
|
43
44
|
# |
|
44
45
|
# + /CN=Test CA Agent Subauthority
|
45
46
|
# | |
|
@@ -49,7 +50,7 @@ task(:gen_cert_fixtures) do
|
|
49
50
|
#
|
50
51
|
# bad-basic-constraints.pem /CN=Test CA (bad isCA constraint)
|
51
52
|
#
|
52
|
-
# unknown-ca.
|
53
|
+
# unknown-ca.pem /CN=Unknown CA
|
53
54
|
# |
|
54
55
|
# unknown-127.0.0.1.pem +- /CN=127.0.0.1
|
55
56
|
#
|
@@ -103,6 +104,14 @@ task(:gen_cert_fixtures) do
|
|
103
104
|
save(dir, '127.0.0.1.pem', signed[:cert])
|
104
105
|
save(dir, '127.0.0.1-key.pem', signed[:private_key])
|
105
106
|
|
107
|
+
# Create an SSL cert with extensions containing custom oids
|
108
|
+
extensions = [
|
109
|
+
['1.3.6.1.4.1.34380.1.2.1.1', OpenSSL::ASN1::UTF8String.new('somevalue'), false],
|
110
|
+
]
|
111
|
+
oid = ca.create_cert('oid', inter[:cert], inter[:private_key], extensions: extensions)
|
112
|
+
save(dir, 'oid.pem', oid[:cert])
|
113
|
+
save(dir, 'oid-key.pem', oid[:private_key])
|
114
|
+
|
106
115
|
# Create a leaf/entity key and cert for host "revoked", issued by "Test CA Subauthority"
|
107
116
|
# and revoke the cert
|
108
117
|
revoked = ca.create_cert('revoked', inter[:cert], inter[:private_key])
|