puppet 6.0.1-universal-darwin → 6.0.2-universal-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: be99f88ff0b755ce5c710b5f9de4dc1b235f1c964ab08a901c272e79643e32eb
-  data.tar.gz: b9848402ab82dba8b0d947384a42fc3dcc1a1ea3548bc397f6c3dbb100d8b674
+  metadata.gz: 2d872500577376e33e680f75e05b7aab2236a1b877ea013a4cbfea1c7961425c
+  data.tar.gz: 1300eeaf12a0b4ded918e64edb8a72b82e05dd168bf6b30d97a94bffd3ebb9d0
 SHA512:
-  metadata.gz: f853d1ad481fc187d0c4112339381b3e5f6769563881fcaae4730952d54bc122c8b8a488b5e60eebe7fdc2b9d6631f289570e32a2dd1bba3830e0384d0bb117d
-  data.tar.gz: 8853306a43e26096d01a8ba5b47918fca570256b62e2dade6360710f41c46814c5cecf676e139a404f956b571ad51fdb33e5e5c30961311a8d82d03a0d2f321c
+  metadata.gz: 308cf327703f7ec247914d586ae460a0daf824e46cc024efdffa14880bfbb46284190cf0e2c7a87697186734d7396e2fbd7e48523bdb766dd4012347390415ff
+  data.tar.gz: a1519b90dbe93f42f60c7bd316c5e02d5d85e3046bf9b28e9cae809fc3847d760e6f0cfe8f443e7ea765d1d15210d8797c47ee166f6c623570870cc4a9738be3

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    puppet (6.0.1)
+    puppet (6.0.2)
       CFPropertyList (~> 2.2)
       facter (>= 2.0.1, < 4)
       fast_gettext (~> 1.1.2)

data/lib/puppet/defaults.rb

@@ -734,9 +734,8 @@ module Puppet
       :desc    => <<EOT,
 A comma-separated list of alternate DNS names for Puppet Server. These are extra
 hostnames (in addition to its `certname`) that the server is allowed to use when
-serving agents. Puppet checks this setting when automatically requesting a
-certificate for Puppet agent or Puppet Server, and when manually generating a
-certificate with `puppet cert generate`. These can be either IP or DNS, and the type
+serving agents. Puppet checks this setting when automatically creating a
+certificate for Puppet agent or Puppet Server. These can be either IP or DNS, and the type
 should be specified and followed with a colon. Untyped inputs will default to DNS.
 
 In order to handle agent requests at a given hostname (like
@@ -749,23 +748,12 @@ names.
 
 **Note:** The list of alternate names is locked in when the server's
 certificate is signed. If you need to change the list later, you can't just
-change this setting; you also need to:
-
-* On the server: Stop Puppet Server.
-* On the CA server: Revoke and clean the server's old certificate. (`puppet cert clean <NAME>`)
-  (Note `puppet cert clean` is deprecated and will be replaced with `puppetserver ca clean`
-  in Puppet 6.)
-* On the server: Delete the old certificate (and any old certificate signing requests)
-  from the [ssldir](https://puppet.com/docs/puppet/latest/dirs_ssldir.html).
-* On the server: Run `puppet agent -t --ca_server <CA HOSTNAME>` to request a new certificate
-* On the CA server: Sign the certificate request, explicitly allowing alternate names
-  (`puppet cert sign --allow-dns-alt-names <NAME>`). (Note `puppet cert sign` is deprecated
-  and will be replaced with `puppetserver ca sign` in Puppet 6.)
-* On the server: Run `puppet agent -t --ca_server <CA HOSTNAME>` to retrieve the cert.
-* On the server: Start Puppet Server again.
+change this setting; you also need to regenerate the certificate. For more
+information on that process, see the [cert regen docs]
+(https://puppet.com/docs/puppet/latest/ssl_regenerate_certificates.html).
 
 To see all the alternate names your servers are using, log into your CA server
-and run `puppet cert list -a`, then check the output for `(alt names: ...)`.
+and run `puppetserver ca list --all`, then check the output for `(alt names: ...)`.
 Most agent nodes should NOT have alternate names; the only certs that should
 have them are Puppet Server nodes that you want other agents to trust.
 EOT
@@ -777,7 +765,7 @@ EOT
 An optional file containing custom attributes to add to certificate signing
 requests (CSRs). You should ensure that this file does not exist on your CA
 puppet master; if it does, unwanted certificate extensions may leak into
-certificates created with the `puppet cert generate` command.
+certificates created with the `puppetserver ca generate` command.
 
 If present, this file must be a YAML hash containing a `custom_attributes` key
 and/or an `extension_requests` key. The value of each key must be a hash, where
@@ -1070,7 +1058,7 @@ EOT
         and non-zero if the cert should not be autosigned.
 
         If a certificate request is not autosigned, it will persist for review. An admin
-        user can use the `puppet cert sign` command to manually sign it, or can delete
+        user can use the `puppetserver ca sign` command to manually sign it, or can delete
         the request.
 
         For info on autosign configuration files, see

data/lib/puppet/face/config.rb

@@ -23,7 +23,7 @@ Puppet::Face.define(:config, '0.0.1') do
       The three most commonly used sections are 'main', 'master', and 'agent'.
       'Main' is the default, and is used by all Puppet applications. Other
       sections can override 'main' values for specific applications --- the
-      'master' section affects puppet master and puppet cert, and the 'agent'
+      'master' section affects Puppet Server, and the 'agent'
       section affects puppet agent.
 
       Less commonly used is the 'user' section, which affects puppet apply. Any

data/lib/puppet/face/key.rb

@@ -8,7 +8,7 @@ Puppet::Indirector::Face.define(:key, '0.0.1') do
   description <<-'EOT'
     This subcommand manages certificate private keys. Keys are created
     automatically by puppet agent and when certificate requests are generated
-    with 'puppet certificate generate'; it should not be necessary to use this
+    with 'puppet ssl submit_request'; it should not be necessary to use this
     subcommand directly.
   EOT
 

data/lib/puppet/provider/exec.rb

@@ -46,10 +46,7 @@ class Puppet::Provider::Exec < Puppet::Provider
     #
     # This is backwards compatible all the way to Ruby 1.8.7.
     Timeout::timeout(resource[:timeout], Timeout::Error) do
-      # If we're running a command that's meant to be a check on whether we should run
-      # our actual command (e.g. like a command passed to the :onlyif or :unless properties),
-      # then we should not set the cwd when executing the check's corresponding command.
-      cwd = check ? nil : resource[:cwd]
+      cwd = resource[:cwd]
       cwd ||= Dir.pwd
 
       # note that we are passing "false" for the "override_locale" parameter, which ensures that the user's

data/lib/puppet/provider/service/windows.rb

@@ -35,6 +35,8 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
   end
 
   def enabled?
+    return :false unless Puppet::Util::Windows::Service.exists?(@resource[:name])
+
     start_type = Puppet::Util::Windows::Service.service_start_type(@resource[:name])
     debug("Service #{@resource[:name]} start type is #{start_type}")
     case start_type
@@ -74,6 +76,8 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
   end
 
   def status
+    return :stopped unless Puppet::Util::Windows::Service.exists?(@resource[:name])
+
     current_state = Puppet::Util::Windows::Service.service_state(@resource[:name])
     state = case current_state
       when :SERVICE_STOPPED,

data/lib/puppet/provider/user/windows_adsi.rb

@@ -124,7 +124,15 @@ Puppet::Type.type(:user).provide :windows_adsi do
   end
 
   def password=(value)
-    user.password = value
+    if user.disabled?
+      warning _("The user account '%s' is disabled; puppet will not reset the password" % @resource[:name])
+    elsif user.locked_out?
+      warning _("The user account '%s' is locked out; puppet will not reset the password" % @resource[:name])
+    elsif user.expired?
+      warning _("The user account '%s' is expired; puppet will not reset the password" % @resource[:name])
+    else
+      user.password = value
+    end
   end
 
   def uid

data/lib/puppet/ssl/host.rb

@@ -159,7 +159,7 @@ The certificate retrieved from the master does not match the agent's private key
 Certificate fingerprint: %{fingerprint}
 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.
 On the master:
-  puppet cert clean %{cert_name}
+  puppetserver ca clean --certname %{cert_name}
 On the agent:
   1a. On most platforms: find %{ssl_dir} -name %{cert_name}.pem -delete
   1b. On Windows: del "%{cert_dir}\\%{cert_name}.pem" /f
@@ -261,7 +261,7 @@ CSR public key: %{csr_public_key}
 Agent public key: %{agent_public_key}
 To fix this, remove the CSR from both the master and the agent and then start a puppet run, which will automatically regenerate a CSR.
 On the master:
-  puppet cert clean %{cert_name}
+  puppetserver ca clean --certname %{cert_name}
 On the agent:
   1a. On most platforms: find %{ssl_dir} -name %{cert_name}.pem -delete
   1b. On Windows: del "%{cert_dir}\\%{cert_name}.pem" /f

data/lib/puppet/type/resources.rb

@@ -87,6 +87,12 @@ Puppet::Type.newtype(:resources) do
     end
   end
 
+  WINDOWS_SYSTEM_SID_REGEXES =
+      # Administrator, Guest, Domain Admins, Schema Admins, Enterprise Admins.
+      # https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
+      [/S-1-5-21.+-500/, /S-1-5-21.+-501/, /S-1-5-21.+-512/, /S-1-5-21.+-518/,
+       /S-1-5-21.+-519/]
+
   def check(resource)
     @checkmethod ||= "#{self[:name]}_check"
     @hascheck ||= respond_to?(@checkmethod)
@@ -145,8 +151,12 @@ Puppet::Type.newtype(:resources) do
 
     return false if system_users.include?(resource[:name])
     return false if unless_uids && unless_uids.include?(current_uid)
-
-    current_uid > self[:unless_system_user]
+    if current_uid.is_a?(String)
+      # Windows user; is a system user if any regex matches.
+      WINDOWS_SYSTEM_SID_REGEXES.none? { |regex| current_uid =~ regex }
+    else
+      current_uid > self[:unless_system_user]
+    end
   end
 
   def system_users

data/lib/puppet/util/windows/adsi.rb

@@ -134,7 +134,7 @@ module Puppet::Util::Windows::ADSI
 
       def parse_name(name)
         if name =~ /\//
-          raise Puppet::Error.new( _("Value must be in DOMAIN\\user style syntax") )
+          raise Puppet::Error.new( _("Value must be in DOMAIN\\%{object_class} style syntax") % { object_class: @object_class } )
         end
 
         matches = name.scan(/((.*)\\)?(.*)/)
@@ -434,6 +434,26 @@ module Puppet::Util::Windows::ADSI
       op_userflags(*flags) { |userflags, flag| userflags & ~ADS_USERFLAGS[flag] }
     end
 
+    def disabled?
+      userflag_set?(:ADS_UF_ACCOUNTDISABLE)
+    end
+
+    def locked_out?
+      # Note that the LOCKOUT flag is known to be inaccurate when using the
+      # LDAP IADsUser provider, but this class consistently uses the WinNT
+      # provider, which is expected to be accurate.
+      userflag_set?(:ADS_UF_LOCKOUT)
+    end
+
+    def expired?
+      expires = native_object.Get('AccountExpirationDate')
+      expires && expires < Time.now
+    rescue WIN32OLERuntimeError => e
+      # This OLE error code indicates the property can't be found in the cache
+      raise e unless e.message =~ /8000500D/m
+      false
+    end
+
     # UNLEN from lmcons.h - https://stackoverflow.com/a/2155176
     MAX_USERNAME_LENGTH = 256
     def self.current_user_name

data/lib/puppet/util/windows/process.rb

@@ -7,6 +7,7 @@ module Puppet::Util::Windows::Process
   extend FFI::Library
 
   WAIT_TIMEOUT = 0x102
+  WAIT_INTERVAL = 200
 
   def execute(command, arguments, stdin, stdout, stderr)
     create_args = {
@@ -29,8 +30,8 @@ module Puppet::Util::Windows::Process
   module_function :execute
 
   def wait_process(handle)
-    while WaitForSingleObject(handle, 0) == WAIT_TIMEOUT
-      sleep(1)
+    while WaitForSingleObject(handle, WAIT_INTERVAL) == WAIT_TIMEOUT
+      sleep(0)
     end
 
     exit_status = -1

data/lib/puppet/util/windows/service.rb

@@ -17,6 +17,10 @@ module Puppet::Util::Windows
     # no shorter
     DEFAULT_TIMEOUT = 30
 
+    # Service error codes
+    # https://docs.microsoft.com/en-us/windows/desktop/debug/system-error-codes--1000-1299-
+    ERROR_SERVICE_DOES_NOT_EXIST = 0x00000424
+
     # Service control codes
     # https://docs.microsoft.com/en-us/windows/desktop/api/Winsvc/nf-winsvc-controlserviceexw
     SERVICE_CONTROL_STOP                  = 0x00000001
@@ -249,6 +253,19 @@ module Puppet::Util::Windows
       )
     end
 
+    # Returns true if the service exists, false otherwise.
+    #
+    # @param [:string] service_name name of the service
+    def exists?(service_name)
+      open_service(service_name, SC_MANAGER_CONNECT, SERVICE_QUERY_STATUS) do |_|
+        true
+      end
+    rescue Puppet::Util::Windows::Error => e
+      return false if e.code == ERROR_SERVICE_DOES_NOT_EXIST
+      raise e
+    end
+    module_function :exists?
+
     # Start a windows service, assume that the service is already in the stopped state
     #
     # @param [:string] service_name name of the service to start
@@ -446,13 +463,18 @@ module Puppet::Util::Windows
       # @param [Integer] service_access code corresponding to the access type requested for the service
       # @yieldparam [:handle] service the windows native handle used to access
       #   the service
+      # @return the result of the block
       def open_service(service_name, scm_access, service_access, &block)
         service = FFI::Pointer::NULL_HANDLE
+
+        result = nil
         open_scm(scm_access) do |scm|
           service = OpenServiceW(scm, wide_string(service_name), service_access)
           raise Puppet::Util::Windows::Error.new(_("Failed to open a handle to the service")) if service == FFI::Pointer::NULL_HANDLE
-          yield service
+          result = yield service
         end
+
+        result
       ensure
         CloseServiceHandle(service)
       end

data/lib/puppet/version.rb

@@ -6,7 +6,7 @@
 # Raketasks and such to set the version based on the output of `git describe`
 
 module Puppet
-  PUPPETVERSION = '6.0.1'
+  PUPPETVERSION = '6.0.2'
 
   ##
   # version is a public API method intended to always provide a fast and

data/locales/puppet.pot

@@ -6,11 +6,11 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: Puppet automation framework 6.0.0-75-g8fd4c49\n"
+"Project-Id-Version: Puppet automation framework 6.0.1-45-g4becbeb\n"
 "\n"
 "Report-Msgid-Bugs-To: https://tickets.puppetlabs.com\n"
-"POT-Creation-Date: 2018-09-26 14:07+0000\n"
-"PO-Revision-Date: 2018-09-26 14:07+0000\n"
+"POT-Creation-Date: 2018-10-03 20:05+0000\n"
+"PO-Revision-Date: 2018-10-03 20:05+0000\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "Language: \n"
@@ -629,15 +629,15 @@ msgstr ""
 msgid "Certificate names must be lower case"
 msgstr ""
 
-#: ../lib/puppet/defaults.rb:973 ../lib/puppet/settings/enum_setting.rb:13 ../lib/puppet/settings/symbolic_enum_setting.rb:14
+#: ../lib/puppet/defaults.rb:961 ../lib/puppet/settings/enum_setting.rb:13 ../lib/puppet/settings/symbolic_enum_setting.rb:14
 msgid "Invalid value '%{value}' for parameter %{name}. Allowed values are '%{allowed_values}'"
 msgstr ""
 
-#: ../lib/puppet/defaults.rb:1488 ../lib/puppet/defaults.rb:1503
+#: ../lib/puppet/defaults.rb:1476 ../lib/puppet/defaults.rb:1491
 msgid "Attempted to set both server and server_list."
 msgstr ""
 
-#: ../lib/puppet/defaults.rb:1489 ../lib/puppet/defaults.rb:1504
+#: ../lib/puppet/defaults.rb:1477 ../lib/puppet/defaults.rb:1492
 msgid "Server setting will not be used."
 msgstr ""
 
@@ -6207,7 +6207,7 @@ msgstr ""
 msgid "Overriding environment setting '%{var}' with '%{value}'"
 msgstr ""
 
-#: ../lib/puppet/provider/exec.rb:94
+#: ../lib/puppet/provider/exec.rb:91
 msgid "'%{command}' is not qualified and no path was specified. Please qualify the command or specify a path."
 msgstr ""
 
@@ -6779,19 +6779,19 @@ msgstr ""
 msgid "Cannot enable %{resource_name} for manual start, error was: %{detail}"
 msgstr ""
 
-#: ../lib/puppet/provider/service/windows.rb:50
+#: ../lib/puppet/provider/service/windows.rb:52
 msgid "Unknown start type: %{start_type}"
 msgstr ""
 
-#: ../lib/puppet/provider/service/windows.rb:53
+#: ../lib/puppet/provider/service/windows.rb:55
 msgid "Cannot get start type %{resource_name}, error was: %{detail}"
 msgstr ""
 
-#: ../lib/puppet/provider/service/windows.rb:60
+#: ../lib/puppet/provider/service/windows.rb:62
 msgid "Will not start disabled service %{resource_name} without managing enable. Specify 'enable => false' to override."
 msgstr ""
 
-#: ../lib/puppet/provider/service/windows.rb:89
+#: ../lib/puppet/provider/service/windows.rb:93
 msgid "Unknown service state '%{current_state}' for service '%{resource_name}'"
 msgstr ""
 
@@ -6813,6 +6813,18 @@ msgstr ""
 msgid "ruby-shadow doesn't support %{method}"
 msgstr ""
 
+#: ../lib/puppet/provider/user/windows_adsi.rb:128
+msgid "The user account '%s' is disabled; puppet will not reset the password"
+msgstr ""
+
+#: ../lib/puppet/provider/user/windows_adsi.rb:130
+msgid "The user account '%s' is locked out; puppet will not reset the password"
+msgstr ""
+
+#: ../lib/puppet/provider/user/windows_adsi.rb:132
+msgid "The user account '%s' is expired; puppet will not reset the password"
+msgstr ""
+
 #: ../lib/puppet/reference/indirection.rb:22
 msgid "Could not build docs for indirector %{name}, terminus %{terminus}: could not locate terminus."
 msgstr ""
@@ -7445,7 +7457,7 @@ msgid ""
 "Certificate fingerprint: %{fingerprint}\n"
 "To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.\n"
 "On the master:\n"
-"  puppet cert clean %{cert_name}\n"
+"  puppetserver ca clean --certname %{cert_name}\n"
 "On the agent:\n"
 "  1a. On most platforms: find %{ssl_dir} -name %{cert_name}.pem -delete\n"
 "  1b. On Windows: del \"%{cert_dir}\\\\%{cert_name}.pem\" /f\n"
@@ -7473,7 +7485,7 @@ msgid ""
 "Agent public key: %{agent_public_key}\n"
 "To fix this, remove the CSR from both the master and the agent and then start a puppet run, which will automatically regenerate a CSR.\n"
 "On the master:\n"
-"  puppet cert clean %{cert_name}\n"
+"  puppetserver ca clean --certname %{cert_name}\n"
 "On the agent:\n"
 "  1a. On most platforms: find %{ssl_dir} -name %{cert_name}.pem -delete\n"
 "  1b. On Windows: del \"%{cert_dir}\\\\%{cert_name}.pem\" /f\n"
@@ -8095,11 +8107,11 @@ msgstr ""
 msgid "Invalid value %{value}"
 msgstr ""
 
-#: ../lib/puppet/type/resources.rb:103
+#: ../lib/puppet/type/resources.rb:109
 msgid "The 'ensure' attribute on %{name} resources does not accept 'absent' as a value"
 msgstr ""
 
-#: ../lib/puppet/type/resources.rb:130
+#: ../lib/puppet/type/resources.rb:136
 msgid "Could not find resource type"
 msgstr ""
 
@@ -9105,7 +9117,7 @@ msgid "Must use a valid SID::Principal"
 msgstr ""
 
 #: ../lib/puppet/util/windows/adsi.rb:137
-msgid "Value must be in DOMAIN\\user style syntax"
+msgid "Value must be in DOMAIN\\%{object_class} style syntax"
 msgstr ""
 
 #: ../lib/puppet/util/windows/adsi.rb:163
@@ -9132,15 +9144,15 @@ msgstr ""
 msgid "Unrecognized ADS UserFlags: %{unrecognized_flags}"
 msgstr ""
 
-#: ../lib/puppet/util/windows/adsi.rb:447
+#: ../lib/puppet/util/windows/adsi.rb:467
 msgid "Failed to get user name"
 msgstr ""
 
-#: ../lib/puppet/util/windows/adsi.rb:484
+#: ../lib/puppet/util/windows/adsi.rb:504
 msgid "Cannot delete user profile for '%{sid}' prior to Vista SP1"
 msgstr ""
 
-#: ../lib/puppet/util/windows/adsi.rb:502
+#: ../lib/puppet/util/windows/adsi.rb:522
 msgid "Cannot create group if user '%{name}' exists."
 msgstr ""
 
@@ -9216,27 +9228,27 @@ msgstr ""
 msgid "Failed to call LookupAccountSidW with bytes: %{sid_bytes}"
 msgstr ""
 
-#: ../lib/puppet/util/windows/process.rb:39
+#: ../lib/puppet/util/windows/process.rb:40
 msgid "Failed to get child process exit code"
 msgstr ""
 
-#: ../lib/puppet/util/windows/process.rb:232
+#: ../lib/puppet/util/windows/process.rb:233
 msgid "GetVersionEx failed"
 msgstr ""
 
-#: ../lib/puppet/util/windows/process.rb:261
+#: ../lib/puppet/util/windows/process.rb:262
 msgid "Discarding environment variable %{string} which contains invalid bytes"
 msgstr ""
 
-#: ../lib/puppet/util/windows/process.rb:277
+#: ../lib/puppet/util/windows/process.rb:278
 msgid "environment variable name must not be nil or empty"
 msgstr ""
 
-#: ../lib/puppet/util/windows/process.rb:282
+#: ../lib/puppet/util/windows/process.rb:283
 msgid "Failed to remove environment variable: %{name}"
 msgstr ""
 
-#: ../lib/puppet/util/windows/process.rb:287
+#: ../lib/puppet/util/windows/process.rb:288
 msgid "Failed to set environment variable: %{name}"
 msgstr ""
 
@@ -9332,55 +9344,55 @@ msgstr ""
 msgid "Failed to set security information"
 msgstr ""
 
-#: ../lib/puppet/util/windows/service.rb:259
+#: ../lib/puppet/util/windows/service.rb:276
 msgid "Failed to start the service"
 msgstr ""
 
-#: ../lib/puppet/util/windows/service.rb:275
+#: ../lib/puppet/util/windows/service.rb:292
 msgid "Failed to send stop control to service, current state is %{current_state}. Failed with"
 msgstr ""
 
-#: ../lib/puppet/util/windows/service.rb:294
+#: ../lib/puppet/util/windows/service.rb:311
 msgid "Unknown Service state '%{current_state}' for '%{service_name}'"
 msgstr ""
 
-#: ../lib/puppet/util/windows/service.rb:311
+#: ../lib/puppet/util/windows/service.rb:328
 msgid "Unknown start type '%{start_type}' for '%{service_name}'"
 msgstr ""
 
-#: ../lib/puppet/util/windows/service.rb:326
+#: ../lib/puppet/util/windows/service.rb:343
 msgid "Unknown start type %{start_type}"
 msgstr ""
 
-#: ../lib/puppet/util/windows/service.rb:347
+#: ../lib/puppet/util/windows/service.rb:364
 msgid "Failed to update service configuration"
 msgstr ""
 
-#: ../lib/puppet/util/windows/service.rb:407
+#: ../lib/puppet/util/windows/service.rb:424
 msgid "Failed to fetch services"
 msgstr ""
 
-#: ../lib/puppet/util/windows/service.rb:453
+#: ../lib/puppet/util/windows/service.rb:473
 msgid "Failed to open a handle to the service"
 msgstr ""
 
-#: ../lib/puppet/util/windows/service.rb:468
+#: ../lib/puppet/util/windows/service.rb:490
 msgid "Failed to open a handle to the service control manager"
 msgstr ""
 
-#: ../lib/puppet/util/windows/service.rb:532 ../lib/puppet/util/windows/service.rb:568
+#: ../lib/puppet/util/windows/service.rb:554 ../lib/puppet/util/windows/service.rb:590
 msgid "Service query failed"
 msgstr ""
 
-#: ../lib/puppet/util/windows/service.rb:594
+#: ../lib/puppet/util/windows/service.rb:616
 msgid "Transition timed out, service still in %{current_state}"
 msgstr ""
 
-#: ../lib/puppet/util/windows/service.rb:616
+#: ../lib/puppet/util/windows/service.rb:638
 msgid "Service was not in pending state: %{pending_state}, current state is %{current_state}"
 msgstr ""
 
-#: ../lib/puppet/util/windows/service.rb:634
+#: ../lib/puppet/util/windows/service.rb:656
 msgid "Pending operation timed out, service still in %{current_state}"
 msgstr ""
 

data/man/man5/puppet.conf.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPETCONF" "5" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPETCONF" "5" "October 2018" "Puppet, Inc." "Puppet manual"
 \fBThis page is autogenerated; any changes will get overwritten\fR
 .
 .SH "Configuration settings"
@@ -94,7 +94,7 @@ The file specified in this setting may be either a \fBconfiguration file\fR or a
 If a custom policy executable is configured, the CA puppet master will run it every time it receives a CSR\. The executable will be passed the subject CN of the request \fIas a command line argument,\fR and the contents of the CSR in PEM format \fIon stdin\.\fR It should exit with a status of 0 if the cert should be autosigned and non\-zero if the cert should not be autosigned\.
 .
 .P
-If a certificate request is not autosigned, it will persist for review\. An admin user can use the \fBpuppet cert sign\fR command to manually sign it, or can delete the request\.
+If a certificate request is not autosigned, it will persist for review\. An admin user can use the \fBpuppetserver ca sign\fR command to manually sign it, or can delete the request\.
 .
 .P
 For info on autosign configuration files, see the guide to Puppet\'s config files \fIhttps://puppet\.com/docs/puppet/latest/config_about_settings\.html\fR\.
@@ -363,7 +363,7 @@ Setting a global value for config_version in puppet\.conf is not allowed (but it
 Prints the value of a specific configuration setting\. If the name of a setting is provided for this, then the value is printed and puppet exits\. Comma\-separate multiple values\. For a list of all values, specify \'all\'\. This setting is deprecated, the \'puppet config\' command replaces this functionality\.
 .
 .SS "csr_attributes"
-An optional file containing custom attributes to add to certificate signing requests (CSRs)\. You should ensure that this file does not exist on your CA puppet master; if it does, unwanted certificate extensions may leak into certificates created with the \fBpuppet cert generate\fR command\.
+An optional file containing custom attributes to add to certificate signing requests (CSRs)\. You should ensure that this file does not exist on your CA puppet master; if it does, unwanted certificate extensions may leak into certificates created with the \fBpuppetserver ca generate\fR command\.
 .
 .P
 If present, this file must be a YAML hash containing a \fBcustom_attributes\fR key and/or an \fBextension_requests\fR key\. The value of each key must be a hash, where each key is a valid OID and each value is an object that can be cast to a string\.
@@ -516,39 +516,16 @@ Valid values for this setting are:
 .IP "" 0
 .
 .SS "dns_alt_names"
-A comma\-separated list of alternate DNS names for Puppet Server\. These are extra hostnames (in addition to its \fBcertname\fR) that the server is allowed to use when serving agents\. Puppet checks this setting when automatically requesting a certificate for Puppet agent or Puppet Server, and when manually generating a certificate with \fBpuppet cert generate\fR\. These can be either IP or DNS, and the type should be specified and followed with a colon\. Untyped inputs will default to DNS\.
+A comma\-separated list of alternate DNS names for Puppet Server\. These are extra hostnames (in addition to its \fBcertname\fR) that the server is allowed to use when serving agents\. Puppet checks this setting when automatically creating a certificate for Puppet agent or Puppet Server\. These can be either IP or DNS, and the type should be specified and followed with a colon\. Untyped inputs will default to DNS\.
 .
 .P
 In order to handle agent requests at a given hostname (like "puppet\.example\.com"), Puppet Server needs a certificate that proves it\'s allowed to use that name; if a server shows a certificate that doesn\'t include its hostname, Puppet agents will refuse to trust it\. If you use a single hostname for Puppet traffic but load\-balance it to multiple Puppet Servers, each of those servers needs to include the official hostname in its list of extra names\.
 .
 .P
-\fBNote:\fR The list of alternate names is locked in when the server\'s certificate is signed\. If you need to change the list later, you can\'t just change this setting; you also need to:
-.
-.IP "\(bu" 4
-On the server: Stop Puppet Server\.
-.
-.IP "\(bu" 4
-On the CA server: Revoke and clean the server\'s old certificate\. (\fBpuppet cert clean <NAME>\fR) (Note \fBpuppet cert clean\fR is deprecated and will be replaced with \fBpuppetserver ca clean\fR in Puppet 6\.)
-.
-.IP "\(bu" 4
-On the server: Delete the old certificate (and any old certificate signing requests) from the ssldir \fIhttps://puppet\.com/docs/puppet/latest/dirs_ssldir\.html\fR\.
-.
-.IP "\(bu" 4
-On the server: Run \fBpuppet agent \-t \-\-ca_server <CA HOSTNAME>\fR to request a new certificate
-.
-.IP "\(bu" 4
-On the CA server: Sign the certificate request, explicitly allowing alternate names (\fBpuppet cert sign \-\-allow\-dns\-alt\-names <NAME>\fR)\. (Note \fBpuppet cert sign\fR is deprecated and will be replaced with \fBpuppetserver ca sign\fR in Puppet 6\.)
-.
-.IP "\(bu" 4
-On the server: Run \fBpuppet agent \-t \-\-ca_server <CA HOSTNAME>\fR to retrieve the cert\.
-.
-.IP "\(bu" 4
-On the server: Start Puppet Server again\.
-.
-.IP "" 0
+\fBNote:\fR The list of alternate names is locked in when the server\'s certificate is signed\. If you need to change the list later, you can\'t just change this setting; you also need to regenerate the certificate\. For more information on that process, see the [cert regen docs] (https://puppet\.com/docs/puppet/latest/ssl_regenerate_certificates\.html)\.
 .
 .P
-To see all the alternate names your servers are using, log into your CA server and run \fBpuppet cert list \-a\fR, then check the output for \fB(alt names: \.\.\.)\fR\. Most agent nodes should NOT have alternate names; the only certs that should have them are Puppet Server nodes that you want other agents to trust\.
+To see all the alternate names your servers are using, log into your CA server and run \fBpuppetserver ca list \-\-all\fR, then check the output for \fB(alt names: \.\.\.)\fR\. Most agent nodes should NOT have alternate names; the only certs that should have them are Puppet Server nodes that you want other agents to trust\.
 .
 .SS "document_all"
 Whether to document all resources when using \fBpuppet doc\fR to generate manifest documentation\.
@@ -891,7 +868,7 @@ The time to wait for data to be read from an HTTP connection\. If nothing is rea
 The HTTP User\-Agent string to send when making network requests\.
 .
 .IP "\(bu" 4
-\fIDefault\fR: Puppet/6\.0\.1 Ruby/2\.4\.1\-p111 (x86_64\-linux)
+\fIDefault\fR: Puppet/6\.0\.2 Ruby/2\.4\.1\-p111 (x86_64\-linux)
 .
 .IP "" 0
 .

data/man/man8/puppet-agent.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-AGENT" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-AGENT" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-agent\fR \- The puppet agent daemon

data/man/man8/puppet-apply.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-APPLY" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-APPLY" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-apply\fR \- Apply Puppet manifests locally

data/man/man8/puppet-catalog.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-CATALOG" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-CATALOG" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-catalog\fR \- Compile, save, view, and convert catalogs\.

data/man/man8/puppet-config.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-CONFIG" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-CONFIG" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-config\fR \- Interact with Puppet\'s settings\.
@@ -35,7 +35,7 @@ Whether to log debug information\.
 The section of the puppet\.conf configuration file to interact with\.
 .
 .IP
-The three most commonly used sections are \'main\', \'master\', and \'agent\'\. \'Main\' is the default, and is used by all Puppet applications\. Other sections can override \'main\' values for specific applications \-\-\- the \'master\' section affects puppet master and puppet cert, and the \'agent\' section affects puppet agent\.
+The three most commonly used sections are \'main\', \'master\', and \'agent\'\. \'Main\' is the default, and is used by all Puppet applications\. Other sections can override \'main\' values for specific applications \-\-\- the \'master\' section affects Puppet Server, and the \'agent\' section affects puppet agent\.
 .
 .IP
 Less commonly used is the \'user\' section, which affects puppet apply\. Any other section will be treated as the name of a legacy environment (a deprecated feature), and can only include the \'manifest\' and \'modulepath\' settings\.

data/man/man8/puppet-describe.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DESCRIBE" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DESCRIBE" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-describe\fR \- Display help about resource types

data/man/man8/puppet-device.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DEVICE" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DEVICE" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-device\fR \- Manage remote network devices

data/man/man8/puppet-doc.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DOC" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DOC" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-doc\fR \- Generate Puppet references

data/man/man8/puppet-epp.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-EPP" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-EPP" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-epp\fR \- Interact directly with the EPP template parser/renderer\.

data/man/man8/puppet-facts.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FACTS" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FACTS" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-facts\fR \- Retrieve and store facts\.

data/man/man8/puppet-filebucket.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FILEBUCKET" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FILEBUCKET" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-filebucket\fR \- Store and retrieve files in a filebucket

data/man/man8/puppet-generate.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-GENERATE" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-GENERATE" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-generate\fR \- Generates Puppet code from Ruby definitions\.

data/man/man8/puppet-help.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-HELP" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-HELP" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-help\fR \- Display Puppet help\.

data/man/man8/puppet-key.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-KEY" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-KEY" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-key\fR \- Create, save, and remove certificate keys\.
@@ -10,7 +10,7 @@
 puppet key \fIaction\fR [\-\-terminus _TERMINUS] [\-\-extra HASH]
 .
 .SH "DESCRIPTION"
-This subcommand manages certificate private keys\. Keys are created automatically by puppet agent and when certificate requests are generated with \'puppet certificate generate\'; it should not be necessary to use this subcommand directly\.
+This subcommand manages certificate private keys\. Keys are created automatically by puppet agent and when certificate requests are generated with \'puppet ssl submit_request\'; it should not be necessary to use this subcommand directly\.
 .
 .SH "OPTIONS"
 Note that any setting that\'s valid in the configuration file is also a valid long argument, although it may or may not be relevant to the present action\. For example, \fBserver\fR and \fBrun_mode\fR are valid settings, so you can specify \fB\-\-server <servername>\fR, or \fB\-\-run_mode <runmode>\fR as an argument\.

data/man/man8/puppet-lookup.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-LOOKUP" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-LOOKUP" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-lookup\fR \- Interactive Hiera lookup

data/man/man8/puppet-man.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MAN" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MAN" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-man\fR \- Display Puppet manual pages\.

data/man/man8/puppet-module.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MODULE" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MODULE" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.

data/man/man8/puppet-node.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-NODE" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-NODE" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-node\fR \- View and manage node definitions\.

data/man/man8/puppet-parser.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PARSER" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PARSER" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-parser\fR \- Interact directly with the parser\.

data/man/man8/puppet-plugin.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PLUGIN" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PLUGIN" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.

data/man/man8/puppet-report.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-REPORT" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-REPORT" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-report\fR \- Create, display, and submit reports\.

data/man/man8/puppet-resource.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-RESOURCE" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-RESOURCE" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-resource\fR \- The resource abstraction layer shell

data/man/man8/puppet-script.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SCRIPT" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SCRIPT" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog

data/man/man8/puppet-ssl.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SSL" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SSL" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients

data/man/man8/puppet-status.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-STATUS" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-STATUS" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-status\fR \- View puppet server status\.

data/man/man8/puppet.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET" "8" "September 2018" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET" "8" "October 2018" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
 catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
 .
 .P
-See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.0\.1
+See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.0\.2

data/spec/integration/provider/service/windows_spec.rb

@@ -12,17 +12,17 @@ describe test_title, '(integration)', :if => Puppet::Util::Platform.windows? do
     Puppet::Type.type(:service).stubs(:defaultprovider).returns provider_class
   end
 
-  context 'should fail querying services that do not exist' do
+  context 'should return valid values when querying a service that does not exist' do
     let(:service) do
       Puppet::Type.type(:service).new(:name => 'foobarservice1234')
     end
 
-    it "with a Puppet::Error when querying enabled?" do
-      expect { service.provider.enabled? }.to raise_error(Puppet::Error)
+    it "with :false when asked if enabled" do
+      expect(service.provider.enabled?).to eql(:false)
     end
 
-    it "with a Puppet::Error when querying status" do
-      expect { service.provider.status }.to raise_error(Puppet::Error)
+    it "with :stopped when asked about status" do
+      expect(service.provider.status).to eql(:stopped)
     end
   end
 

data/spec/unit/provider/service/windows_spec.rb

@@ -22,6 +22,8 @@ describe 'Puppet::Type::Service::Provider::Windows',
     # make sure we never actually execute anything (there are two execute methods)
     provider.class.expects(:execute).never
     provider.expects(:execute).never
+
+    service_util.stubs(:exists?).with(resource[:name]).returns(true)
   end
 
   describe ".instances" do
@@ -76,6 +78,12 @@ describe 'Puppet::Type::Service::Provider::Windows',
   end
 
   describe "#status" do
+    it "should report a nonexistent service as stopped" do
+      service_util.stubs(:exists?).with(resource[:name]).returns(false)
+
+      expect(provider.status).to eql(:stopped)
+    end
+
     [
       :SERVICE_STOPPED,
       :SERVICE_PAUSED,
@@ -121,6 +129,12 @@ describe 'Puppet::Type::Service::Provider::Windows',
   end
 
   describe "#enabled?" do
+    it "should report a nonexistent service as false" do
+      service_util.stubs(:exists?).with(resource[:name]).returns(false)
+
+      expect(provider.enabled?).to eql(:false)
+    end
+
     it "should report a service with a startup type of manual as manual" do
       service_util.expects(:service_start_type).with(name).returns(:SERVICE_DEMAND_START)
       expect(provider.enabled?).to eq(:manual)

data/spec/unit/provider/user/windows_adsi_spec.rb

@@ -218,6 +218,9 @@ describe Puppet::Type.type(:user).provider(:windows_adsi), :if => Puppet::Util::
     end
 
     it "should set a user's password" do
+      provider.user.expects(:disabled?).returns(false)
+      provider.user.expects(:locked_out?).returns(false)
+      provider.user.expects(:expired?).returns(false)
       provider.user.expects(:password=).with('plaintextbad')
 
       provider.password = "plaintextbad"

data/spec/unit/type/resources_spec.rb

@@ -100,6 +100,24 @@ describe resources do
         user.stubs(:retrieve_resource).returns Puppet::Resource.new("user", user_hash[:name], :parameters => user_hash)
         expect(res.user_check(user)).to be_falsey
       end
+
+      it "should not purge Windows system users" do
+        res = Puppet::Type.type(:resources).new :name => :user, :purge => true
+        res.catalog = Puppet::Resource::Catalog.new
+        user_hash = {:name => 'Administrator', :uid => 'S-1-5-21-12345-500'}
+        user = Puppet::Type.type(:user).new(user_hash)
+        user.stubs(:retrieve_resource).returns Puppet::Resource.new("user", user_hash[:name], :parameters => user_hash)
+        expect(res.user_check(user)).to be_falsey
+      end
+
+      it "should not purge Windows system users" do
+        res = Puppet::Type.type(:resources).new :name => :user, :purge => true
+        res.catalog = Puppet::Resource::Catalog.new
+        user_hash = {:name => 'other', :uid => 'S-1-5-21-12345-1001'}
+        user = Puppet::Type.type(:user).new(user_hash)
+        user.stubs(:retrieve_resource).returns Puppet::Resource.new("user", user_hash[:name], :parameters => user_hash)
+        expect(res.user_check(user)).to be_truthy
+      end
     end
 
     %w(FreeBSD OpenBSD).each do |os|

data/spec/unit/util/storage_spec.rb

@@ -228,8 +228,8 @@ describe Puppet::Util::Storage do
 
     it "expires entries with a :checked older than statettl seconds ago" do
       Puppet[:statettl] = '1d'
-      recent_checked = Time.now
-      stale_checked = Time.now - (Puppet[:statettl] + 1)
+      recent_checked = Time.now.round
+      stale_checked = recent_checked - (Puppet[:statettl] + 10)
       Puppet::Util::Storage.cache(:yayness)[:checked] = recent_checked
       Puppet::Util::Storage.cache(:stale)[:checked] = stale_checked
       expect(Puppet::Util::Storage.state).to eq(
@@ -262,8 +262,8 @@ describe Puppet::Util::Storage do
 
     it "does not expire entries when statettl is 0" do
       Puppet[:statettl] = '0'
-      recent_checked = Time.now
-      older_checked = Time.now - 10_000_000
+      recent_checked = Time.now.round
+      older_checked = recent_checked - 10_000_000
       Puppet::Util::Storage.cache(:yayness)[:checked] = recent_checked
       Puppet::Util::Storage.cache(:older)[:checked] = older_checked
       expect(Puppet::Util::Storage.state).to eq(

data/spec/unit/util/windows/service_spec.rb

@@ -4,6 +4,12 @@ require 'spec_helper'
 describe "Puppet::Util::Windows::Service", :if => Puppet.features.microsoft_windows? do
   require 'puppet/util/windows'
 
+  before(:each) do
+    Puppet::Util::Windows::Error.stubs(:format_error_code)
+      .with(anything)
+      .returns("fake error!")
+  end
+
   # The following should emulate a successful call to the private function
   # query_status that returns the value of query_return. This should give
   # us a way to mock changes in service status.
@@ -47,7 +53,7 @@ describe "Puppet::Util::Windows::Service", :if => Puppet.features.microsoft_wind
     subject::SERVICE_STATUS_PROCESS.stubs(:new)
     subject::QUERY_SERVICE_CONFIGW.stubs(:new)
     subject::SERVICE_STATUS.stubs(:new).returns({:dwCurrentState => subject::SERVICE_RUNNING})
-    Puppet::Util::Windows::Error.stubs(:new).raises(Puppet::Error.new('fake error'))
+    FFI.stubs(:errno).returns(0)
     FFI::MemoryPointer.stubs(:new).yields(pointer)
     pointer.stubs(:read_dword)
     pointer.stubs(:write_dword)
@@ -55,6 +61,35 @@ describe "Puppet::Util::Windows::Service", :if => Puppet.features.microsoft_wind
     subject.stubs(:sleep)
   end
 
+  describe "#exists?" do
+    context "when the service control manager cannot be opened" do
+      let(:scm) { FFI::Pointer::NULL_HANDLE }
+      it "raises a puppet error" do
+        expect{ subject.exists?(mock_service_name) }.to raise_error(Puppet::Error)
+      end
+    end
+
+    context "when the service cannot be opened" do
+      let(:service) { FFI::Pointer::NULL_HANDLE }
+
+      it "returns false if it fails to open because the service does not exist" do
+        FFI.stubs(:errno).returns(Puppet::Util::Windows::Service::ERROR_SERVICE_DOES_NOT_EXIST)
+
+        expect(subject.exists?(mock_service_name)).to be false
+      end
+
+      it "raises a puppet error if it fails to open for some other reason" do
+        expect{ subject.exists?(mock_service_name) }.to raise_error(Puppet::Error)
+      end
+    end
+
+    context "when the service can be opened" do
+      it "returns true" do
+        expect(subject.exists?(mock_service_name)).to be true
+      end
+    end
+  end
+
   describe "#start" do
 
     context "when the service control manager cannot be opened" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppet
 version: !ruby/object:Gem::Version
-  version: 6.0.1
+  version: 6.0.2
 platform: universal-darwin
 authors:
 - Puppet Labs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-10-01 00:00:00.000000000 Z
+date: 2018-10-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter