require 'spec_helper'
describe 'Puppet::Type::User::Provider::Aix' do
let(:provider_class) { Puppet::Type.type(:user).provider(:aix) }
let(:group_provider_class) { Puppet::Type.type(:group).provider(:aix) }
let(:resource) do
Puppet::Type.type(:user).new(
:name => 'test_aix_user',
:ensure => :present
)
end
let(:provider) do
provider_class.new(resource)
end
describe '.pgrp_to_gid' do
it "finds the primary group's gid" do
allow(provider).to receive(:ia_module_args).and_return(['-R', 'module'])
expect(group_provider_class).to receive(:list_all)
.with(provider.ia_module_args)
.and_return([{ :name => 'group', :id => 1}])
expect(provider_class.pgrp_to_gid(provider, 'group')).to eql(1)
end
end
describe '.gid_to_pgrp' do
it "finds the gid's primary group" do
allow(provider).to receive(:ia_module_args).and_return(['-R', 'module'])
expect(group_provider_class).to receive(:list_all)
.with(provider.ia_module_args)
.and_return([{ :name => 'group', :id => 1}])
expect(provider_class.gid_to_pgrp(provider, 1)).to eql('group')
end
end
describe '.expires_to_expiry' do
it 'returns absent if expires is 0' do
expect(provider_class.expires_to_expiry(provider, '0')).to eql(:absent)
end
it 'returns absent if the expiry attribute is not formatted properly' do
expect(provider_class.expires_to_expiry(provider, 'bad_format')).to eql(:absent)
end
it 'returns the password expiration date' do
expect(provider_class.expires_to_expiry(provider, '0910122314')).to eql('2014-09-10')
end
end
describe '.expiry_to_expires' do
it 'returns 0 if the expiry date is 0000-00-00' do
expect(provider_class.expiry_to_expires('0000-00-00')).to eql('0')
end
it 'returns 0 if the expiry date is "absent"' do
expect(provider_class.expiry_to_expires('absent')).to eql('0')
end
it 'returns 0 if the expiry date is :absent' do
expect(provider_class.expiry_to_expires(:absent)).to eql('0')
end
it 'returns the expires attribute value' do
expect(provider_class.expiry_to_expires('2014-09-10')).to eql('0910000014')
end
end
describe '.groups_attribute_to_property' do
it "reads the user's groups from the etc/groups file" do
groups = ['system', 'adm']
allow(Puppet::Util::POSIX).to receive(:groups_of).with(resource[:name]).and_return(groups)
actual_groups = provider_class.groups_attribute_to_property(provider, 'unused_value')
expected_groups = groups.join(',')
expect(actual_groups).to eql(expected_groups)
end
end
describe '.groups_property_to_attribute' do
it 'raises an ArgumentError if the groups are space-separated' do
groups = "foo bar baz"
expect do
provider_class.groups_property_to_attribute(groups)
end.to raise_error do |error|
expect(error).to be_a(ArgumentError)
expect(error.message).to match(groups)
expect(error.message).to match("Groups")
end
end
end
describe '#gid=' do
let(:value) { 'new_pgrp' }
let(:old_pgrp) { 'old_pgrp' }
let(:cur_groups) { 'system,adm' }
before(:each) do
allow(provider).to receive(:gid).and_return(old_pgrp)
allow(provider).to receive(:groups).and_return(cur_groups)
allow(provider).to receive(:set)
end
it 'raises a Puppet::Error if it fails to set the groups property' do
allow(provider).to receive(:set)
.with(:groups, cur_groups)
.and_raise(Puppet::ExecutionFailure, 'failed to reset the groups!')
expect { provider.gid = value }.to raise_error do |error|
expect(error).to be_a(Puppet::Error)
expect(error.message).to match('groups')
expect(error.message).to match(cur_groups)
expect(error.message).to match(old_pgrp)
expect(error.message).to match(value)
end
end
end
describe '#parse_password' do
def call_parse_password
File.open(my_fixture('aix_passwd_file.out')) do |f|
provider.parse_password(f)
end
end
it "returns :absent if the user stanza doesn't exist" do
resource[:name] = 'nonexistent_user'
expect(call_parse_password).to eql(:absent)
end
it "returns absent if the user does not have a password" do
resource[:name] = 'no_password_user'
expect(call_parse_password).to eql(:absent)
end
it "returns the user's password" do
expect(call_parse_password).to eql('some_password')
end
it "returns the user's password with tabs" do
resource[:name] = 'tab_password_user'
expect(call_parse_password).to eql('some_password')
end
end
# TODO: If we move from using Mocha to rspec's mocks,
# or a better and more robust mocking library, we should
# remove #parse_password and copy over its tests to here.
describe '#password' do
end
describe '#password=' do
let(:mock_tempfile) do
mock_tempfile_obj = double()
allow(mock_tempfile_obj).to receive(:<<)
allow(mock_tempfile_obj).to receive(:close)
allow(mock_tempfile_obj).to receive(:delete)
allow(mock_tempfile_obj).to receive(:path).and_return('tempfile_path')
allow(Tempfile).to receive(:new)
.with("puppet_#{provider.name}_pw", {:encoding => Encoding::ASCII})
.and_return(mock_tempfile_obj)
mock_tempfile_obj
end
let(:cmd) do
[provider.class.command(:chpasswd), *provider.ia_module_args, '-e', '-c']
end
let(:execute_options) do
{
:failonfail => false,
:combine => true,
:stdinfile => mock_tempfile.path
}
end
it 'raises a Puppet::Error if chpasswd fails' do
allow(provider).to receive(:execute).with(cmd, execute_options).and_return("failed to change passwd!")
expect { provider.password = 'foo' }.to raise_error do |error|
expect(error).to be_a(Puppet::Error)
expect(error.message).to match("failed to change passwd!")
end
end
it "changes the user's password" do
expect(provider).to receive(:execute).with(cmd, execute_options).and_return("")
provider.password = 'foo'
end
it "closes and deletes the tempfile" do
allow(provider).to receive(:execute).with(cmd, execute_options).and_return("")
expect(mock_tempfile).to receive(:close).twice
expect(mock_tempfile).to receive(:delete)
provider.password = 'foo'
end
end
describe '#create' do
it 'should create the user' do
allow(provider.resource).to receive(:should).with(anything).and_return(nil)
allow(provider.resource).to receive(:should).with(:groups).and_return('g1,g2')
allow(provider.resource).to receive(:should).with(:password).and_return('password')
expect(provider).to receive(:execute)
expect(provider).to receive(:groups=).with('g1,g2')
expect(provider).to receive(:password=).with('password')
provider.create
end
end
describe '#list_all_homes' do
it "should return empty array and output debug on failure" do
allow(Puppet::Util::Execution).to receive(:execute).and_raise(Puppet::ExecutionFailure, 'Execution failed')
expect(Puppet).to receive(:debug).with('Could not list home of all users: Execution failed')
expect(provider.list_all_homes).to eql({})
end
end
describe '#delete' do
before(:each) do
allow(File).to receive(:realpath).and_call_original
allow(FileUtils).to receive(:remove_entry_secure).and_call_original
allow(provider.resource).to receive(:should).with(anything).and_return(nil)
allow(provider).to receive(:home).and_return(Dir.tmpdir)
allow(provider).to receive(:execute).and_return(nil)
allow(provider).to receive(:object_info).and_return(nil)
allow(FileUtils).to receive(:remove_entry_secure).with(Dir.tmpdir, true).and_return(nil)
end
context 'with managehome true' do
before(:each) do
allow(provider.resource).to receive(:managehome?).and_return(true)
allow(provider).to receive(:list_all_homes).and_return([])
end
it 'should delete the user without error' do
expect{ provider.delete }.not_to raise_error
end
it "should not remove home when relative" do
allow(provider).to receive(:home).and_return('relative_path')
expect(Puppet).to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
provider.delete
end
it "should not remove home when '/'" do
allow(provider).to receive(:home).and_return('/')
expect(Puppet).to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
provider.delete
end
it "should not remove home when symlink" do
allow(Puppet::FileSystem).to receive(:symlink?).with(Dir.tmpdir).and_return(true)
expect(Puppet).to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
provider.delete
end
it "should not remove home when other users would be affected" do
allow(provider).to receive(:home).and_return('/special')
allow(File).to receive(:realpath).with('/special').and_return('/special')
allow(Puppet::Util).to receive(:absolute_path?).with('/special').and_return(true)
allow(provider).to receive(:list_all_homes).and_return([{:name => 'other_user', :home => '/special/other_user'}])
expect(Puppet).to receive(:debug).with(/it would remove the home directory '\/special\/other_user' of user 'other_user' also./)
provider.delete
end
it 'should remove homedir' do
expect(FileUtils).to receive(:remove_entry_secure).with(Dir.tmpdir, true)
provider.delete
end
end
context 'with managehome false' do
before(:each) do
allow(provider.resource).to receive(:managehome?).and_return(false)
end
it 'should delete the user without error' do
expect{ provider.delete }.not_to raise_error
end
it 'should not remove homedir' do
expect(FileUtils).not_to receive(:remove_entry_secure).with(Dir.tmpdir, true)
end
it 'should not print manage home debug messages' do
expect(Puppet).not_to receive(:debug).with(/Please make sure the path is not relative, symlink or '\/'./)
expect(Puppet).not_to receive(:debug).with(/it would remove the home directory '\/special\/other_user' of user 'other_user' also./)
provider.delete
end
end
end
describe '#deletecmd' do
it 'uses the -p flag when removing the user' do
allow(provider.class).to receive(:command).with(:delete).and_return('delete')
allow(provider).to receive(:ia_module_args).and_return(['ia_module_args'])
expect(provider.deletecmd).to eql(
['delete', '-p', 'ia_module_args', provider.resource.name]
)
end
end
end