Merge branch '2.7.next' into 2.7.x

* 2.7.next: (42 commits)
  (#6395) Add extpuppet help, eval, and interfaces
  Adding a sleep state post starting master
  maint: fix spec_helper inclusions again.
  (#7523) Refactor the grammar to reduce duplication
  (#7114) Fix specs for ssh authorized key parsed provider
  (#7114) Target returns correct value
  (#7114) Add integration tests for authorized_key
  (#7114) Improve unit tests for ssh_authorized_key
  (#7114) Improve value validation for authorized_key
  (#7300) Fix instances method of mount provider
  (#7259) Remove ActiveRecord requirement from indirector face spec
  (#7259) Do not try to load all Terminus classes when configuring the Indirector
  (#3836) External nodes should only capture stdout
  Revert "(#7220) Add the ability to "inherit" options."
  maint: sync 'authconfig' to 'rest_authconfig' setting
  adding test for ticket 7139
  (#7139) Accept '/' as a valid path in filesets
  (#7300) Add specs for the mount provider
  case seems needless here as there is only two opts, also the rest of the file seems to use if so this should make things more consistant
  (#6845) Mount writes incorrect vfstab entries
  ...

2 files changed, 238 insertions, 0 deletions

diff --git a/spec/integration/parser/parser_spec.rb b/spec/integration/parser/parser_spec.rb
index 65c9ee302..b55aa04ce 100755
--- a/spec/integration/parser/parser_spec.rb
+++ b/spec/integration/parser/parser_spec.rb
@@ -117,5 +117,36 @@ describe Puppet::Parser::Parser do
         $out = $hash['a']['b']['c']
       }.should parse_with { |v| v.value.is_a?(Puppet::Parser::AST::ASTHash) }
     end
+
+    it "should fail if asked to parse '$foo::::bar'" do
+      expect { @parser.parse("$foo::::bar") }.should raise_error(Puppet::ParseError, /Syntax error at ':'/)
+    end
+
+    describe "function calls" do
+      it "should be able to pass an array to a function" do
+        "my_function([1,2,3])".should parse_with { |fun|
+          fun.is_a?(Puppet::Parser::AST::Function) &&
+          fun.arguments.first.evaluate(stub 'scope') == ['1','2','3']
+        }
+      end
+
+      it "should be able to pass a hash to a function" do
+        "my_function({foo => bar})".should parse_with { |fun|
+          fun.is_a?(Puppet::Parser::AST::Function) &&
+          fun.arguments.first.evaluate(stub 'scope') == {'foo' => 'bar'}
+        }
+      end
+    end
+
+    describe "collections" do
+      it "should find resources according to an expression" do
+        %q{
+          File <| mode == 0700 + 0050 + 0050 |>
+        }.should parse_with { |coll|
+          coll.is_a?(Puppet::Parser::AST::Collection) &&
+            coll.query.evaluate(stub 'scope').first == "param_values.value = '528' and param_names.name = 'mode'"
+        }
+      end
+    end
   end
 end
diff --git a/spec/integration/provider/ssh_authorized_key_spec.rb b/spec/integration/provider/ssh_authorized_key_spec.rb
new file mode 100644
index 000000000..902f9ad22
--- /dev/null
+++ b/spec/integration/provider/ssh_authorized_key_spec.rb
@@ -0,0 +1,207 @@
+#!/usr/bin/env ruby
+
+require 'spec_helper'
+require 'puppet/file_bucket/dipper'
+
+describe "ssh_authorized_key provider (integration)" do
+  include PuppetSpec::Files
+
+  before :each do
+    @fake_userfile = tmpfile('authorized_keys.user')
+    @fake_rootfile = tmpfile('authorized_keys.root')
+
+    # few testkeys generated with ssh-keygen
+    @sample_rsa_keys = [
+      'AAAAB3NzaC1yc2EAAAADAQABAAAAgQCi18JBZOq10X3w4f67nVhO0O3s5Y1vHH4UgMSM3ZnQwbC5hjGyYSi9UULOoQQoQynI/a0I9NL423/Xk/XJVIKCHcS8q6V2Wmjd+fLNelOjxxoW6mbIytEt9rDvwgq3Mof3/m21L3t2byvegR00a+ikKbmInPmKwjeWZpexCIsHzQ==', # 1024 bit
+      'AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLClyvi3CsJw5Id6khZs2/+s11qOH4Gdp6iDioDsrIp0m8kSiPr71VGyQYAfPzzvHemHS7Xg0NkG1Kc8u9tRqBQfTvz7ubq0AT/g01+4P2hQ/soFkuwlUG/HVnnaYb6N0Qp5SHWvD5vBE2nFFQVpP5GrSctPtHSjzJq/i+6LYhmQ==', # 1024 bit
+      'AAAAB3NzaC1yc2EAAAADAQABAAABAQDLygAO6txXkh9FNV8xSsBkATeqLbHzS7sFjGI3gt0Dx6q3LjyKwbhQ1RLf28kd5G6VWiXmClU/RtiPdUz8nrGuun++2mrxzrXrvpR9dq1lygLQ2wn2cI35dN5bjRMtXy3decs6HUhFo9MoNwX250rUWfdCyNPhGIp6OOfmjdy+UeLGNxq9wDx6i4bT5tVVSqVRtsEfw9+ICXchzl85QudjneVVpP+thriPZXfXA5eaGwAo/dmoKOIhUwF96gpdLqzNtrGQuxPbV80PTbGv9ZtAtTictxaDz8muXO7he9pXmchUpxUKtMFjHkL0FAZ9tRPmv3RA30sEr2fZ8+LKvnE50w0' #2048 Bit
+    ]
+    @sample_dsa_keys = [
+      'AAAAB3NzaC1kc3MAAACBAOPck2O8MIDSqxPSnvENt6tzRrKJ5oOhB6Nc6oEcWm+VEH1gvuxdiRqwoMgRwyEf1yUd+UAcLw3a6Jn+EtFyEBN/5WF+4Tt4xTxZ0Pfik2Wc5uqHbQ2dkmOoXiAOYPiD3JUQ1Xwm/J0CgetjitoLfzAGdCNhMqguqAuHcVJ78ZZbAAAAFQCIBKFYZ+I18I+dtgteirXh+VVEEwAAAIEAs1yvQ/wnLLrRCM660pF4kBiw3D6dJfMdCXWQpn0hZmkBQSIzZv4Wuk3giei5luxscDxNc+y3CTXtnyG4Kt1Yi2sOdvhRI3rX8tD+ejn8GHazM05l5VIo9uu4AQPIE32iV63IqgApSBbJ6vDJW91oDH0J492WdLCar4BS/KE3cRwAAACBAN0uSDyJqYLRsfYcFn4HyVf6TJxQm1IcwEt6GcJVzgjri9VtW7FqY5iBqa9B9Zdh5XXAYJ0XLsWQCcrmMHM2XGHGpA4gL9VlCJ/0QvOcXxD2uK7IXwAVUA7g4V4bw8EVnFv2Flufozhsp+4soo1xiYc5jiFVHwVlk21sMhAtKAeF' # 1024 Bit
+    ]
+
+    @sample_lines = [
+      "ssh-rsa #{@sample_rsa_keys[1]} root@someotherhost",
+      "ssh-dss #{@sample_dsa_keys[0]} root@anywhere",
+      "ssh-rsa #{@sample_rsa_keys[2]} paul"
+    ]
+
+  end
+
+  after :each do
+    Puppet::Type::Ssh_authorized_key::ProviderParsed.clear # Work around bug #6628
+  end
+
+  def create_fake_key(username, content)
+    filename = (username == :root ? @fake_rootfile : @fake_userfile )
+    File.open(filename, 'w') do |f|
+      content.each do |line|
+        f.puts line
+      end
+    end
+  end
+
+  def check_fake_key(username, expected_content)
+    filename = (username == :root ? @fake_rootfile : @fake_userfile )
+    content = File.readlines(filename).map(&:chomp).sort.reject{ |x| x =~ /^#|^$/ }
+    content.join("\n").should == expected_content.sort.join("\n")
+  end
+
+  def run_in_catalog(*resources)
+    Puppet::FileBucket::Dipper.any_instance.stubs(:backup) # Don't backup to the filebucket
+    catalog = Puppet::Resource::Catalog.new
+    catalog.host_config = false
+    resources.each do |resource|
+      resource.expects(:err).never
+      catalog.add_resource(resource)
+    end
+    catalog.apply
+  end
+
+  describe "when managing one resource" do
+
+    before :each do
+      # We are not running as root so chown/chmod is not possible
+      File.stubs(:chown)
+      File.stubs(:chmod)
+      Puppet::Util::SUIDManager.stubs(:asuser).yields
+    end
+
+    describe "with ensure set to absent" do
+
+      before :each do
+        @example = Puppet::Type.type(:ssh_authorized_key).new(
+          :name     => 'root@hostname',
+          :type     => :rsa,
+          :key      => @sample_rsa_keys[0],
+          :target   => @fake_rootfile,
+          :user     => 'root',
+          :ensure   => :absent
+        )
+      end
+
+      it "should not modify root's keyfile if resource is currently not present" do
+        create_fake_key(:root, @sample_lines)
+        run_in_catalog(@example)
+        check_fake_key(:root, @sample_lines)
+      end
+
+      it "remove the key from root's keyfile if resource is currently present" do
+        create_fake_key(:root, @sample_lines + ["ssh-rsa #{@sample_rsa_keys[0]} root@hostname"])
+        run_in_catalog(@example)
+        check_fake_key(:root, @sample_lines)
+      end
+
+    end
+
+    describe "when ensure is present" do
+
+      before :each do
+        @example = Puppet::Type.type(:ssh_authorized_key).new(
+          :name     => 'root@hostname',
+          :type     => :rsa,
+          :key      => @sample_rsa_keys[0],
+          :target   => @fake_rootfile,
+          :user     => 'root',
+          :ensure   => :present
+        )
+
+        # just a dummy so the parsedfile provider is aware
+        # of the user's authorized_keys file
+        @dummy = Puppet::Type.type(:ssh_authorized_key).new(
+          :name   => 'dummy',
+          :target => @fake_userfile,
+          :user   => 'nobody',
+          :ensure => :absent
+        )
+      end
+
+      it "should add the key if it is not present" do
+        create_fake_key(:root, @sample_lines)
+        run_in_catalog(@example)
+        check_fake_key(:root, @sample_lines + ["ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+      end
+
+      it "should modify the type if type is out of sync" do
+        create_fake_key(:root,@sample_lines + [ "ssh-dss #{@sample_rsa_keys[0]} root@hostname" ])
+        run_in_catalog(@example)
+        check_fake_key(:root, @sample_lines + [ "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+      end
+
+      it "should modify the key if key is out of sync" do
+        create_fake_key(:root,@sample_lines + [ "ssh-rsa #{@sample_rsa_keys[1]} root@hostname" ])
+        run_in_catalog(@example)
+        check_fake_key(:root, @sample_lines + [ "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+      end
+
+      it "should remove the key from old file if target is out of sync" do
+        create_fake_key(:user, [ @sample_lines[0], "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+        create_fake_key(:root, [ @sample_lines[1], @sample_lines[2] ])
+        run_in_catalog(@example, @dummy)
+        check_fake_key(:user, [ @sample_lines[0] ])
+        #check_fake_key(:root, [ @sample_lines[1], @sample_lines[2], "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+      end
+
+      it "should add the key to new file if target is out of sync" do
+        create_fake_key(:user, [ @sample_lines[0], "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+        create_fake_key(:root, [ @sample_lines[1], @sample_lines[2] ])
+        run_in_catalog(@example, @dummy)
+        #check_fake_key(:user, [ @sample_lines[0] ])
+        check_fake_key(:root, [ @sample_lines[1], @sample_lines[2], "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+      end
+
+      it "should modify options if options are out of sync" do
+        @example[:options]=[ 'from="correct.domain.com"', 'no-port-forwarding', 'no-pty' ]
+        create_fake_key(:root, @sample_lines + [ "from=\"incorrect.domain.com\",no-port-forwarding,no-pty ssh-rsa #{@sample_rsa_keys[0]} root@hostname"])
+        run_in_catalog(@example)
+        check_fake_key(:root, @sample_lines + [ "from=\"correct.domain.com\",no-port-forwarding,no-pty ssh-rsa #{@sample_rsa_keys[0]} root@hostname"] )
+      end
+
+    end
+
+  end
+
+  describe "when managing two resource" do
+
+      before :each do
+        # We are not running as root so chown/chmod is not possible
+        File.stubs(:chown)
+        File.stubs(:chmod)
+        Puppet::Util::SUIDManager.stubs(:asuser).yields
+        @example_one = Puppet::Type.type(:ssh_authorized_key).new(
+          :name     => 'root@hostname',
+          :type     => :rsa,
+          :key      => @sample_rsa_keys[0],
+          :target   => @fake_rootfile,
+          :user     => 'root',
+          :ensure   => :present
+        )
+
+        @example_two = Puppet::Type.type(:ssh_authorized_key).new(
+          :name   => 'user@hostname',
+          :key    => @sample_rsa_keys[1],
+          :type   => :rsa,
+          :target => @fake_userfile,
+          :user   => 'nobody',
+          :ensure => :present
+        )
+      end
+
+    describe "and both keys are absent" do
+
+      before :each do
+        create_fake_key(:root, @sample_lines)
+        create_fake_key(:user, @sample_lines)
+      end
+
+      it "should add both keys" do
+        run_in_catalog(@example_one, @example_two)
+        check_fake_key(:root, @sample_lines + [ "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+        check_fake_key(:user, @sample_lines + [ "ssh-rsa #{@sample_rsa_keys[1]} user@hostname" ])
+      end
+
+    end
+
+  end
+
+end