From 42d4ea7af9197f77a3062727eb166c719ca6296a Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Fri, 7 Jul 2017 17:30:17 -0700 Subject: (MODULES-4908) adds support for sensitive data type to pw_hash Also includes a small fix to integer_spec so tests pass. --- lib/puppet/parser/functions/pw_hash.rb | 7 +++++++ spec/aliases/integer_spec.rb | 2 +- spec/functions/pw_hash_spec.rb | 8 ++++++++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/puppet/parser/functions/pw_hash.rb b/lib/puppet/parser/functions/pw_hash.rb index d99ee5b..0deeb3a 100644 --- a/lib/puppet/parser/functions/pw_hash.rb +++ b/lib/puppet/parser/functions/pw_hash.rb @@ -27,6 +27,13 @@ Puppet::Parser::Functions::newfunction( environment contains several different operating systems, ensure that they are compatible before using this function.") do |args| raise ArgumentError, "pw_hash(): wrong number of arguments (#{args.size} for 3)" if args.size != 3 + args.map! do |arg| + if arg.is_a? Puppet::Pops::Types::PSensitiveType::Sensitive + arg.unwrap + else + arg + end + end raise ArgumentError, "pw_hash(): first argument must be a string" unless args[0].is_a? String or args[0].nil? raise ArgumentError, "pw_hash(): second argument must be a string" unless args[1].is_a? String hashes = { 'md5' => '1', diff --git a/spec/aliases/integer_spec.rb b/spec/aliases/integer_spec.rb index aec9fd6..9cf0357 100644 --- a/spec/aliases/integer_spec.rb +++ b/spec/aliases/integer_spec.rb @@ -22,7 +22,7 @@ if Puppet::Util::Package.versioncmp(Puppet.version, '4.5.0') >= 0 [ "foo\nbar", true, 'true', false, 'false', 'iAmAString', '1test', '1 test', 'test 1', 'test 1 test', {}, { 'key' => 'value' }, { 1=> 2 }, '', :undef , 'x', 3.7, '3.7',-3.7, '-342.2315e-12' ].each do |value| describe value.inspect do let(:params) {{ value: value }} - if Gem::Version.new(Puppet.version) >= Gem::Version.new('5.0.0') + if Puppet::Util::Package.versioncmp(Puppet.version, '5.0.0') >= 0 it { is_expected.to compile.and_raise_error(/parameter 'value' expects a Stdlib::Compat::Integer = Variant\[Integer, Pattern\[.*\], Array\[.*\]\] value/) } else it { is_expected.to compile.and_raise_error(/parameter 'value' expects a value of type Integer, Pattern(\[.*\]+)?, or Array/) } diff --git a/spec/functions/pw_hash_spec.rb b/spec/functions/pw_hash_spec.rb index df5348c..9e03464 100644 --- a/spec/functions/pw_hash_spec.rb +++ b/spec/functions/pw_hash_spec.rb @@ -65,5 +65,13 @@ describe 'pw_hash' do it { is_expected.to run.with_params('password', 'sha-256', 'salt').and_return('$5$salt$Gcm6FsVtF/Qa77ZKD.iwsJlCVPY0XSMgLJL0Hnww/c1') } it { is_expected.to run.with_params('password', 'sha-512', 'salt').and_return('$6$salt$IxDD3jeSOb5eB1CX5LBsqZFVkJdido3OUILO5Ifz5iwMuTS4XMS130MTSuDDl3aCI6WouIL9AjRbLCelDCy.g.') } end + + if Puppet::Util::Package.versioncmp(Puppet.version, '4.7.0') >= 0 + describe 'when arguments are sensitive' do + it { is_expected.to run.with_params(Puppet::Pops::Types::PSensitiveType::Sensitive.new('password'), 'md5', 'salt').and_return('$1$salt$qJH7.N4xYta3aEG/dfqo/0') } + it { is_expected.to run.with_params(Puppet::Pops::Types::PSensitiveType::Sensitive.new('password'), 'md5', Puppet::Pops::Types::PSensitiveType::Sensitive.new('salt')).and_return('$1$salt$qJH7.N4xYta3aEG/dfqo/0') } + it { is_expected.to run.with_params('password', 'md5', Puppet::Pops::Types::PSensitiveType::Sensitive.new('salt')).and_return('$1$salt$qJH7.N4xYta3aEG/dfqo/0') } + end + end end end -- cgit v1.2.3