-#! /usr/bin/env ruby -S rspec
require 'spec_helper'
-describe "the pw_hash function" do
+describe 'pw_hash' do
- before :all do
- @enhanced_salts_supported = RUBY_PLATFORM == 'java'
- end
-
- let(:scope) { PuppetlabsSpec::PuppetInternals.scope }
+ it { is_expected.not_to eq(nil) }
- it "should exist" do
- expect(Puppet::Parser::Functions.function("pw_hash")).to eq("function_pw_hash")
+ context 'when there are less than 3 arguments' do
+ it { is_expected.to run.with_params().and_raise_error(ArgumentError, /wrong number of arguments/i) }
+ it { is_expected.to run.with_params('password').and_raise_error(ArgumentError, /wrong number of arguments/i) }
+ it { is_expected.to run.with_params('password', 'sha-256').and_raise_error(ArgumentError, /wrong number of arguments/i) }
end
- it "should raise an ArgumentError if there are less than 3 arguments" do
- expect { scope.function_pw_hash([]) }.to( raise_error(ArgumentError, /[Ww]rong number of arguments/) )
- expect { scope.function_pw_hash(['password']) }.to( raise_error(ArgumentError, /[Ww]rong number of arguments/) )
- expect { scope.function_pw_hash(['password', 'sha-512']) }.to( raise_error(ArgumentError, /[Ww]rong number of arguments/) )
+ context 'when there are more than 3 arguments' do
+ it { is_expected.to run.with_params('password', 'sha-256', 'salt', 'extra').and_raise_error(ArgumentError, /wrong number of arguments/i) }
+ it { is_expected.to run.with_params('password', 'sha-256', 'salt', 'extra', 'extra').and_raise_error(ArgumentError, /wrong number of arguments/i) }
end
- it "should raise an ArgumentError if there are more than 3 arguments" do
- expect { scope.function_pw_hash(['password', 'sha-512', 'salt', 5]) }.to( raise_error(ArgumentError, /[Ww]rong number of arguments/) )
+ context 'when the first argument is not a string' do
+ it { is_expected.to run.with_params([], 'sha-256', 'salt').and_raise_error(ArgumentError, /first argument must be a string/) }
+ it { is_expected.to run.with_params({}, 'sha-256', 'salt').and_raise_error(ArgumentError, /first argument must be a string/) }
+ it { is_expected.to run.with_params(1, 'sha-256', 'salt').and_raise_error(ArgumentError, /first argument must be a string/) }
+ it { is_expected.to run.with_params(true, 'sha-256', 'salt').and_raise_error(ArgumentError, /first argument must be a string/) }
end
- it "should raise an ArgumentError if the first argument is not a string" do
- expect { scope.function_pw_hash([['password'], 'sha-512', 'salt']) }.to( raise_error(ArgumentError, /first argument must be a string/) )
- # in Puppet 3, numbers are passed as strings, so we can't test that
+ context 'when the first argument is undefined' do
+ it { is_expected.to run.with_params('', 'sha-256', 'salt').and_return(nil) }
+ it { is_expected.to run.with_params(nil, 'sha-256', 'salt').and_return(nil) }
end
- it "should return nil if the first argument is empty" do
- expect(scope.function_pw_hash(['', 'sha-512', 'salt'])).to eq(nil)
+ context 'when the second argument is not a string' do
+ it { is_expected.to run.with_params('password', [], 'salt').and_raise_error(ArgumentError, /second argument must be a string/) }
+ it { is_expected.to run.with_params('password', {}, 'salt').and_raise_error(ArgumentError, /second argument must be a string/) }
+ it { is_expected.to run.with_params('password', 1, 'salt').and_raise_error(ArgumentError, /second argument must be a string/) }
+ it { is_expected.to run.with_params('password', true, 'salt').and_raise_error(ArgumentError, /second argument must be a string/) }
end
- it "should return nil if the first argument is undef" do
- expect(scope.function_pw_hash([nil, 'sha-512', 'salt'])).to eq(nil)
+ context 'when the second argument is not one of the supported hashing algorithms' do
+ it { is_expected.to run.with_params('password', 'no such algo', 'salt').and_raise_error(ArgumentError, /is not a valid hash type/) }
end
- it "should raise an ArgumentError if the second argument is an invalid hash type" do
- expect { scope.function_pw_hash(['', 'invalid', 'salt']) }.to( raise_error(ArgumentError, /not a valid hash type/) )
+ context 'when the third argument is not a string' do
+ it { is_expected.to run.with_params('password', 'sha-256', []).and_raise_error(ArgumentError, /third argument must be a string/) }
+ it { is_expected.to run.with_params('password', 'sha-256', {}).and_raise_error(ArgumentError, /third argument must be a string/) }
+ it { is_expected.to run.with_params('password', 'sha-256', 1).and_raise_error(ArgumentError, /third argument must be a string/) }
+ it { is_expected.to run.with_params('password', 'sha-256', true).and_raise_error(ArgumentError, /third argument must be a string/) }
end
- it "should raise an ArgumentError if the second argument is not a string" do
- expect { scope.function_pw_hash(['', [], 'salt']) }.to( raise_error(ArgumentError, /second argument must be a string/) )
+ context 'when the third argument is empty' do
+ it { is_expected.to run.with_params('password', 'sha-512', '').and_raise_error(ArgumentError, /third argument must not be empty/) }
end
- it "should raise an ArgumentError if the third argument is not a string" do
- expect { scope.function_pw_hash(['password', 'sha-512', ['salt']]) }.to( raise_error(ArgumentError, /third argument must be a string/) )
- # in Puppet 3, numbers are passed as strings, so we can't test that
+ context 'when the third argument contains invalid characters' do
+ it { is_expected.to run.with_params('password', 'sha-512', 'one%').and_raise_error(ArgumentError, /characters in salt must be in the set/) }
end
- it "should raise an ArgumentError if the third argument is empty" do
- expect { scope.function_pw_hash(['password', 'sha-512', '']) }.to( raise_error(ArgumentError, /third argument must not be empty/) )
- end
+ context 'when running on a platform with a weak String#crypt implementation' do
+ before(:each) { allow_any_instance_of(String).to receive(:crypt).with('$1$1').and_return('a bad hash') }
- it "should raise an ArgumentError if the third argument has invalid characters" do
- expect { scope.function_pw_hash(['password', 'sha-512', '%']) }.to( raise_error(ArgumentError, /characters in salt must be in the set/) )
+ it { is_expected.to run.with_params('password', 'sha-512', 'salt').and_raise_error(Puppet::ParseError, /system does not support enhanced salts/) }
end
- it "should fail on platforms with weak implementations of String#crypt" do
- String.any_instance.expects(:crypt).with('$1$1').returns('$1SoNol0Ye6Xk')
- expect { scope.function_pw_hash(['password', 'sha-512', 'salt']) }.to( raise_error(Puppet::ParseError, /system does not support enhanced salts/) )
- end
-
- if @enhanced_salts_supported
+ if RUBY_PLATFORM == 'java' or 'test'.crypt('$1$1') == '$1$1$Bp8CU9Oujr9SSEw53WV6G.'
describe "on systems with enhanced salts support" do
- it "should return a hashed password" do
- result = scope.function_pw_hash(['password', 'sha-512', 'salt'])
- expect(result).to eql('$6$salt$IxDD3jeSOb5eB1CX5LBsqZFVkJdido3OUILO5Ifz5iwMuTS4XMS130MTSuDDl3aCI6WouIL9AjRbLCelDCy.g.')
- end
-
- it "should use the specified salt" do
- result = scope.function_pw_hash(['password', 'sha-512', 'salt'])
- expect(result).to match('salt')
- end
-
- it "should use the specified hash type" do
- resultmd5 = scope.function_pw_hash(['password', 'md5', 'salt'])
- resultsha256 = scope.function_pw_hash(['password', 'sha-256', 'salt'])
- resultsha512 = scope.function_pw_hash(['password', 'sha-512', 'salt'])
-
- expect(resultmd5).to eql('$1$salt$qJH7.N4xYta3aEG/dfqo/0')
- expect(resultsha256).to eql('$5$salt$Gcm6FsVtF/Qa77ZKD.iwsJlCVPY0XSMgLJL0Hnww/c1')
- expect(resultsha512).to eql('$6$salt$IxDD3jeSOb5eB1CX5LBsqZFVkJdido3OUILO5Ifz5iwMuTS4XMS130MTSuDDl3aCI6WouIL9AjRbLCelDCy.g.')
- end
-
- it "should generate a valid hash" do
- password_hash = scope.function_pw_hash(['password', 'sha-512', 'salt'])
-
- hash_parts = password_hash.match(%r{\A\$(.*)\$([a-zA-Z0-9./]+)\$([a-zA-Z0-9./]+)\z})
+ it { is_expected.to run.with_params('password', 'md5', 'salt').and_return('$1$salt$qJH7.N4xYta3aEG/dfqo/0') }
+ it { is_expected.to run.with_params('password', 'sha-256', 'salt').and_return('$5$salt$Gcm6FsVtF/Qa77ZKD.iwsJlCVPY0XSMgLJL0Hnww/c1') }
+ it { is_expected.to run.with_params('password', 'sha-512', 'salt').and_return('$6$salt$IxDD3jeSOb5eB1CX5LBsqZFVkJdido3OUILO5Ifz5iwMuTS4XMS130MTSuDDl3aCI6WouIL9AjRbLCelDCy.g.') }
+ end
- expect(hash_parts).not_to eql(nil)
+ if Puppet::Util::Package.versioncmp(Puppet.version, '4.7.0') >= 0
+ describe 'when arguments are sensitive' do
+ it { is_expected.to run.with_params(Puppet::Pops::Types::PSensitiveType::Sensitive.new('password'), 'md5', 'salt').and_return('$1$salt$qJH7.N4xYta3aEG/dfqo/0') }
+ it { is_expected.to run.with_params(Puppet::Pops::Types::PSensitiveType::Sensitive.new('password'), 'md5', Puppet::Pops::Types::PSensitiveType::Sensitive.new('salt')).and_return('$1$salt$qJH7.N4xYta3aEG/dfqo/0') }
+ it { is_expected.to run.with_params('password', 'md5', Puppet::Pops::Types::PSensitiveType::Sensitive.new('salt')).and_return('$1$salt$qJH7.N4xYta3aEG/dfqo/0') }
end
end
end
projects / mirror / dsa-puppet.git / blobdiff