Merge pull request #19 from tthayer/feature/datatypes

Feature/datatypes
trlinkin · Mar 7, 2019 · b0e1b6e · b0e1b6e
2 parents d20db8b + f4521f2
commit b0e1b6e
Show file tree

Hide file tree

Showing 6 changed files with 51 additions and 46 deletions.
diff --git a/.fixtures.yml b/.fixtures.yml
@@ -2,6 +2,8 @@ fixtures:
   repositories:
     stdlib:
       repo: "git://github.com/puppetlabs/puppetlabs-stdlib"
-      ref: "4.3.2"
+      ref: "a656880f13cc13a30baa892dcc4c8e3efefcc867"
+    reboot: "git://github.com/puppetlabs/puppetlabs-reboot"
+    powershell: "git://github.com/puppetlabs/puppetlabs-powershell"
   symlinks:
     domain_membership: "#{source_dir}"
diff --git a/.gitignore b/.gitignore
@@ -20,3 +20,4 @@
 /vendor/
 /convert_report.txt
 .DS_Store
+.vendor
diff --git a/tests/init.pp → examples/init.pp b/tests/init.pp → examples/init.pp
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -50,73 +50,53 @@
 # Copyright 2013 Thomas Linkin, unless otherwise noted.
 #
 class domain_membership (
-  $domain,
-  $username,
-  $password,
-  $secure_password = false,
-  $machine_ou      = undef,
-  $resetpw         = true,
-  $reboot          = true,
-  $reboot_apply    = 'finished',
-  $join_options    = '1',
-  $user_domain     = undef,
+  Stdlib::Fqdn $domain,
+  String $username,
+  Variant[String,Sensitive] $password,
+  Optional[Stdlib::Fqdn] $user_domain           = undef,
+  Boolean $secure_password                      = false,
+  String $machine_ou                            = '$null',
+  Boolean $resetpw                              = true,
+  Boolean $reboot                               = true,
+  Enum['immediately', 'finished'] $reboot_apply = 'finished',
+  Pattern[/\d+/] $join_options                  = '1',
 ){
 
-  # Validate Parameters
-  validate_string($username)
-  validate_string($password)
-  validate_bool($resetpw)
-  validate_re($join_options, '\d+', 'join_options parameter must be a number.')
-  validate_re($reboot_apply, 'immediately|finished', 'reboot_apply only accepts "immediately" or "finished"')
-  unless is_domain_name($domain) {
-    fail('Class[domain_membership] domain parameter must be a valid rfc1035 domain name')
+  $this_password = ($password =~ Sensitive) ? {
+    true  => $password,
+    false => Sensitive($password)
   }
 
   # Use Either a "Secure String" password or an unencrypted password
   if $secure_password {
-    $_password = "(New-Object System.Management.Automation.PSCredential('user',(convertto-securestring '${password}'))).GetNetworkCredential().password"
+    $_password = ("(New-Object System.Management.Automation.PSCredential('user',(convertto-securestring '${this_password}'))).GetNetworkCredential().password")
   }else{
-    $_password = "'${password}'"
-  }
-
-  # Allow an optional OU location for the creation of the machine
-  # account to be specified. If unset, we use the powershell representation
-  # of nil, which is the `$null` variable.
-  if $machine_ou {
-    validate_string($machine_ou)
-    $_machine_ou = "'${machine_ou}'"
-  }else{
-    $_machine_ou = '$null'
+    $_password = "'${this_password}'"
   }
 
   # Allow an optional user_domain to accomodate multi-domain AD forests
   if $user_domain {
-    unless is_domain_name($user_domain) {
-      fail('Class[domain_membership] user_domain parameter must be a valid rfc1035 domain name')
-    }
     $_user_domain = $user_domain
     $_reset_username = "${user_domain}\\${username}"
   } else {
     $_user_domain = $domain
     $_reset_username = $username
   }
 
-  # Since the powershell command is combersome, we'll construct it here for clarity... well, almost clarity
-  #
-  $command = "(Get-WmiObject -Class Win32_ComputerSystem).JoinDomainOrWorkGroup('${domain}',${_password},'${username}@${_user_domain}',${_machine_ou},${join_options})"
-
   exec { 'join_domain':
-    command  => "exit ${command}.ReturnValue",
-    unless   => "if((Get-WmiObject -Class Win32_ComputerSystem).domain -ne '${domain}'){ exit 1 }",
-    provider => powershell,
+    environment => [ "Password=${_password}" ],
+    command     => "exit (Get-WmiObject -Class Win32_ComputerSystem).JoinDomainOrWorkGroup('${domain}',\$Password,'${username}@${_user_domain}',${machine_ou},${join_options}).ReturnValue",
+    unless      => "if((Get-WmiObject -Class Win32_ComputerSystem).domain -ne '${domain}'){ exit 1 }",
+    provider    => powershell,
   }
 
   if $resetpw {
     exec { 'reset_computer_trust':
-      command  => "netdom /RESETPWD /UserD:${_reset_username} /PasswordD:${_password} /Server:${domain}",
-      unless   => "if ($(nltest /sc_verify:${domain}) -match 'ERROR_INVALID_PASSWORD') {exit 1}",
-      provider => powershell,
-      require  => Exec['join_domain'],
+      environment => [ "Password=${_password}" ],
+      command     => "netdom /RESETPWD /UserD:${_reset_username} /PasswordD:\$Password /Server:${domain}",
+      unless      => "if ($(nltest /sc_verify:${domain}) -match 'ERROR_INVALID_PASSWORD') {exit 1}",
+      provider    => powershell,
+      require     => Exec['join_domain'],
     }
   }
 

diff --git a/metadata.json b/metadata.json
@@ -13,7 +13,7 @@
     },
     {
       "name": "puppetlabs/stdlib",
-      "version_requirement": ">= 4.1.0"
+      "version_requirement": ">= 4.25.0"
     },
     {
       "name": "puppetlabs/reboot",

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -0,0 +1,22 @@
+require 'spec_helper'
+require 'puppetlabs_spec_helper/module_spec_helper'
+
+describe 'domain_membership' do
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      let(:facts) { facts }
+
+      context 'with insecure password passed' do
+        let(:params) do
+          {
+            domain: 'test.domain',
+            username: 'testuser',
+            password: 'password1',
+          }
+        end
+
+        it { is_expected.to compile.with_all_deps }
+      end
+    end
+  end
+end