puppet 2.7.14 → 2.7.16

data/spec/integration/provider/service/init_spec.rb

@@ -4,25 +4,41 @@ require 'spec_helper'
 provider = Puppet::Type.type(:service).provider(:init)
 
 describe provider, :'fails_on_ruby_1.9.2' => true do
-  describe "when running on FreeBSD", :if => (Facter.value(:operatingsystem) == "FreeBSD") do
+  describe "when running on FreeBSD" do
+    before :each do
+      Facter.stubs(:value).with(:operatingsystem).returns 'FreeBSD'
+    end
+
     it "should set its default path to include /etc/rc.d and /usr/local/etc/rc.d" do
       provider.defpath.should == ["/etc/rc.d", "/usr/local/etc/rc.d"]
     end
   end
 
-  describe "when running on HP-UX", :if => (Facter.value(:operatingsystem) == "HP-UX") do
+  describe "when running on HP-UX" do
+    before :each do
+      Facter.stubs(:value).with(:operatingsystem).returns 'HP-UX'
+    end
+
     it "should set its default path to include /sbin/init.d" do
       provider.defpath.should == "/sbin/init.d"
     end
   end
 
-  describe "when running on Archlinux", :if => (Facter.value(:operatingsystem) == "Archlinux") do
+  describe "when running on Archlinux" do
+    before :each do
+      Facter.stubs(:value).with(:operatingsystem).returns 'Archlinux'
+    end
+
     it "should set its default path to include /etc/rc.d" do
       provider.defpath.should == "/etc/rc.d"
     end
   end
 
-  describe "when not running on FreeBSD, HP-UX or Archlinux", :if => (! %w{HP-UX FreeBSD Archlinux}.include?(Facter.value(:operatingsystem))) do
+  describe "when not running on FreeBSD, HP-UX or Archlinux" do
+    before :each do
+      Facter.stubs(:value).with(:operatingsystem).returns 'RedHat'
+    end
+
     it "should set its default path to include /etc/init.d" do
       provider.defpath.should == "/etc/init.d"
     end

data/spec/integration/provider/ssh_authorized_key_spec.rb

@@ -1,39 +1,63 @@
-#!/usr/bin/env ruby
+#!/usr/bin/env rspec
 
 require 'spec_helper'
 require 'puppet/file_bucket/dipper'
 
-describe "ssh_authorized_key provider (integration)", :unless => Puppet.features.microsoft_windows? do
+describe Puppet::Type.type(:ssh_authorized_key).provider(:parsed), '(integration)', :unless => Puppet.features.microsoft_windows? do
   include PuppetSpec::Files
 
-  before :each do
-    @fake_userfile = tmpfile('authorized_keys.user')
-    @fake_rootfile = tmpfile('authorized_keys.root')
+  let :fake_userfile do
+    tmpfile('authorized_keys.user')
+  end
+
+  let :fake_rootfile do
+    tmpfile('authorized_keys.root')
+  end
 
-    # few testkeys generated with ssh-keygen
-    @sample_rsa_keys = [
+  let :sample_rsa_keys do
+    [
       'AAAAB3NzaC1yc2EAAAADAQABAAAAgQCi18JBZOq10X3w4f67nVhO0O3s5Y1vHH4UgMSM3ZnQwbC5hjGyYSi9UULOoQQoQynI/a0I9NL423/Xk/XJVIKCHcS8q6V2Wmjd+fLNelOjxxoW6mbIytEt9rDvwgq3Mof3/m21L3t2byvegR00a+ikKbmInPmKwjeWZpexCIsHzQ==', # 1024 bit
       'AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLClyvi3CsJw5Id6khZs2/+s11qOH4Gdp6iDioDsrIp0m8kSiPr71VGyQYAfPzzvHemHS7Xg0NkG1Kc8u9tRqBQfTvz7ubq0AT/g01+4P2hQ/soFkuwlUG/HVnnaYb6N0Qp5SHWvD5vBE2nFFQVpP5GrSctPtHSjzJq/i+6LYhmQ==', # 1024 bit
       'AAAAB3NzaC1yc2EAAAADAQABAAABAQDLygAO6txXkh9FNV8xSsBkATeqLbHzS7sFjGI3gt0Dx6q3LjyKwbhQ1RLf28kd5G6VWiXmClU/RtiPdUz8nrGuun++2mrxzrXrvpR9dq1lygLQ2wn2cI35dN5bjRMtXy3decs6HUhFo9MoNwX250rUWfdCyNPhGIp6OOfmjdy+UeLGNxq9wDx6i4bT5tVVSqVRtsEfw9+ICXchzl85QudjneVVpP+thriPZXfXA5eaGwAo/dmoKOIhUwF96gpdLqzNtrGQuxPbV80PTbGv9ZtAtTictxaDz8muXO7he9pXmchUpxUKtMFjHkL0FAZ9tRPmv3RA30sEr2fZ8+LKvnE50w0' #2048 Bit
     ]
-    @sample_dsa_keys = [
+  end
+
+  let :sample_dsa_keys do
+    [
       'AAAAB3NzaC1kc3MAAACBAOPck2O8MIDSqxPSnvENt6tzRrKJ5oOhB6Nc6oEcWm+VEH1gvuxdiRqwoMgRwyEf1yUd+UAcLw3a6Jn+EtFyEBN/5WF+4Tt4xTxZ0Pfik2Wc5uqHbQ2dkmOoXiAOYPiD3JUQ1Xwm/J0CgetjitoLfzAGdCNhMqguqAuHcVJ78ZZbAAAAFQCIBKFYZ+I18I+dtgteirXh+VVEEwAAAIEAs1yvQ/wnLLrRCM660pF4kBiw3D6dJfMdCXWQpn0hZmkBQSIzZv4Wuk3giei5luxscDxNc+y3CTXtnyG4Kt1Yi2sOdvhRI3rX8tD+ejn8GHazM05l5VIo9uu4AQPIE32iV63IqgApSBbJ6vDJW91oDH0J492WdLCar4BS/KE3cRwAAACBAN0uSDyJqYLRsfYcFn4HyVf6TJxQm1IcwEt6GcJVzgjri9VtW7FqY5iBqa9B9Zdh5XXAYJ0XLsWQCcrmMHM2XGHGpA4gL9VlCJ/0QvOcXxD2uK7IXwAVUA7g4V4bw8EVnFv2Flufozhsp+4soo1xiYc5jiFVHwVlk21sMhAtKAeF' # 1024 Bit
     ]
+  end
 
-    @sample_lines = [
-      "ssh-rsa #{@sample_rsa_keys[1]} root@someotherhost",
-      "ssh-dss #{@sample_dsa_keys[0]} root@anywhere",
-      "ssh-rsa #{@sample_rsa_keys[2]} paul"
+  let :sample_lines do
+    [
+      "ssh-rsa #{sample_rsa_keys[1]} root@someotherhost",
+      "ssh-dss #{sample_dsa_keys[0]} root@anywhere",
+      "ssh-rsa #{sample_rsa_keys[2]} paul",
+      "ssh-rsa #{sample_rsa_keys[2]} dummy"
     ]
+  end
 
+  let :dummy do
+    Puppet::Type.type(:ssh_authorized_key).new(
+      :name   => 'dummy',
+      :target => fake_userfile,
+      :user   => 'nobody',
+      :ensure => :absent
+    )
+  end
+
+  before :each do
+    File.stubs(:chown)
+    File.stubs(:chmod)
+    Puppet::Util::SUIDManager.stubs(:asuser).yields
   end
 
   after :each do
-    Puppet::Type::Ssh_authorized_key::ProviderParsed.clear # Work around bug #6628
+    described_class.clear # Work around bug #6628
   end
 
   def create_fake_key(username, content)
-    filename = (username == :root ? @fake_rootfile : @fake_userfile )
+    filename = (username == :root ? fake_rootfile : fake_userfile )
     File.open(filename, 'w') do |f|
       content.each do |line|
         f.puts line
@@ -42,8 +66,8 @@ describe "ssh_authorized_key provider (integration)", :unless => Puppet.features
   end
 
   def check_fake_key(username, expected_content)
-    filename = (username == :root ? @fake_rootfile : @fake_userfile )
-    content = File.readlines(filename).map(&:chomp).sort.reject{ |x| x =~ /^#|^$/ }
+    filename = (username == :root ? fake_rootfile : fake_userfile )
+    content = File.readlines(filename).map(&:chomp).sort.reject{ |x| x =~ /^# HEADER:/ }
     content.join("\n").should == expected_content.sort.join("\n")
   end
 
@@ -58,150 +82,138 @@ describe "ssh_authorized_key provider (integration)", :unless => Puppet.features
     catalog.apply
   end
 
-  describe "when managing one resource" do
+  it "should not complain about empty lines and comments" do
+    described_class.expects(:flush).never
+    sample = ['',sample_lines[0],'   ',sample_lines[1],'# just a comment','#and another']
+    create_fake_key(:user,sample)
+    run_in_catalog(dummy)
+    check_fake_key(:user, sample)
+  end
 
-    before :each do
-      # We are not running as root so chown/chmod is not possible
-      File.stubs(:chown)
-      File.stubs(:chmod)
-      Puppet::Util::SUIDManager.stubs(:asuser).yields
-    end
+  it "should keep empty lines and comments when modifying a file" do
+    create_fake_key(:user, ['',sample_lines[0],'   ',sample_lines[3],'# just a comment','#and another'])
+    run_in_catalog(dummy)
+    check_fake_key(:user, ['',sample_lines[0],'   ','# just a comment','#and another'])
+  end
 
-    describe "with ensure set to absent" do
+  describe "when managing one resource" do
 
-      before :each do
-        @example = Puppet::Type.type(:ssh_authorized_key).new(
+    describe "with ensure set to absent" do
+      let :example do
+        Puppet::Type.type(:ssh_authorized_key).new(
           :name     => 'root@hostname',
           :type     => :rsa,
-          :key      => @sample_rsa_keys[0],
-          :target   => @fake_rootfile,
+          :key      => sample_rsa_keys[0],
+          :target   => fake_rootfile,
           :user     => 'root',
           :ensure   => :absent
         )
       end
 
       it "should not modify root's keyfile if resource is currently not present" do
-        create_fake_key(:root, @sample_lines)
-        run_in_catalog(@example)
-        check_fake_key(:root, @sample_lines)
+        create_fake_key(:root, sample_lines)
+        run_in_catalog(example)
+        check_fake_key(:root, sample_lines)
       end
 
       it "remove the key from root's keyfile if resource is currently present" do
-        create_fake_key(:root, @sample_lines + ["ssh-rsa #{@sample_rsa_keys[0]} root@hostname"])
-        run_in_catalog(@example)
-        check_fake_key(:root, @sample_lines)
+        create_fake_key(:root, sample_lines + ["ssh-rsa #{sample_rsa_keys[0]} root@hostname"])
+        run_in_catalog(example)
+        check_fake_key(:root, sample_lines)
       end
-
     end
 
     describe "when ensure is present" do
-
-      before :each do
-        @example = Puppet::Type.type(:ssh_authorized_key).new(
+      let :example do
+        Puppet::Type.type(:ssh_authorized_key).new(
           :name     => 'root@hostname',
           :type     => :rsa,
-          :key      => @sample_rsa_keys[0],
-          :target   => @fake_rootfile,
+          :key      => sample_rsa_keys[0],
+          :target   => fake_rootfile,
           :user     => 'root',
           :ensure   => :present
         )
-
-        # just a dummy so the parsedfile provider is aware
-        # of the user's authorized_keys file
-        @dummy = Puppet::Type.type(:ssh_authorized_key).new(
-          :name   => 'dummy',
-          :target => @fake_userfile,
-          :user   => 'nobody',
-          :ensure => :absent
-        )
       end
 
+      # just a dummy so the parsedfile provider is aware
+      # of the user's authorized_keys file
+
       it "should add the key if it is not present" do
-        create_fake_key(:root, @sample_lines)
-        run_in_catalog(@example)
-        check_fake_key(:root, @sample_lines + ["ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+        create_fake_key(:root, sample_lines)
+        run_in_catalog(example)
+        check_fake_key(:root, sample_lines + ["ssh-rsa #{sample_rsa_keys[0]} root@hostname" ])
       end
 
       it "should modify the type if type is out of sync" do
-        create_fake_key(:root,@sample_lines + [ "ssh-dss #{@sample_rsa_keys[0]} root@hostname" ])
-        run_in_catalog(@example)
-        check_fake_key(:root, @sample_lines + [ "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+        create_fake_key(:root,sample_lines + [ "ssh-dss #{sample_rsa_keys[0]} root@hostname" ])
+        run_in_catalog(example)
+        check_fake_key(:root, sample_lines + [ "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ])
       end
 
       it "should modify the key if key is out of sync" do
-        create_fake_key(:root,@sample_lines + [ "ssh-rsa #{@sample_rsa_keys[1]} root@hostname" ])
-        run_in_catalog(@example)
-        check_fake_key(:root, @sample_lines + [ "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+        create_fake_key(:root,sample_lines + [ "ssh-rsa #{sample_rsa_keys[1]} root@hostname" ])
+        run_in_catalog(example)
+        check_fake_key(:root, sample_lines + [ "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ])
       end
 
       it "should remove the key from old file if target is out of sync" do
-        create_fake_key(:user, [ @sample_lines[0], "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
-        create_fake_key(:root, [ @sample_lines[1], @sample_lines[2] ])
-        run_in_catalog(@example, @dummy)
-        check_fake_key(:user, [ @sample_lines[0] ])
-        #check_fake_key(:root, [ @sample_lines[1], @sample_lines[2], "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+        create_fake_key(:user, [ sample_lines[0], "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ])
+        create_fake_key(:root, [ sample_lines[1], sample_lines[2] ])
+        run_in_catalog(example, dummy)
+        check_fake_key(:user, [ sample_lines[0] ])
+        #check_fake_key(:root, [ sample_lines[1], sample_lines[2], "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ])
       end
 
       it "should add the key to new file if target is out of sync" do
-        create_fake_key(:user, [ @sample_lines[0], "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
-        create_fake_key(:root, [ @sample_lines[1], @sample_lines[2] ])
-        run_in_catalog(@example, @dummy)
-        #check_fake_key(:user, [ @sample_lines[0] ])
-        check_fake_key(:root, [ @sample_lines[1], @sample_lines[2], "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+        create_fake_key(:user, [ sample_lines[0], "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ])
+        create_fake_key(:root, [ sample_lines[1], sample_lines[2] ])
+        run_in_catalog(example, dummy)
+        #check_fake_key(:user, [ sample_lines[0] ])
+        check_fake_key(:root, [ sample_lines[1], sample_lines[2], "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ])
       end
 
       it "should modify options if options are out of sync" do
-        @example[:options]=[ 'from="*.domain1,host1.domain2"', 'no-port-forwarding', 'no-pty' ]
-        create_fake_key(:root, @sample_lines + [ "from=\"*.false,*.false2\",no-port-forwarding,no-pty ssh-rsa #{@sample_rsa_keys[0]} root@hostname"])
-        run_in_catalog(@example)
-        check_fake_key(:root, @sample_lines + [ "from=\"*.domain1,host1.domain2\",no-port-forwarding,no-pty ssh-rsa #{@sample_rsa_keys[0]} root@hostname"] )
+        example[:options]=[ 'from="*.domain1,host1.domain2"', 'no-port-forwarding', 'no-pty' ]
+        create_fake_key(:root, sample_lines + [ "from=\"*.false,*.false2\",no-port-forwarding,no-pty ssh-rsa #{sample_rsa_keys[0]} root@hostname"])
+        run_in_catalog(example)
+        check_fake_key(:root, sample_lines + [ "from=\"*.domain1,host1.domain2\",no-port-forwarding,no-pty ssh-rsa #{sample_rsa_keys[0]} root@hostname"] )
       end
-
     end
-
   end
 
   describe "when managing two resource" do
-
-      before :each do
-        # We are not running as root so chown/chmod is not possible
-        File.stubs(:chown)
-        File.stubs(:chmod)
-        Puppet::Util::SUIDManager.stubs(:asuser).yields
-        @example_one = Puppet::Type.type(:ssh_authorized_key).new(
-          :name     => 'root@hostname',
-          :type     => :rsa,
-          :key      => @sample_rsa_keys[0],
-          :target   => @fake_rootfile,
-          :user     => 'root',
-          :ensure   => :present
-        )
-
-        @example_two = Puppet::Type.type(:ssh_authorized_key).new(
-          :name   => 'user@hostname',
-          :key    => @sample_rsa_keys[1],
-          :type   => :rsa,
-          :target => @fake_userfile,
-          :user   => 'nobody',
-          :ensure => :present
-        )
-      end
+    let :examples do
+      resources = []
+      resources << Puppet::Type.type(:ssh_authorized_key).new(
+        :name     => 'root@hostname',
+        :type     => :rsa,
+        :key      => sample_rsa_keys[0],
+        :target   => fake_rootfile,
+        :user     => 'root',
+        :ensure   => :present
+      )
+      resources << Puppet::Type.type(:ssh_authorized_key).new(
+        :name   => 'user@hostname',
+        :key    => sample_rsa_keys[1],
+        :type   => :rsa,
+        :target => fake_userfile,
+        :user   => 'nobody',
+        :ensure => :present
+      )
+      resources
+    end
 
     describe "and both keys are absent" do
-
       before :each do
-        create_fake_key(:root, @sample_lines)
-        create_fake_key(:user, @sample_lines)
+        create_fake_key(:root, sample_lines)
+        create_fake_key(:user, sample_lines)
       end
 
       it "should add both keys" do
-        run_in_catalog(@example_one, @example_two)
-        check_fake_key(:root, @sample_lines + [ "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
-        check_fake_key(:user, @sample_lines + [ "ssh-rsa #{@sample_rsa_keys[1]} user@hostname" ])
+        run_in_catalog(*examples)
+        check_fake_key(:root, sample_lines + [ "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ])
+        check_fake_key(:user, sample_lines + [ "ssh-rsa #{sample_rsa_keys[1]} user@hostname" ])
       end
-
     end
-
   end
-
 end

data/spec/unit/face/module/install_spec.rb

@@ -3,6 +3,7 @@ require 'puppet/face'
 require 'puppet/module_tool'
 
 describe "puppet module install" do
+  include PuppetSpec::Files
 
   subject { Puppet::Face[:module, :current] }
 
@@ -24,10 +25,10 @@ describe "puppet module install" do
     end
 
     let(:sep) { File::PATH_SEPARATOR }
-    let(:fakefirstpath)  { "/my/fake/modpath" }
-    let(:fakesecondpath) { "/other/fake/path" }
+    let(:fakefirstpath)  { make_absolute("/my/fake/modpath") }
+    let(:fakesecondpath) { make_absolute("/other/fake/path") }
     let(:fakemodpath)    { "#{fakefirstpath}#{sep}#{fakesecondpath}" }
-    let(:fakedirpath)    { "/my/fake/path" }
+    let(:fakedirpath)    { make_absolute("/my/fake/path") }
 
     context "without any options" do
       it "should require a name" do
@@ -49,7 +50,7 @@ describe "puppet module install" do
     end
 
     it "should accept the --target-dir option" do
-      options[:target_dir] = "/foo/puppet/modules"
+      options[:target_dir] = make_absolute("/foo/puppet/modules")
       expected_options.merge!(options)
       expected_options[:modulepath] = "#{options[:target_dir]}#{sep}#{fakemodpath}"
 
@@ -90,6 +91,17 @@ describe "puppet module install" do
       end
 
       describe "when target-dir option is passed" do
+        it "should expand the target directory" do
+          options[:target_dir] = "modules"
+          expanded_path = File.expand_path("modules")
+          expected_options.merge!(options)
+          expected_options[:target_dir] = expanded_path
+          expected_options[:modulepath] = "#{expanded_path}#{sep}#{fakemodpath}"
+
+          Puppet::ModuleTool::Applications::Installer.expects(:run).with("puppetlabs-apache", expected_options).once
+          subject.install("puppetlabs-apache", options)
+        end
+
         it "should set target-dir to be first path of modulepath" do
           options[:target_dir] = fakedirpath
           expected_options[:target_dir] = fakedirpath

data/spec/unit/network/http/api/v1_spec.rb

@@ -54,6 +54,14 @@ describe Puppet::Network::HTTP::API::V1 do
       @tester.uri2indirection("GET", "/env/foo/bar", {})[3][:environment].should be_a Puppet::Node::Environment
     end
 
+    it "should not pass a buck_path parameter through (See Bugs #13553, #13518, #13511)" do
+      @tester.uri2indirection("GET", "/env/foo/bar", { :bucket_path => "/malicious/path" })[3].should_not include({ :bucket_path => "/malicious/path" })
+    end
+
+    it "should pass allowed parameters through" do
+      @tester.uri2indirection("GET", "/env/foo/bar", { :allowed_param => "value" })[3].should include({ :allowed_param => "value" })
+    end
+
     it "should use the second field of the URI as the indirection name" do
       @tester.uri2indirection("GET", "/env/foo/bar", {})[0].should == "foo"
     end

data/spec/unit/network/http_pool_spec.rb

@@ -14,122 +14,128 @@ describe Puppet::Network::HttpPool do
   end
 
   describe "when managing http instances" do
-    def stub_settings(settings)
-      settings.each do |param, value|
-        Puppet.settings.stubs(:value).with(param).returns(value)
-      end
-    end
-
-    before do
+    before :each do
       # All of the cert stuff is tested elsewhere
       Puppet::Network::HttpPool.stubs(:cert_setup)
     end
 
     it "should return an http instance created with the passed host and port" do
-      http = stub 'http', :use_ssl= => nil, :read_timeout= => nil, :open_timeout= => nil, :started? => false
-      Net::HTTP.expects(:new).with("me", 54321, nil, nil).returns(http)
-      Puppet::Network::HttpPool.http_instance("me", 54321).should equal(http)
+      http = Puppet::Network::HttpPool.http_instance("me", 54321)
+      http.should be_an_instance_of Net::HTTP
+      http.address.should == 'me'
+      http.port.should    == 54321
     end
 
     it "should enable ssl on the http instance" do
-      Puppet::Network::HttpPool.http_instance("me", 54321).instance_variable_get("@use_ssl").should be_true
+      Puppet::Network::HttpPool.http_instance("me", 54321).should be_use_ssl
     end
 
-    it "should set the read timeout" do
-      Puppet::Network::HttpPool.http_instance("me", 54321).read_timeout.should == 120
-    end
+    context "proxy and timeout settings should propagate" do
+      subject { Puppet::Network::HttpPool.http_instance("me", 54321) }
+      before :each do
+        Puppet[:http_proxy_host] = "myhost"
+        Puppet[:http_proxy_port] = 432
+        Puppet[:configtimeout]   = 120
+      end
 
-    it "should set the open timeout" do
-      Puppet::Network::HttpPool.http_instance("me", 54321).open_timeout.should == 120
+      its(:open_timeout)  { should == Puppet[:configtimeout] }
+      its(:read_timeout)  { should == Puppet[:configtimeout] }
+      its(:proxy_address) { should == Puppet[:http_proxy_host] }
+      its(:proxy_port)    { should == Puppet[:http_proxy_port] }
     end
 
-    it "should create the http instance with the proxy host and port set if the http_proxy is not set to 'none'" do
-      stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120
-      Puppet::Network::HttpPool.http_instance("me", 54321).open_timeout.should == 120
+    it "should not set a proxy if the value is 'none'" do
+      Puppet[:http_proxy_host] = 'none'
+      Puppet::Network::HttpPool.http_instance("me", 54321).proxy_address.should be_nil
     end
 
     it "should not cache http instances" do
-      stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120
-      old = Puppet::Network::HttpPool.http_instance("me", 54321)
-      Puppet::Network::HttpPool.http_instance("me", 54321).should_not equal(old)
+      Puppet::Network::HttpPool.http_instance("me", 54321).
+        should_not equal Puppet::Network::HttpPool.http_instance("me", 54321)
     end
   end
 
-  describe "when adding certificate information to http instances" do
-    before do
-      @http = mock 'http'
-      [:cert_store=, :verify_mode=, :ca_file=, :cert=, :key=].each { |m| @http.stubs(m) }
-      @store = stub 'store'
-
-      @cert = stub 'cert', :content => "real_cert"
-      @key = stub 'key', :content => "real_key"
-      @host = stub 'host', :certificate => @cert, :key => @key, :ssl_store => @store
-
-      Puppet[:confdir] = "/sometthing/else"
-      Puppet.settings.stubs(:value).returns "/some/file"
-      Puppet.settings.stubs(:value).with(:hostcert).returns "/host/cert"
-      Puppet.settings.stubs(:value).with(:localcacert).returns "/local/ca/cert"
-
-      FileTest.stubs(:exist?).with("/host/cert").returns true
-      FileTest.stubs(:exist?).with("/local/ca/cert").returns true
-
-      Puppet::Network::HttpPool.stubs(:ssl_host).returns @host
+  describe "when doing SSL setup for http instances" do
+    let :http do
+      http = Net::HTTP.new('localhost', 443)
+      http.use_ssl = true
+      http
     end
 
-    after do
-      Puppet.settings.clear
-    end
+    let :store do stub('store') end
 
-    it "should do nothing if no host certificate is on disk" do
-      FileTest.expects(:exist?).with("/host/cert").returns false
-      @http.expects(:cert=).never
-      Puppet::Network::HttpPool.cert_setup(@http)
-    end
+    before :each do
+      Puppet[:hostcert]    = '/host/cert'
+      Puppet[:localcacert] = '/local/ca/cert'
 
-    it "should do nothing if no local certificate is on disk" do
-      FileTest.expects(:exist?).with("/local/ca/cert").returns false
-      @http.expects(:cert=).never
-      Puppet::Network::HttpPool.cert_setup(@http)
+      cert  = stub 'cert', :content => 'real_cert'
+      key   = stub 'key',  :content => 'real_key'
+      host  = stub 'host', :certificate => cert, :key => key, :ssl_store => store
+      Puppet::Network::HttpPool.stubs(:ssl_host).returns(host)
     end
 
-    it "should add a certificate store from the ssl host" do
-      @http.expects(:cert_store=).with(@store)
+    shared_examples "HTTPS setup without all certificates" do
+      subject { Puppet::Network::HttpPool.cert_setup(http); http }
 
-      Puppet::Network::HttpPool.cert_setup(@http)
+      it                { should be_use_ssl }
+      its(:cert)        { should be_nil }
+      its(:cert_store)  { should be_nil }
+      its(:ca_file)     { should be_nil }
+      its(:key)         { should be_nil }
+      its(:verify_mode) { should == OpenSSL::SSL::VERIFY_NONE }
     end
 
-    it "should add the client certificate" do
-      @http.expects(:cert=).with("real_cert")
+    context "with neither a host cert or a local CA cert" do
+      before :each do
+        FileTest.stubs(:exist?).with(Puppet[:hostcert]).returns(false)
+        FileTest.stubs(:exist?).with(Puppet[:localcacert]).returns(false)
+      end
 
-      Puppet::Network::HttpPool.cert_setup(@http)
+      include_examples "HTTPS setup without all certificates"
     end
 
-    it "should add the client key" do
-      @http.expects(:key=).with("real_key")
+    context "with there is no host certificate" do
+      before :each do
+        FileTest.stubs(:exist?).with(Puppet[:hostcert]).returns(false)
+        FileTest.stubs(:exist?).with(Puppet[:localcacert]).returns(true)
+      end
 
-      Puppet::Network::HttpPool.cert_setup(@http)
+      include_examples "HTTPS setup without all certificates"
     end
 
-    it "should set the verify mode to OpenSSL::SSL::VERIFY_PEER" do
-      @http.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
+    context "with there is no local CA certificate" do
+      before :each do
+        FileTest.stubs(:exist?).with(Puppet[:hostcert]).returns(true)
+        FileTest.stubs(:exist?).with(Puppet[:localcacert]).returns(false)
+      end
 
-      Puppet::Network::HttpPool.cert_setup(@http)
+      include_examples "HTTPS setup without all certificates"
     end
 
-    it "should set the ca file" do
-      Puppet.settings.stubs(:value).returns "/some/file"
-      FileTest.stubs(:exist?).with(Puppet[:hostcert]).returns true
+    context "with both the host and CA cert" do
+      subject { Puppet::Network::HttpPool.cert_setup(http); http }
 
-      Puppet.settings.stubs(:value).with(:localcacert).returns "/ca/cert/file"
-      FileTest.stubs(:exist?).with("/ca/cert/file").returns true
-      @http.expects(:ca_file=).with("/ca/cert/file")
+      before :each do
+        FileTest.expects(:exist?).with(Puppet[:hostcert]).returns(true)
+        FileTest.expects(:exist?).with(Puppet[:localcacert]).returns(true)
+      end
 
-      Puppet::Network::HttpPool.cert_setup(@http)
+      it                { should be_use_ssl }
+      its(:cert_store)  { should equal store }
+      its(:cert)        { should == "real_cert" }
+      its(:key)         { should == "real_key" }
+      its(:verify_mode) { should == OpenSSL::SSL::VERIFY_PEER }
+      its(:ca_file)     { should == Puppet[:localcacert] }
     end
 
     it "should set up certificate information when creating http instances" do
-      Puppet::Network::HttpPool.expects(:cert_setup).with { |i| i.is_a?(Net::HTTP) }
-      Puppet::Network::HttpPool.http_instance("one", "two")
+      Puppet::Network::HttpPool.expects(:cert_setup).with do |http|
+        http.should be_an_instance_of Net::HTTP
+        http.address.should == "one"
+        http.port.should == 2
+      end
+
+      Puppet::Network::HttpPool.http_instance("one", 2)
     end
   end
 end