puppet 5.5.14-x64-mingw32 → 5.5.16-x64-mingw32

data/spec/integration/util/windows/user_spec.rb

@@ -106,6 +106,12 @@ describe "Puppet::Util::Windows::User", :if => Puppet.features.microsoft_windows
     end
 
     describe "logon_user" do
+      let(:fLOGON32_PROVIDER_DEFAULT) {0}
+      let(:fLOGON32_LOGON_INTERACTIVE) {2}
+      let(:fLOGON32_LOGON_NETWORK) {3}
+      let(:token) {'test'}
+      let(:user) {'test'}
+      let(:passwd) {'test'}
       it "should raise an error when provided with an incorrect username and password" do
         expect_logon_failure_error {
           Puppet::Util::Windows::User.logon_user(username, bad_password)
@@ -117,8 +123,21 @@ describe "Puppet::Util::Windows::User", :if => Puppet.features.microsoft_windows
           Puppet::Util::Windows::User.logon_user(username, nil)
         }
       end
+
+      it 'should raise error given that logon returns false' do
+
+        allow(Puppet::Util::Windows::User).to receive(:logon_user_by_logon_type).with(
+            user, passwd, fLOGON32_LOGON_NETWORK, fLOGON32_PROVIDER_DEFAULT, anything).and_return (0)
+        allow(Puppet::Util::Windows::User).to receive(:logon_user_by_logon_type).with(
+            user, passwd, fLOGON32_LOGON_INTERACTIVE, fLOGON32_PROVIDER_DEFAULT, anything).and_return(0)
+
+        expect {Puppet::Util::Windows::User.logon_user(user, passwd) {}}
+            .to raise_error(Puppet::Util::Windows::Error, /Failed to logon user/)
+
+      end
     end
 
+
     describe "password_is?" do
       it "should return false given an incorrect username and password" do
         expect(Puppet::Util::Windows::User.password_is?(username, bad_password)).to be_falsey

data/spec/lib/puppet_spec/https.rb

@@ -0,0 +1,166 @@
+require 'spec_helper'
+require 'webrick'
+
+class PuppetSpec::HTTPSServer
+  attr_reader :ca_cert, :ca_crl, :server_cert, :server_key
+
+  def initialize
+    @ca_cert = OpenSSL::X509::Certificate.new(CA_CERT)
+    @ca_crl = OpenSSL::X509::CRL.new(CRL)
+    @server_key = OpenSSL::PKey::RSA.new(SERVER_KEY)
+    @server_cert = OpenSSL::X509::Certificate.new(SERVER_CERT)
+    @config = WEBrick::Config::HTTP.dup
+  end
+
+  def handle_request(ctx, ssl)
+    req = WEBrick::HTTPRequest.new(@config)
+    req.parse(ssl)
+
+    res = WEBrick::HTTPResponse.new(@config)
+    res.status = 200
+    res.body = 'OK'
+    res.send_response(ssl)
+  end
+
+  def start_server(&block)
+    errors = []
+
+    IO.pipe {|stop_pipe_r, stop_pipe_w|
+      store = OpenSSL::X509::Store.new
+      store.add_cert(@ca_cert)
+      store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.cert_store = store
+      ctx.cert = @server_cert
+      ctx.key = @server_key
+      ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+      Socket.do_not_reverse_lookup = true
+      tcps = TCPServer.new("127.0.0.1", 0)
+      begin
+        port = tcps.connect_address.ip_port
+        begin
+          server_thread = Thread.new do
+            begin
+              ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
+              ssls.start_immediately = true
+
+              loop do
+                readable, = IO.select([ssls, stop_pipe_r])
+                break if readable.include? stop_pipe_r
+
+                ssl = ssls.accept
+                begin
+                  handle_request(ctx, ssl)
+                ensure
+                  ssl.close
+                end
+              end
+            rescue => e
+              # uncomment this line if something goes wrong
+              # puts "SERVER #{e.message}"
+              errors << e
+            end
+          end
+
+          begin
+            yield port
+          ensure
+            stop_pipe_w.close
+          end
+        ensure
+          server_thread.join
+        end
+      ensure
+        tcps.close
+      end
+    }
+
+    errors
+  end
+
+CA_CERT = <<END
+-----BEGIN CERTIFICATE-----
+MIICMjCCAZugAwIBAgIBADANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0
+IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMwMTIxMzgxMVowEjEQMA4GA1UEAwwH
+VGVzdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvPbXy4tgmUZsLx39
+Q7/Fuo5cOVk9yNzwMN4000jZQjAC8DQKXSDkbJ/6MmaiRo+VgwWlEIRVttYjrXF/
+YPKZowbEIaggc9uK96+HLiGiZ0H6rNM7DYsJiCX4OzJ91SOx9qsyJbyNxLbf+IP0
+961sTQhsRaqLn8vsn8Mv9I87eHsCAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/
+MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUlJ+BUoL64NmMn+IAgiLokQqr0zcw
+MQYJYIZIAYb4QgENBCQWIlB1cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNh
+dGUwHwYDVR0jBBgwFoAUlJ+BUoL64NmMn+IAgiLokQqr0zcwDQYJKoZIhvcNAQEL
+BQADgYEAbIca4hMdGmQvLOnNIQJ+PaMsIQ9ZT6dr+NCvIf1Ass1dEr0qRy7tpyP0
+scgYmnIrOHDoe+ecyvEuG1oDb/6wLCGzD4OJXRsOzqsSCZJ31HkmDircQGpd+XbR
+BxqltBWaWmSBH+e64Himc1HbHRq5xb8JFRMK9dSqiF3DrREMN/A=
+-----END CERTIFICATE-----
+END
+
+CRL = <<END
+-----BEGIN X509 CRL-----
+MIIBCjB1AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTcw
+MDEwMTAwMDAwMFoXDTI5MDMwMTIxMzgxMVqgLzAtMB8GA1UdIwQYMBaAFJSfgVKC
++uDZjJ/iAIIi6JEKq9M3MAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4GBAK/r
+2fz+PGgDzu85Od5Tp6jH+3Ons5WURxZzpfveGcG5fgRIG274E5Q1z+Aoj9KW/J5V
+6FPbuoVEpykTicKKQaALHfryOEaLqIbTPu+94AivOx9RxzHhYPrblvjuDkmVf+fp
+O3/6YKoeOom3FP/ftKdcsx7tGXy8UxCMUaBGVb5J
+-----END X509 CRL-----
+END
+
+SERVER_CERT = <<END
+-----BEGIN CERTIFICATE-----
+MIIBvzCCASigAwIBAgIBAzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0
+IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMwMTIxMzgxMVowFDESMBAGA1UEAwwJ
+MTI3LjAuMC4xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRTWFUYiB9TnI/
+ByjHHWnjnA02ieuczgAgI5CzrlrQCbCiogmsyvLmcKp4zJFVPTC6eG6Xy4sXANcn
+g44l5gr3wcSzYctukk05HSbbdoBK5jjAzMT6al9l4mQdVXmv6dIkPFq27rIEaJTu
+pOPaLn+mq64o2+lhTLLESOxygzOlWQIDAQABoyMwITAfBgNVHREEGDAWggkxMjcu
+MC4wLjGCCTEyNy4wLjAuMjANBgkqhkiG9w0BAQsFAAOBgQCNdGVATsyhgfNHe4K8
+19Bi80kA6bvrNQ+6dOwNA3bfpOXog3MU+T5+Sv1tlHl7lL+fnTHZkfRzcQhA10Fw
+YdAxLDyDcY4PzgQcWSw7Lu74TLucfzcR+s+MYHAy8XXP002kjCBrSoSMiQPtXF7P
+f/MQaTCXjA8BP6Ldw4wdlODR5A==
+-----END CERTIFICATE-----
+END
+
+SERVER_KEY = <<END
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDRTWFUYiB9TnI/ByjHHWnjnA02ieuczgAgI5CzrlrQCbCiogms
+yvLmcKp4zJFVPTC6eG6Xy4sXANcng44l5gr3wcSzYctukk05HSbbdoBK5jjAzMT6
+al9l4mQdVXmv6dIkPFq27rIEaJTupOPaLn+mq64o2+lhTLLESOxygzOlWQIDAQAB
+AoGAYbM9O6aSg+uaaNFut4ODajvt7wdydD+0z0vKwBUjTvk2+rOo0H/r4qW07a6Q
+KLnnhSOyfCkHRDWgOVGviQFZHHVptrxiMA6oiyWUL/CuKjGdDQi+Q1xnuEPh0qEz
+Q5ELkY1amDFS0pQV0LkDOweF4rc57haJcgRFxOz2HQJKeAECQQD0csJ4/sTq7lsg
+ebIFn0kKL/k99H53rUH3XlrnGo9CnVChLe6K9J/4smp98MCre0eSgc9ahNs2c4Fs
+ZpcgT8mVAkEA2zFwDhSXkkcWGmfk2Q/pfj/0OqLcIGTYkvi3sc2uirHb93VOLlvj
+ClM2XwRWeeeiEW+Ev5bLmHVGuK55+h/jtQJAfwTatJB9ti2gwGE79dvs0hRXiK/w
+vzMSIf2vcoLEijLAYOBDIYU3Ur0yxLpDA1gNur0lB74dQlAGolM0mB+deQJBAKBf
+RYsnydY+qI9dYHToTYAPrtOQANq6rjKqQ0yWHpRfmX8ulqsYk78kLu3KMLM0pMF5
+BHlhDUlY1QuerKQy3NkCQENWVz2NfnrrcgXUMHBojONcP3mkkOUocO4Ezm4GAgXO
+L55O+hAtuLYdxmuNPNhT2eyOsJ/pmPntS2k/rp39Hf4=
+-----END RSA PRIVATE KEY-----
+END
+
+UNKNOWN_CA = <<END
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G
+A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610
+dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB
+cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx
+MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO
+ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6
+c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu
+0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw
+/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk
+H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw
+fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1
+neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB
+BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW
+qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta
+YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC
+bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna
+NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu
+dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
+-----END CERTIFICATE-----
+END
+end

data/spec/unit/configurer_spec.rb

@@ -1013,29 +1013,65 @@ describe Puppet::Configurer do
       @agent.run :catalog => catalog
     end
 
-    it "should select a server when provided" do
+    it "should select a server when it receives 200 OK response" do
       Puppet.settings[:server_list] = ["myserver:123"]
-      pool = Puppet::Network::HTTP::Pool.new(Puppet[:http_keepalive_timeout])
-      expect(Puppet::Network::HTTP::Pool).to receive(:new).and_return(pool)
-      expect(Puppet).to receive(:override).with({:http_pool => pool}).and_yield
-      expect(Puppet).to receive(:override).with({:server => "myserver", :serverport => '123'}).twice.and_yield
-      expect(Puppet::Node.indirection).to receive(:find).and_return(nil)
-      expect(@agent).to receive(:run_internal).and_return(nil)
+      response = Net::HTTPOK.new(nil, 200, 'OK')
+      allow(Puppet::Network::HttpPool).to receive(:http_ssl_instance).with('myserver', '123').and_return(double('request', get: response))
+      allow(@agent).to receive(:run_internal)
+
+      options = {}
+      @agent.run(options)
+      expect(options[:report].master_used).to eq('myserver:123')
+    end
+
+    it "should select a server when it receives 403 Forbidden" do
+      Puppet.settings[:server_list] = ["myserver:123"]
+      response = Net::HTTPForbidden.new(nil, 403, 'Forbidden')
+      allow(Puppet::Network::HttpPool).to receive(:http_ssl_instance).with('myserver', '123').and_return(double('request', get: response))
+      allow(@agent).to receive(:run_internal)
+
+      options = {}
+      @agent.run(options)
+      expect(options[:report].master_used).to eq('myserver:123')
+    end
+
+    it "queries the simple status for the 'master' service" do
+      Puppet.settings[:server_list] = ["myserver:123"]
+      response = Net::HTTPOK.new(nil, 200, 'OK')
+      http = double('request')
+      expect(http).to receive(:get).with('/status/v1/simple/master').and_return(response)
+      allow(Puppet::Network::HttpPool).to receive(:http_ssl_instance).with('myserver', '123').and_return(http)
+      allow(@agent).to receive(:run_internal)
+
       @agent.run
     end
 
-    it "should error when no servers in 'server_list' are reachable" do
+    it "should report when a server is unavailable" do
       Puppet.settings[:server_list] = ["myserver:123"]
+      response = Net::HTTPInternalServerError.new(nil, 500, 'Internal Server Error')
+      allow(Puppet::Network::HttpPool).to receive(:http_ssl_instance).with('myserver', '123').and_return(double('request', get: response))
+      allow(@agent).to receive(:run_internal)
+
+      expect(Puppet).to receive(:debug).with("Puppet server myserver:123 is unavailable: 500 Internal Server Error")
+      expect { @agent.run }.to raise_error(Puppet::Error, /Could not select a functional puppet master from server_list:/)
+    end
+
+    it "should error when no servers in 'server_list' are reachable" do
+      Puppet.settings[:server_list] = "myserver:123,someotherservername"
       pool = Puppet::Network::HTTP::Pool.new(Puppet[:http_keepalive_timeout])
-      expect(Puppet::Network::HTTP::Pool).to receive(:new).and_return(pool)
-      expect(Puppet).to receive(:override).with({:http_pool => pool}).and_yield
-      expect(Puppet).to receive(:override).with({:server => "myserver", :serverport => '123'}).and_yield
+      allow(Puppet::Network::HTTP::Pool).to receive(:new).and_return(pool)
+      allow(Puppet).to receive(:override).with({:http_pool => pool}).and_yield
+      allow(Puppet).to receive(:override).with({:server => "myserver", :serverport => '123'}).and_yield
+      allow(Puppet).to receive(:override).with({:server => "someotherservername", :serverport => 8140}).and_yield
       error = Net::HTTPError.new(400, 'dummy server communication error')
-      expect(Puppet::Node.indirection).to receive(:find).and_raise(error)
-      expect{ @agent.run }.to raise_error(Puppet::Error, /Could not select a functional puppet master from server_list/)
+      allow(Puppet::Node.indirection).to receive(:find).and_raise(error)
+      expect{ @agent.run }.to raise_error(Puppet::Error, /Could not select a functional puppet master from server_list: 'myserver:123,someotherservername'/)
     end
 
     it "should not make multiple node requets when the server is found" do
+      response = Net::HTTPOK.new(nil, 200, 'OK')
+      allow(Puppet::Network::HttpPool).to receive(:http_ssl_instance).with('myserver', '123').and_return(double('request', get: response))
+      
       Puppet.settings[:server_list] = ["myserver:123"]
       expect(Puppet::Node.indirection).to receive(:find).and_return("mynode").once
       expect(@agent).to receive(:prepare_and_retrieve_catalog).and_return(nil)

data/spec/unit/functions/new_spec.rb

@@ -174,6 +174,19 @@ describe 'the new function' do
           )).to have_resource("Notify[Integer, #{result}]")
         end
       end
+
+      { '0x0G'  => :error,
+        '08'    => :error,
+        '10F'   => :error,
+        '0B2'   => :error,
+      }.each do |str, result|
+        it "errors when given a non Integer compliant string '#{str}'" do
+          expect{compile_to_catalog(<<-"MANIFEST"
+            $x = Integer.new("#{str}")
+          MANIFEST
+        )}.to raise_error(Puppet::Error, /invalid value|cannot be converted to Integer/)
+        end
+      end
     end
 
     context "when radix is explicitly set to 'default' it" do
@@ -307,6 +320,8 @@ describe 'the new function' do
       { "10"     => 10,
         "010"    => 10,
         "00010"  => 10,
+        "08"     => 8,
+        "0008"   => 8,
       }.each do |str, result|
         it "produces #{result} from the string '#{str}'" do
           expect(compile_to_catalog(<<-"MANIFEST"

data/spec/unit/hiera/scope_spec.rb

@@ -90,4 +90,11 @@ describe Hiera::Scope do
       expect(scope.include?("calling_module")).to eq(true)
     end
   end
+
+  describe "#call_function" do
+    it "should delegate a call to call_function to the real scope" do
+      expect(real).to receive(:call_function).once
+      scope.call_function('some_function', [1,2,3])
+    end
+  end
 end

data/spec/unit/network/http/connection_spec.rb

@@ -61,136 +61,6 @@ describe Puppet::Network::HTTP::Connection do
     end
   end
 
-  class ConstantErrorValidator
-    def initialize(args)
-      @fails_with = args[:fails_with]
-      @error_string = args[:error_string] || ""
-      @peer_certs = args[:peer_certs] || []
-    end
-
-    def setup_connection(connection)
-    end
-
-    def peer_certs
-      @peer_certs
-    end
-
-    def verify_errors
-      [@error_string]
-    end
-  end
-
-  class NoProblemsValidator
-    def initialize(cert)
-      @cert = cert
-    end
-
-    def setup_connection(connection)
-    end
-
-    def peer_certs
-      [@cert]
-    end
-
-    def verify_errors
-      []
-    end
-  end
-
-  shared_examples_for 'ssl verifier' do
-    include PuppetSpec::Files
-
-    let (:host) { "my_server" }
-    let (:port) { 8140 }
-
-    before :all do
-      WebMock.disable!
-    end
-
-    after :all do
-      WebMock.enable!
-    end
-
-    before(:each) do
-      allow_any_instance_of(ConstantErrorValidator).to receive(:setup_connection) do |cev, connection|
-        allow(connection).to receive(:start).and_raise(OpenSSL::SSL::SSLError.new(cev.instance_variable_get(:@fails_with)))
-      end
-    end
-
-    it "should provide a useful error message when one is available and certificate validation fails", :unless => Puppet.features.microsoft_windows? do
-      connection = Puppet::Network::HTTP::Connection.new(
-        host, port,
-        :verify => ConstantErrorValidator.new(:fails_with => 'certificate verify failed',
-                                              :error_string => 'shady looking signature'))
-
-      expect do
-        connection.get('request')
-      end.to raise_error(Puppet::Error, /certificate verify failed: \[shady looking signature\]/)
-    end
-
-    it "should provide a helpful error message when hostname was not match with server certificate", :unless => Puppet.features.microsoft_windows? do
-      Puppet[:confdir] = tmpdir('conf')
-
-      connection = Puppet::Network::HTTP::Connection.new(
-      host, port,
-      :verify => ConstantErrorValidator.new(
-        :fails_with => 'hostname was not match with server certificate',
-        :peer_certs => [Puppet::SSL::CertificateAuthority.new.generate(
-          'not_my_server', :dns_alt_names => 'foo,bar,baz')]))
-
-      expect do
-        connection.get('request')
-      end.to raise_error(Puppet::Error) do |error|
-        error.message =~ /\AServer hostname 'my_server' did not match server certificate; expected one of (.+)/
-        expect($1.split(', ')).to match_array(%w[DNS:foo DNS:bar DNS:baz DNS:not_my_server not_my_server])
-      end
-    end
-
-    it "should pass along the error message otherwise" do
-      connection = Puppet::Network::HTTP::Connection.new(
-        host, port,
-        :verify => ConstantErrorValidator.new(:fails_with => 'some other message'))
-
-      expect do
-        connection.get('request')
-      end.to raise_error(/some other message/)
-    end
-
-    it "should check all peer certificates for upcoming expiration", :unless => Puppet.features.microsoft_windows? do
-      Puppet[:confdir] = tmpdir('conf')
-      cert = Puppet::SSL::CertificateAuthority.new.generate(
-        'server', :dns_alt_names => 'foo,bar,baz')
-
-      connection = Puppet::Network::HTTP::Connection.new(
-        host, port,
-        :verify => NoProblemsValidator.new(cert))
-
-      allow_any_instance_of(Net::HTTP).to receive(:start)
-      allow_any_instance_of(Net::HTTP).to receive(:request).and_return(httpok)
-      allow_any_instance_of(Puppet::Network::HTTP::Pool).to receive(:setsockopts)
-
-      connection.get('request')
-    end
-  end
-
-  context "when using single use HTTPS connections" do
-    it_behaves_like 'ssl verifier' do
-    end
-  end
-
-  context "when using persistent HTTPS connections" do
-    around :each do |example|
-      pool = Puppet::Network::HTTP::Pool.new
-      Puppet.override(:http_pool => pool) do
-        example.run
-      end
-      pool.close
-    end
-
-    it_behaves_like 'ssl verifier' do
-    end
-  end
-
   context "when response is a redirect" do
     let (:site)       { Puppet::Network::HTTP::Site.new('http', 'my_server', 8140) }
     let (:other_site) { Puppet::Network::HTTP::Site.new('http', 'redirected', 9292) }