RubyGems - puppet - Versions diffs - 6.10.1 → 6.11.0 - Mend

puppet 6.10.1 → 6.11.0

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (242) hide show

checksums.yaml +4 -4
data/Gemfile +4 -4
data/Gemfile.lock +20 -12
data/ext/project_data.yaml +3 -2
data/ext/regexp_nodes/regexp_nodes.rb +4 -4
data/ext/windows/service/daemon.rb +33 -8
data/install.rb +6 -6
data/lib/puppet.rb +8 -0
data/lib/puppet/application.rb +1 -1
data/lib/puppet/application/agent.rb +3 -0
data/lib/puppet/application/apply.rb +2 -2
data/lib/puppet/application/describe.rb +3 -9
data/lib/puppet/application/device.rb +3 -0
data/lib/puppet/application/doc.rb +1 -1
data/lib/puppet/application/lookup.rb +1 -1
data/lib/puppet/application/script.rb +2 -2
data/lib/puppet/application/ssl.rb +25 -21
data/lib/puppet/configurer.rb +42 -0
data/lib/puppet/configurer/downloader.rb +2 -6
data/lib/puppet/context/trusted_information.rb +42 -4
data/lib/puppet/defaults.rb +19 -4
data/lib/puppet/face/module/list.rb +5 -5
data/lib/puppet/face/module/search.rb +1 -1
data/lib/puppet/face/module/uninstall.rb +1 -1
data/lib/puppet/face/module/upgrade.rb +1 -1
data/lib/puppet/file_serving/http_metadata.rb +1 -1
data/lib/puppet/file_system.rb +0 -8
data/lib/puppet/file_system/memory_file.rb +1 -1
data/lib/puppet/file_system/posix.rb +3 -2
data/lib/puppet/forge.rb +3 -3
data/lib/puppet/functions.rb +1 -2
data/lib/puppet/gettext/module_translations.rb +1 -1
data/lib/puppet/graph/rb_tree_map.rb +2 -2
data/lib/puppet/graph/simple_graph.rb +4 -3
data/lib/puppet/http.rb +29 -0
data/lib/puppet/http/client.rb +156 -0
data/lib/puppet/http/errors.rb +30 -0
data/lib/puppet/http/redirector.rb +48 -0
data/lib/puppet/http/resolver.rb +5 -0
data/lib/puppet/http/resolver/settings.rb +5 -0
data/lib/puppet/http/resolver/srv.rb +13 -0
data/lib/puppet/http/response.rb +34 -0
data/lib/puppet/http/retry_after_handler.rb +47 -0
data/lib/puppet/http/service.rb +18 -0
data/lib/puppet/http/service/ca.rb +49 -0
data/lib/puppet/http/session.rb +55 -0
data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
data/lib/puppet/indirector/hiera.rb +2 -0
data/lib/puppet/indirector/request.rb +1 -1
data/lib/puppet/indirector/resource/ral.rb +1 -3
data/lib/puppet/indirector/resource/validator.rb +1 -1
data/lib/puppet/interface.rb +2 -1
data/lib/puppet/interface/documentation.rb +1 -1
data/lib/puppet/loaders.rb +0 -1
data/lib/puppet/metatype/manager.rb +1 -1
data/lib/puppet/module.rb +1 -1
data/lib/puppet/module/task.rb +20 -4
data/lib/puppet/module_tool/applications/installer.rb +1 -1
data/lib/puppet/module_tool/applications/uninstaller.rb +3 -3
data/lib/puppet/module_tool/metadata.rb +1 -1
data/lib/puppet/module_tool/shared_behaviors.rb +4 -4
data/lib/puppet/module_tool/tar/mini.rb +1 -1
data/lib/puppet/network/http.rb +2 -6
data/lib/puppet/network/http/api/indirected_routes.rb +12 -11
data/lib/puppet/network/http/connection.rb +10 -12
data/lib/puppet/network/http/pool.rb +2 -0
data/lib/puppet/network/http/site.rb +5 -1
data/lib/puppet/network/resolver.rb +4 -4
data/lib/puppet/node/environment.rb +4 -2
data/lib/puppet/pal/pal_impl.rb +2 -2
data/lib/puppet/parser/ast.rb +1 -1
data/lib/puppet/parser/ast/resourceparam.rb +1 -1
data/lib/puppet/parser/functions.rb +1 -1
data/lib/puppet/parser/scope.rb +8 -7
data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +1 -1
data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +1 -1
data/lib/puppet/pops/evaluator/external_syntax_support.rb +3 -2
data/lib/puppet/pops/evaluator/runtime3_support.rb +4 -7
data/lib/puppet/pops/loader/module_loaders.rb +1 -1
data/lib/puppet/pops/loader/task_instantiator.rb +4 -0
data/lib/puppet/pops/loaders.rb +1 -1
data/lib/puppet/pops/lookup/hiera_config.rb +1 -0
data/lib/puppet/pops/lookup/sub_lookup.rb +1 -1
data/lib/puppet/pops/merge_strategy.rb +22 -18
data/lib/puppet/pops/parser/heredoc_support.rb +1 -1
data/lib/puppet/pops/parser/interpolation_support.rb +4 -4
data/lib/puppet/pops/parser/locator.rb +1 -1
data/lib/puppet/pops/parser/pn_parser.rb +17 -16
data/lib/puppet/pops/puppet_stack.rb +52 -48
data/lib/puppet/pops/types/p_sensitive_type.rb +1 -1
data/lib/puppet/pops/types/p_uri_type.rb +1 -1
data/lib/puppet/pops/types/string_converter.rb +10 -10
data/lib/puppet/pops/types/types.rb +3 -3
data/lib/puppet/property.rb +1 -1
data/lib/puppet/property/ensure.rb +1 -1
data/lib/puppet/provider/exec.rb +6 -2
data/lib/puppet/provider/nameservice/directoryservice.rb +1 -1
data/lib/puppet/provider/nameservice/pw.rb +2 -2
data/lib/puppet/provider/package/apt.rb +5 -1
data/lib/puppet/provider/package/dnfmodule.rb +87 -0
data/lib/puppet/provider/package/dpkg.rb +31 -17
data/lib/puppet/provider/package/openbsd.rb +1 -1
data/lib/puppet/provider/package/pip.rb +34 -9
data/lib/puppet/provider/package/portage.rb +1 -1
data/lib/puppet/provider/package/rpm.rb +5 -5
data/lib/puppet/provider/package/windows/package.rb +1 -1
data/lib/puppet/provider/package/yum.rb +1 -1
data/lib/puppet/provider/parsedfile.rb +1 -1
data/lib/puppet/provider/service/daemontools.rb +9 -9
data/lib/puppet/provider/service/openbsd.rb +1 -1
data/lib/puppet/provider/service/rcng.rb +2 -2
data/lib/puppet/provider/service/runit.rb +2 -8
data/lib/puppet/provider/service/systemd.rb +10 -10
data/lib/puppet/provider/user/directoryservice.rb +1 -1
data/lib/puppet/provider/user/user_role_add.rb +1 -1
data/lib/puppet/provider/user/useradd.rb +22 -13
data/lib/puppet/provider/user/windows_adsi.rb +4 -5
data/lib/puppet/reference/indirection.rb +2 -2
data/lib/puppet/reference/metaparameter.rb +1 -3
data/lib/puppet/reference/providers.rb +1 -1
data/lib/puppet/reference/type.rb +3 -9
data/lib/puppet/reports.rb +1 -1
data/lib/puppet/resource.rb +1 -1
data/lib/puppet/resource/catalog.rb +1 -1
data/lib/puppet/rest/errors.rb +1 -0
data/lib/puppet/rest/response.rb +1 -0
data/lib/puppet/rest/route.rb +1 -0
data/lib/puppet/rest/routes.rb +3 -0
data/lib/puppet/runtime.rb +25 -0
data/lib/puppet/settings.rb +3 -3
data/lib/puppet/settings/environment_conf.rb +1 -0
data/lib/puppet/ssl/host.rb +1 -1
data/lib/puppet/ssl/oids.rb +1 -1
data/lib/puppet/ssl/state_machine.rb +23 -15
data/lib/puppet/test/test_helper.rb +1 -1
data/lib/puppet/transaction/report.rb +1 -1
data/lib/puppet/trusted_external.rb +13 -0
data/lib/puppet/type.rb +1 -3
data/lib/puppet/type/exec.rb +7 -3
data/lib/puppet/type/file.rb +1 -2
data/lib/puppet/type/file/source.rb +2 -2
data/lib/puppet/type/package.rb +10 -3
data/lib/puppet/type/schedule.rb +1 -1
data/lib/puppet/type/service.rb +1 -1
data/lib/puppet/util.rb +2 -2
data/lib/puppet/util/command_line/trollop.rb +1 -1
data/lib/puppet/util/http_proxy.rb +2 -10
data/lib/puppet/util/log.rb +2 -2
data/lib/puppet/util/log/destinations.rb +2 -2
data/lib/puppet/util/logging.rb +2 -2
data/lib/puppet/util/metric.rb +2 -2
data/lib/puppet/util/platform.rb +15 -4
data/lib/puppet/util/provider_features.rb +2 -4
data/lib/puppet/util/rdoc.rb +1 -1
data/lib/puppet/util/reference.rb +1 -1
data/lib/puppet/util/resource_template.rb +1 -1
data/lib/puppet/util/selinux.rb +3 -1
data/lib/puppet/util/windows/registry.rb +7 -5
data/lib/puppet/vendor.rb +1 -1
data/lib/puppet/vendor/require_vendored.rb +0 -1
data/lib/puppet/version.rb +1 -1
data/lib/puppet/x509/cert_provider.rb +4 -1
data/locales/puppet.pot +279 -203
data/man/man5/puppet.conf.5 +30 -8
data/man/man8/puppet-agent.8 +4 -1
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +1 -1
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +1 -1
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +1 -1
data/man/man8/puppet-node.8 +1 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +1 -1
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/unit/provider/package/dnfmodule/dnf-module-list-installed.txt +11 -0
data/spec/integration/configurer_spec.rb +52 -0
data/spec/lib/puppet/certificate_factory.rb +2 -2
data/spec/spec_helper.rb +24 -0
data/spec/unit/application/device_spec.rb +6 -0
data/spec/unit/application/ssl_spec.rb +4 -7
data/spec/unit/configurer_spec.rb +1 -0
data/spec/unit/context/trusted_information_spec.rb +41 -2
data/spec/unit/http/client_spec.rb +440 -0
data/spec/unit/http/resolver_spec.rb +45 -0
data/spec/unit/http/service/ca_spec.rb +106 -0
data/spec/unit/http/service_spec.rb +32 -0
data/spec/unit/http/session_spec.rb +102 -0
data/spec/unit/indirector/resource/ral_spec.rb +4 -4
data/spec/unit/network/http/connection_spec.rb +119 -145
data/spec/unit/network/http/site_spec.rb +7 -0
data/spec/unit/parser/scope_spec.rb +10 -0
data/spec/unit/pops/loaders/loaders_spec.rb +13 -2
data/spec/unit/pops/loaders/module_loaders_spec.rb +37 -0
data/spec/unit/provider/exec_spec.rb +209 -0
data/spec/unit/provider/package/dnfmodule_spec.rb +186 -0
data/spec/unit/provider/package/dpkg_spec.rb +238 -78
data/spec/unit/provider/package/pip_spec.rb +51 -6
data/spec/unit/provider/service/daemontools_spec.rb +24 -0
data/spec/unit/provider/service/runit_spec.rb +24 -0
data/spec/unit/provider/service/systemd_spec.rb +25 -25
data/spec/unit/provider/user/useradd_spec.rb +46 -0
data/spec/unit/ssl/host_spec.rb +0 -5
data/spec/unit/ssl/state_machine_spec.rb +16 -10
data/spec/unit/type/exec_spec.rb +6 -12
data/spec/unit/type/file_spec.rb +9 -4
data/spec/unit/type/package_spec.rb +5 -0
data/spec/unit/util/execution_spec.rb +16 -0
data/spec/unit/util/http_proxy_spec.rb +79 -27
data/spec/unit/util/log/destinations_spec.rb +7 -3
metadata +45 -22
data/lib/puppet/pops/loader/null_loader.rb +0 -60
data/lib/puppet/vendor/deep_merge/CHANGELOG +0 -45
data/lib/puppet/vendor/deep_merge/Gemfile +0 -3
data/lib/puppet/vendor/deep_merge/LICENSE +0 -21
data/lib/puppet/vendor/deep_merge/PUPPET_README.md +0 -6
data/lib/puppet/vendor/deep_merge/README.md +0 -113
data/lib/puppet/vendor/deep_merge/Rakefile +0 -19
data/lib/puppet/vendor/deep_merge/deep_merge.gemspec +0 -35
data/lib/puppet/vendor/deep_merge/lib/deep_merge.rb +0 -2
data/lib/puppet/vendor/deep_merge/lib/deep_merge/core.rb +0 -210
data/lib/puppet/vendor/deep_merge/lib/deep_merge/deep_merge_hash.rb +0 -28
data/lib/puppet/vendor/deep_merge/lib/deep_merge/rails_compat.rb +0 -27
data/lib/puppet/vendor/deep_merge/test/test_deep_merge.rb +0 -608
data/lib/puppet/vendor/load_deep_merge.rb +0 -1
data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_get/should_yield_to_the_block.yml +0 -24
data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_head/should_yield_to_the_block.yml +0 -24
data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_post/should_yield_to_the_block.yml +0 -24

data/spec/unit/application/device_spec.rb CHANGED

@@ -170,6 +170,12 @@ describe Puppet::Application::Device do
       device.handle_facts(true)
     end
+    it "should register ssl OIDs" do
+      expect(Puppet::SSL::Oids).to receive(:register_puppet_oids)
+      device.setup
+    end
   end
   describe "during setup" do

data/spec/unit/application/ssl_spec.rb CHANGED

@@ -1,6 +1,5 @@
 require 'spec_helper'
 require 'puppet/application/ssl'
-require 'webmock/rspec'
 require 'openssl'
 require 'puppet/test_ca'
@@ -23,11 +22,6 @@ describe Puppet::Application::Ssl, unless: Puppet::Util::Platform.jruby? do
   end
   before do
-    WebMock.disable_net_connect!
-    allow_any_instance_of(Net::HTTP).to receive(:start)
-    allow_any_instance_of(Net::HTTP).to receive(:finish)
     Puppet.settings.use(:main)
     Puppet[:certname] = name
     Puppet[:vardir] = tmpdir("ssl_testing")
@@ -126,8 +120,11 @@ describe Puppet::Application::Ssl, unless: Puppet::Util::Platform.jruby? do
     end
     it 'registers OIDs' do
+      stub_request(:put, %r{puppet-ca/v1/certificate_request/#{name}}).to_return(status: 200)
+      stub_request(:get, %r{puppet-ca/v1/certificate/#{name}}).to_return(status: 404)
       expect(Puppet::SSL::Oids).to receive(:register_puppet_oids)
-      expects_command_to_fail(%r{Failed to submit certificate request})
+      expects_command_to_pass(%r{Submitted certificate request for '#{name}' to https://.*})
     end
     it 'submits the CSR and saves it locally' do

data/spec/unit/configurer_spec.rb CHANGED

@@ -749,6 +749,7 @@ describe Puppet::Configurer do
       end
       it "should not make a node request" do
+        expects_new_catalog_only(@catalog)
         expect(Puppet::Node.indirection).not_to receive(:find)
         @agent.run

data/spec/unit/context/trusted_information_spec.rb CHANGED

@@ -30,6 +30,27 @@ describe Puppet::Context::TrustedInformation, :unless => RUBY_PLATFORM == 'java'
     cert
   end
+  let(:external_data) {
+    {
+      'string' => 'a',
+      'integer' => 1,
+      'boolean' => true,
+      'hash' => { 'one' => 'two' },
+      'array' => ['b', 2, {}]
+    }
+  }
+  def allow_external_trusted_data(certname, data)
+    Puppet[:trusted_external_command] = '/usr/bin/generate_data.sh'
+    allow(Puppet::Util::Execution).to receive(:execute).with(['/usr/bin/generate_data.sh', certname], anything).and_return(JSON.dump(data))
+  end
+  it "defaults external to an empty hash" do
+    trusted = Puppet::Context::TrustedInformation.new(false, 'ignored', nil)
+    expect(trusted.external).to eq({})
+  end
   context "when remote" do
     it "has no cert information when it isn't authenticated" do
       trusted = Puppet::Context::TrustedInformation.remote(false, 'ignored', nil)
@@ -61,6 +82,14 @@ describe Puppet::Context::TrustedInformation, :unless => RUBY_PLATFORM == 'java'
       expect(trusted.certname).to eq('cert name')
       expect(trusted.extensions).to eq({})
     end
+    it 'contains external trusted data' do
+      allow_external_trusted_data('cert name', external_data)
+      trusted = Puppet::Context::TrustedInformation.remote(true, 'cert name', nil)
+      expect(trusted.external).to eq(external_data)
+    end
   end
   context "when local" do
@@ -85,6 +114,14 @@ describe Puppet::Context::TrustedInformation, :unless => RUBY_PLATFORM == 'java'
       expect(trusted.hostname).to be_nil
       expect(trusted.domain).to be_nil
     end
+    it 'contains external trusted data' do
+      allow_external_trusted_data('cert name', external_data)
+      trusted = Puppet::Context::TrustedInformation.remote(true, 'cert name', nil)
+      expect(trusted.external).to eq(external_data)
+    end
   end
   it "converts itself to a hash" do
@@ -98,7 +135,8 @@ describe Puppet::Context::TrustedInformation, :unless => RUBY_PLATFORM == 'java'
         '1.3.6.1.4.1.34380.1.2.2' => 'more CSR specific info',
       },
       'hostname' => 'cert name',
-      'domain' => nil
+      'domain' => nil,
+      'external' => {},
     })
   end
@@ -113,7 +151,8 @@ describe Puppet::Context::TrustedInformation, :unless => RUBY_PLATFORM == 'java'
         '1.3.6.1.4.1.34380.1.2.2' => 'more CSR specific info',
       },
       'hostname' => 'hostname',
-      'domain' => 'domain.long'
+      'domain' => 'domain.long',
+      'external' => {},
     })
   end

data/spec/unit/http/client_spec.rb ADDED

@@ -0,0 +1,440 @@
+require 'spec_helper'
+require 'webmock/rspec'
+require 'puppet/http'
+describe Puppet::HTTP::Client do
+  let(:uri) { URI.parse('https://www.example.com') }
+  let(:client) { described_class.new }
+  let(:credentials) { ['user', 'pass'] }
+  it 'creates unique sessions' do
+    expect(client.create_session).to_not eq(client.create_session)
+  end
+  context "when connecting" do
+    it 'connects to HTTP URLs' do
+      uri = URI.parse('http://www.example.com')
+      client.connect(uri) do |http|
+        expect(http.address).to eq('www.example.com')
+        expect(http.port).to eq(80)
+        expect(http).to_not be_use_ssl
+      end
+    end
+    it 'connects to HTTPS URLs' do
+      client.connect(uri) do |http|
+        expect(http.address).to eq('www.example.com')
+        expect(http.port).to eq(443)
+        expect(http).to be_use_ssl
+      end
+    end
+    it 'raises ConnectionError if the connection is refused' do
+      allow_any_instance_of(Net::HTTP).to receive(:start).and_raise(Errno::ECONNREFUSED)
+      expect {
+        client.connect(uri)
+      }.to raise_error(Puppet::HTTP::ConnectionError, %r{Failed to connect to https://www.example.com:})
+    end
+  end
+  context 'after connecting' do
+    def expect_http_error(cause, expected_message)
+      expect {
+        client.connect(uri) do |_|
+          raise cause, 'whoops'
+        end
+      }.to raise_error(Puppet::HTTP::HTTPError, expected_message)
+    end
+    it 're-raises HTTPError' do
+      expect_http_error(Puppet::HTTP::HTTPError, 'whoops')
+    end
+    it 'raises HTTPError if connection is interrupted while reading' do
+      expect_http_error(EOFError, %r{Request to https://www.example.com interrupted after .* seconds})
+    end
+    it 'raises HTTPError if connection times out' do
+      expect_http_error(Net::ReadTimeout, %r{Request to https://www.example.com timed out after .* seconds})
+    end
+    it 'raises HTTPError if connection fails' do
+      expect_http_error(ArgumentError, %r{Request to https://www.example.com failed after .* seconds})
+    end
+  end
+  context "when closing" do
+    it "closes all connections in the pool" do
+      pool = double('pool')
+      expect(pool).to receive(:close)
+      client = described_class.new(pool: pool)
+      client.close
+    end
+  end
+  context "for GET requests" do
+    it "includes default HTTP headers" do
+      stub_request(:get, uri).with(headers: {'X-Puppet-Version' => /./, 'User-Agent' => /./})
+      client.get(uri)
+    end
+    it "stringifies keys and encodes values in the query" do
+      stub_request(:get, uri).with(query: "foo=bar%3Dbaz")
+      client.get(uri, params: {:foo => "bar=baz"})
+    end
+    it "merges custom headers with default ones" do
+      stub_request(:get, uri).with(headers: { 'X-Foo' => 'Bar', 'X-Puppet-Version' => /./, 'User-Agent' => /./ })
+      client.get(uri, headers: {'X-Foo' => 'Bar'})
+    end
+    it "returns the response" do
+      stub_request(:get, uri)
+      response = client.get(uri)
+      expect(response).to be_an_instance_of(Puppet::HTTP::Response)
+      expect(response).to be_success
+      expect(response.code).to eq(200)
+    end
+    it "returns the entire response body" do
+      stub_request(:get, uri).to_return(body: "abc")
+      expect(client.get(uri).body).to eq("abc")
+    end
+    it "streams the response body when a block is given" do
+      stub_request(:get, uri).to_return(body: "abc")
+      io = StringIO.new
+      client.get(uri) do |response|
+        response.read_body do |data|
+          io.write(data)
+        end
+      end
+      expect(io.string).to eq("abc")
+    end
+  end
+  context "for PUT requests" do
+    it "includes default HTTP headers" do
+      stub_request(:put, uri).with(headers: {'X-Puppet-Version' => /./, 'User-Agent' => /./})
+      client.put(uri, content_type: 'text/plain', body: "")
+    end
+    it "stringifies keys and encodes values in the query" do
+      stub_request(:put, "https://www.example.com").with(query: "foo=bar%3Dbaz")
+      client.put(uri, params: {:foo => "bar=baz"}, content_type: 'text/plain', body: "")
+    end
+    it "includes custom headers" do
+      stub_request(:put, "https://www.example.com").with(headers: { 'X-Foo' => 'Bar' })
+      client.put(uri, headers: {'X-Foo' => 'Bar'}, content_type: 'text/plain', body: "")
+    end
+    it "returns the response" do
+      stub_request(:put, uri)
+      response = client.put(uri, content_type: 'text/plain', body: "")
+      expect(response).to be_an_instance_of(Puppet::HTTP::Response)
+      expect(response).to be_success
+      expect(response.code).to eq(200)
+    end
+    it "sets content-length and content-type for the body" do
+      stub_request(:put, uri).with(headers: {"Content-Length" => "5", "Content-Type" => "text/plain"})
+      client.put(uri, content_type: 'text/plain', body: "hello")
+    end
+  end
+  context "Basic Auth" do
+    it "submits credentials for GET requests" do
+      stub_request(:get, uri).with(basic_auth: credentials)
+      client.get(uri, user: 'user', password: 'pass')
+    end
+    it "submits credentials for PUT requests" do
+      stub_request(:put, uri).with(basic_auth: credentials)
+      client.put(uri, content_type: 'text/plain', body: "hello", user: 'user', password: 'pass')
+    end
+    it "returns response containing access denied" do
+      stub_request(:get, uri).with(basic_auth: credentials).to_return(status: [403, "Ye Shall Not Pass"])
+      response = client.get(uri, user: 'user', password: 'pass')
+      expect(response.code).to eq(403)
+      expect(response.reason).to eq("Ye Shall Not Pass")
+      expect(response).to_not be_success
+    end
+    it 'omits basic auth if user is nil' do
+      stub_request(:get, uri).with do |req|
+        expect(req.headers).to_not include('Authorization')
+      end
+      client.get(uri, user: nil, password: 'pass')
+    end
+    it 'omits basic auth if password is nil' do
+      stub_request(:get, uri).with do |req|
+        expect(req.headers).to_not include('Authorization')
+      end
+      client.get(uri, user: 'user', password: nil)
+    end
+  end
+  context "when redirecting" do
+    let(:start_url)  { URI("https://www.example.com:8140/foo") }
+    let(:bar_url)  { "https://www.example.com:8140/bar" }
+    let(:baz_url) { "https://www.example.com:8140/baz" }
+    let(:other_host)  { "https://other.example.com:8140/qux" }
+    def redirect_to(status: 302, url:)
+      { status: status, headers: { 'Location' => url }, body: "Redirected to #{url}" }
+    end
+    it "preserves GET method" do
+      stub_request(:get, start_url).to_return(redirect_to(url: bar_url))
+      stub_request(:get, bar_url).to_return(status: 200)
+      response = client.get(start_url)
+      expect(response).to be_success
+    end
+    it "preserves PUT method" do
+      stub_request(:put, start_url).to_return(redirect_to(url: bar_url))
+      stub_request(:put, bar_url).to_return(status: 200)
+      response = client.put(start_url, body: "", content_type: 'text/plain')
+      expect(response).to be_success
+    end
+    it "preserves query parameters" do
+      query = { 'debug' => true }
+      stub_request(:get, start_url).with(query: query).to_return(redirect_to(url: bar_url))
+      stub_request(:get, bar_url).with(query: query).to_return(status: 200)
+      response = client.get(start_url, params: query)
+      expect(response).to be_success
+    end
+    it "preserves custom and default headers when redirecting" do
+      headers = { 'X-Foo' => 'Bar', 'X-Puppet-Version' => Puppet.version }
+      stub_request(:get, start_url).with(headers: headers).to_return(redirect_to(url: bar_url))
+      stub_request(:get, bar_url).with(headers: headers).to_return(status: 200)
+      response = client.get(start_url, headers: headers)
+      expect(response).to be_success
+    end
+    it "preserves basic authorization" do
+      stub_request(:get, start_url).with(basic_auth: credentials).to_return(redirect_to(url: bar_url))
+      stub_request(:get, bar_url).with(basic_auth: credentials).to_return(status: 200)
+      client.get(start_url, user: 'user', password: 'pass')
+    end
+    it "redirects given a relative location" do
+      relative_url = "/people.html"
+      stub_request(:get, start_url).to_return(redirect_to(url: relative_url))
+      stub_request(:get, "https://www.example.com:8140/people.html").to_return(status: 200)
+      response = client.get(start_url)
+      expect(response).to be_success
+    end
+    it "preserves query parameters given a relative location" do
+      relative_url = "/people.html"
+      query = { 'debug' => true }
+      stub_request(:get, start_url).with(query: query).to_return(redirect_to(url: relative_url))
+      stub_request(:get, "https://www.example.com:8140/people.html").with(query: query).to_return(status: 200)
+      response = client.get(start_url, params: query)
+      expect(response).to be_success
+    end
+    it "preserves request body for each request" do
+      data = 'some data'
+      stub_request(:put, start_url).with(body: data).to_return(redirect_to(url: bar_url))
+      stub_request(:put, bar_url).with(body: data).to_return(status: 200)
+      response = client.put(start_url, body: data, content_type: 'text/plain')
+      expect(response).to be_success
+    end
+    it "returns the body from the final response" do
+      stub_request(:get, start_url).to_return(redirect_to(url: bar_url))
+      stub_request(:get, bar_url).to_return(status: 200, body: 'followed')
+      response = client.get(start_url)
+      expect(response.body).to eq('followed')
+    end
+    [301, 307].each do |code|
+      it "also redirects on #{code}" do
+        stub_request(:get, start_url).to_return(redirect_to(status: code, url: bar_url))
+        stub_request(:get, bar_url).to_return(status: 200)
+        response = client.get(start_url)
+        expect(response).to be_success
+      end
+    end
+    [303, 308].each do |code|
+      it "returns an error on #{code}" do
+        stub_request(:get, start_url).to_return(redirect_to(status: code, url: bar_url))
+        response = client.get(start_url)
+        expect(response.code).to eq(code)
+        expect(response).to_not be_success
+      end
+    end
+    it "raises an error if the Location header is missing" do
+      stub_request(:get, start_url).to_return(status: 302)
+      expect {
+        client.get(start_url)
+      }.to raise_error(Puppet::HTTP::ProtocolError, "Location response header is missing")
+    end
+    it "raises an error if the Location header is invalid" do
+      stub_request(:get, start_url).to_return(redirect_to(status: 302, url: 'http://foo"bar'))
+      expect {
+        client.get(start_url)
+      }.to raise_error(Puppet::HTTP::ProtocolError, /Location URI is invalid/)
+    end
+    it "raises an error if limit is 0 and we're asked to follow" do
+      stub_request(:get, start_url).to_return(redirect_to(url: bar_url))
+      client = described_class.new(redirect_limit: 0)
+      expect {
+        client.get(start_url)
+      }.to raise_error(Puppet::HTTP::TooManyRedirects, %r{Too many HTTP redirections for https://www.example.com:8140})
+    end
+    it "raises an error if asked to follow redirects more times than the limit" do
+      stub_request(:get, start_url).to_return(redirect_to(url: bar_url))
+      stub_request(:get, bar_url).to_return(redirect_to(url: baz_url))
+      client = described_class.new(redirect_limit: 1)
+      expect {
+        client.get(start_url)
+      }.to raise_error(Puppet::HTTP::TooManyRedirects, %r{Too many HTTP redirections for https://www.example.com:8140})
+    end
+    it "follows multiple redirects if equal to or less than the redirect limit" do
+      stub_request(:get, start_url).to_return(redirect_to(url: bar_url))
+      stub_request(:get, bar_url).to_return(redirect_to(url: baz_url))
+      stub_request(:get, baz_url).to_return(status: 200)
+      client = described_class.new(redirect_limit: 2)
+      response = client.get(start_url)
+      expect(response).to be_success
+    end
+    it "redirects to a different host" do
+      stub_request(:get, start_url).to_return(redirect_to(url: other_host))
+      stub_request(:get, other_host).to_return(status: 200)
+      response = client.get(start_url)
+      expect(response).to be_success
+    end
+    it "redirects from http to https" do
+      http = URI("http://example.com/foo")
+      https = URI("https://example.com/bar")
+      stub_request(:get, http).to_return(redirect_to(url: https))
+      stub_request(:get, https).to_return(status: 200)
+      response = client.get(http)
+      expect(response).to be_success
+    end
+    it "redirects from https to http" do
+      http = URI("http://example.com/foo")
+      https = URI("https://example.com/bar")
+      stub_request(:get, https).to_return(redirect_to(url: http))
+      stub_request(:get, http).to_return(status: 200)
+      response = client.get(https)
+      expect(response).to be_success
+    end
+  end
+  context "when response indicates an overloaded server" do
+    def retry_after(datetime)
+      stub_request(:get, uri)
+        .to_return(status: [503, 'Service Unavailable'], headers: {'Retry-After' => datetime}).then
+        .to_return(status: 200)
+    end
+    it "returns a 503 response if Retry-After is not set" do
+      stub_request(:get, uri).to_return(status: [503, 'Service Unavailable'])
+      expect(client.get(uri).code).to eq(503)
+    end
+    it "raises if Retry-After is not convertible to an Integer or RFC 2822 Date" do
+      stub_request(:get, uri).to_return(status: [503, 'Service Unavailable'], headers: {'Retry-After' => 'foo'})
+      expect {
+        client.get(uri)
+      }.to raise_error(Puppet::HTTP::ProtocolError, /Failed to parse Retry-After header 'foo' as an integer or RFC 2822 date/)
+    end
+    it "should sleep and retry if Retry-After is an Integer" do
+      retry_after('42')
+      expect(::Kernel).to receive(:sleep).with(42)
+      client.get(uri)
+    end
+    it "should sleep and retry if Retry-After is an RFC 2822 Date" do
+      retry_after('Wed, 13 Apr 2005 15:18:05 GMT')
+      now = DateTime.new(2005, 4, 13, 8, 17, 5, '-07:00')
+      allow(DateTime).to receive(:now).and_return(now)
+      expect(::Kernel).to receive(:sleep).with(60)
+      client.get(uri)
+    end
+    it "should sleep for no more than the Puppet runinterval" do
+      retry_after('60')
+      Puppet[:runinterval] = 30
+      expect(::Kernel).to receive(:sleep).with(30)
+      client.get(uri)
+    end
+    it "should sleep for 0 seconds if the RFC 2822 date has past" do
+      retry_after('Wed, 13 Apr 2005 15:18:05 GMT')
+      expect(::Kernel).to receive(:sleep).with(0)
+      client.get(uri)
+    end
+  end
+end