puppet 6.11.1 → 6.12.0

data/spec/unit/http/resolver_spec.rb

@@ -9,22 +9,60 @@ describe Puppet::HTTP::Resolver do
   let(:uri) { URI.parse('https://www.example.com') }
 
   context 'when resolving using settings' do
-    let(:subject) { Puppet::HTTP::Resolver::Settings.new }
+    let(:subject) { Puppet::HTTP::Resolver::Settings.new(client) }
 
-    it 'yields a service based on the current ca_server and ca_port settings' do
+    it 'returns a service based on the current ca_server and ca_port settings' do
       Puppet[:ca_server] = 'ca.example.com'
       Puppet[:ca_port] = 8141
 
-      subject.resolve(session, :ca) do |service|
-        expect(service).to be_an_instance_of(Puppet::HTTP::Service::Ca)
-        expect(service.url.to_s).to eq("https://ca.example.com:8141/puppet-ca/v1")
-      end
+      service = subject.resolve(session, :ca)
+      expect(service).to be_an_instance_of(Puppet::HTTP::Service::Ca)
+      expect(service.url.to_s).to eq("https://ca.example.com:8141/puppet-ca/v1")
+    end
+  end
+
+  context 'when resolving using server_list' do
+    before :each do
+      Puppet[:server_list] = 'ca.example.com:8141,apple.example.com'
+    end
+    let(:subject) { Puppet::HTTP::Resolver::ServerList.new(client, server_list_setting: Puppet.settings.setting(:server_list), default_port: 8142, services: [:puppet, :ca]) }
+
+    it 'returns a service based on the current server_list setting' do
+      stub_request(:get, "https://ca.example.com:8141/status/v1/simple/master").to_return(status: 200)
+
+      service = subject.resolve(session, :ca)
+      expect(service).to be_an_instance_of(Puppet::HTTP::Service::Ca)
+      expect(service.url.to_s).to eq("https://ca.example.com:8141/puppet-ca/v1")
+    end
+
+    it 'returns a service based on the current server_list setting if the server returns any success codes' do
+      stub_request(:get, "https://ca.example.com:8141/status/v1/simple/master").to_return(status: 202)
+
+      service = subject.resolve(session, :ca)
+      expect(service).to be_an_instance_of(Puppet::HTTP::Service::Ca)
+      expect(service.url.to_s).to eq("https://ca.example.com:8141/puppet-ca/v1")
+    end
+
+    it 'falls fails if no servers in server_list are accessible' do
+      stub_request(:get, "https://ca.example.com:8141/status/v1/simple/master").to_return(status: 503)
+      stub_request(:get, "https://apple.example.com:8142/status/v1/simple/master").to_return(status: 503)
+
+      expect { subject.resolve(session, :ca) }.to raise_error(Puppet::Error, /^Could not select a functional puppet master from server_list:/)
+    end
+
+    it 'cycles through server_list until a valid server is found' do
+      stub_request(:get, "https://ca.example.com:8141/status/v1/simple/master").to_return(status: 503)
+      stub_request(:get, "https://apple.example.com:8142/status/v1/simple/master").to_return(status: 200)
+
+      service = subject.resolve(session, :ca)
+      expect(service).to be_an_instance_of(Puppet::HTTP::Service::Ca)
+      expect(service.url.to_s).to eq("https://apple.example.com:8142/puppet-ca/v1")
     end
   end
 
   context 'when resolving using SRV' do
     let(:dns) { double('dns') }
-    let(:subject) { Puppet::HTTP::Resolver::SRV.new(domain: 'example.com', dns: dns) }
+    let(:subject) { Puppet::HTTP::Resolver::SRV.new(client, domain: 'example.com', dns: dns) }
 
     def stub_srv(host, port)
       srv = Resolv::DNS::Resource::IN::SRV.new(0, 0, port, host)
@@ -33,13 +71,12 @@ describe Puppet::HTTP::Resolver do
       allow(dns).to receive(:getresources).with("_x-puppet-ca._tcp.example.com", Resolv::DNS::Resource::IN::SRV).and_return([srv])
     end
 
-    it 'yields a service based on an SRV record' do
+    it 'returns a service based on an SRV record' do
       stub_srv('ca1.example.com', 8142)
 
-      subject.resolve(session, :ca) do |service|
-        expect(service).to be_an_instance_of(Puppet::HTTP::Service::Ca)
-        expect(service.url.to_s).to eq("https://ca1.example.com:8142/puppet-ca/v1")
-      end
+      service = subject.resolve(session, :ca)
+      expect(service).to be_an_instance_of(Puppet::HTTP::Service::Ca)
+      expect(service.url.to_s).to eq("https://ca1.example.com:8142/puppet-ca/v1")
     end
   end
 end

data/spec/unit/http/service/ca_spec.rb

@@ -5,13 +5,64 @@ require 'puppet/http'
 describe Puppet::HTTP::Service::Ca do
   let(:ssl_context) { Puppet::SSL::SSLContext.new }
   let(:client) { Puppet::HTTP::Client.new(ssl_context: ssl_context) }
-  let(:base_url) { URI.parse('https://www.example.com') }
-  let(:subject) { described_class.new(client, base_url) }
+  let(:subject) { client.create_session.route_to(:ca) }
+
+  before :each do
+    Puppet[:ca_server] = 'www.example.com'
+    Puppet[:ca_port] = 443
+  end
+
+  context 'when making requests' do
+    let(:uri) {"https://www.example.com:443/puppet-ca/v1/certificate/ca"}
+
+    it 'includes default HTTP headers' do
+      stub_request(:get, uri).with do |request|
+        expect(request.headers).to include({'X-Puppet-Version' => /./, 'User-Agent' => /./})
+        expect(request.headers).to_not include('X-Puppet-Profiling')
+      end
+
+      subject.get_certificate('ca')
+    end
+
+
+    it 'includes the X-Puppet-Profiling header when Puppet[:profile] is true' do
+      stub_request(:get, uri).with(headers: {'X-Puppet-Version' => /./, 'User-Agent' => /./, 'X-Puppet-Profiling' => 'true'})
+
+      Puppet[:profile] = true
+
+      subject.get_certificate('ca')
+    end
+  end
+
+  context 'when routing to the CA service' do
+    let(:cert) { cert_fixture('ca.pem') }
+    let(:pem) { cert.to_pem }
+
+    it 'defaults the server and port based on settings' do
+      Puppet[:ca_server] = 'ca.example.com'
+      Puppet[:ca_port] = 8141
+
+      stub_request(:get, "https://ca.example.com:8141/puppet-ca/v1/certificate/ca").to_return(body: pem)
+
+      subject.get_certificate('ca')
+    end
+
+    it 'fallbacks to server and masterport' do
+      Puppet[:ca_server] = nil
+      Puppet[:ca_port] = nil
+      Puppet[:server] = 'ca2.example.com'
+      Puppet[:masterport] = 8142
+
+      stub_request(:get, "https://ca2.example.com:8142/puppet-ca/v1/certificate/ca").to_return(body: pem)
+
+      subject.get_certificate('ca')
+    end
+  end
 
   context 'when getting certificates' do
     let(:cert) { cert_fixture('ca.pem') }
     let(:pem) { cert.to_pem }
-    let(:url) { "https://www.example.com/certificate/ca" }
+    let(:url) { "https://www.example.com/puppet-ca/v1/certificate/ca" }
 
     it 'gets a certificate from the "certificate" endpoint' do
       stub_request(:get, url).to_return(body: pem)
@@ -41,7 +92,7 @@ describe Puppet::HTTP::Service::Ca do
   context 'when getting CRLs' do
     let(:crl) { crl_fixture('crl.pem') }
     let(:pem) { crl.to_pem }
-    let(:url) { "https://www.example.com/certificate_revocation_list/ca" }
+    let(:url) { "https://www.example.com/puppet-ca/v1/certificate_revocation_list/ca" }
 
     it 'gets a CRL from "certificate_revocation_list" endpoint' do
       stub_request(:get, url).to_return(body: pem)
@@ -83,7 +134,7 @@ describe Puppet::HTTP::Service::Ca do
   context 'when submitting a CSR' do
     let(:request) { request_fixture('request.pem') }
     let(:pem) { request.to_pem }
-    let(:url) { "https://www.example.com/certificate_request/infinity" }
+    let(:url) { "https://www.example.com/puppet-ca/v1/certificate_request/infinity" }
 
     it 'submits a CSR to the "certificate_request" endpoint' do
       stub_request(:put, url).with(body: pem, headers: { 'Content-Type' => 'text/plain' })

data/spec/unit/http/service/report_spec.rb

@@ -0,0 +1,100 @@
+require 'spec_helper'
+require 'webmock/rspec'
+require 'puppet/http'
+
+describe Puppet::HTTP::Service::Report do
+  let(:ssl_context) { Puppet::SSL::SSLContext.new }
+  let(:client) { Puppet::HTTP::Client.new(ssl_context: ssl_context) }
+  let(:subject) { client.create_session.route_to(:report) }
+  let(:environment) { Puppet::Node::Environment.create(:testing, []) }
+  let(:report) { Puppet::Transaction::Report.new }
+
+  before :each do
+    Puppet[:report_server] = 'www.example.com'
+    Puppet[:report_port] = 443
+  end
+
+  context 'when making requests' do
+    let(:uri) {"https://www.example.com:443/puppet/v3/report/report?environment=testing"}
+
+    it 'includes default HTTP headers' do
+      stub_request(:put, uri).with do |request|
+        expect(request.headers).to include({'X-Puppet-Version' => /./, 'User-Agent' => /./})
+        expect(request.headers).to_not include('X-Puppet-Profiling')
+      end
+
+      subject.put_report('report', report, environment: environment)
+    end
+
+    it 'includes the X-Puppet-Profiling header when Puppet[:profile] is true' do
+      stub_request(:put, uri).with(headers: {'X-Puppet-Version' => /./, 'User-Agent' => /./, 'X-Puppet-Profiling' => 'true'})
+
+      Puppet[:profile] = true
+
+      subject.put_report('report', report, environment: environment)
+    end
+  end
+
+  context 'when routing to the report service' do
+    it 'defaults the server and port based on settings' do
+      Puppet[:report_server] = 'report.example.com'
+      Puppet[:report_port] = 8141
+
+      stub_request(:put, "https://report.example.com:8141/puppet/v3/report/report?environment=testing")
+
+      subject.put_report('report', report, environment: environment)
+    end
+
+    it 'fallbacks to server and masterport' do
+      Puppet[:report_server] = nil
+      Puppet[:report_port] = nil
+      Puppet[:server] = 'report2.example.com'
+      Puppet[:masterport] = 8142
+
+      stub_request(:put, "https://report2.example.com:8142/puppet/v3/report/report?environment=testing")
+
+      subject.put_report('report', report, environment: environment)
+    end
+  end
+
+  context 'when submitting a report' do
+    let(:url) { "https://www.example.com/puppet/v3/report/infinity?environment=testing" }
+
+    it 'submits a report to the "report" endpoint' do
+      stub_request(:put, url)
+        .with(
+          headers: {
+            'Accept'=>'application/json, application/x-msgpack, text/pson',
+            'Content-Type'=>'application/json',
+           }).
+         to_return(status: 200, body: "", headers: {})
+
+      subject.put_report('infinity', report, environment: environment)
+    end
+
+    it 'raises response error if unsuccessful' do
+      stub_request(:put, url).to_return(status: [400, 'Bad Request'], headers: {'X-Puppet-Version' => '6.1.8' })
+
+      expect {
+        subject.put_report('infinity', report, environment: environment)
+      }.to raise_error do |err|
+        expect(err).to be_an_instance_of(Puppet::HTTP::ResponseError)
+        expect(err.message).to eq('Bad Request')
+        expect(err.response.code).to eq(400)
+      end
+    end
+
+    it 'raises an error if unsuccessful, the server version is < 5, and the current serialization format is not pson' do
+      Puppet[:preferred_serialization_format] = 'json'
+
+      stub_request(:put, url).to_return(status: [400, 'Bad Request'], headers: {'X-Puppet-Version' => '4.2.3' })
+
+      expect {
+        subject.put_report('infinity', report, environment: environment)
+      }.to raise_error do |err|
+        expect(err).to be_an_instance_of(Puppet::HTTP::ProtocolError)
+        expect(err.message).to eq('To submit reports to a server running puppetserver 4.2.3, set preferred_serialization_format to pson')
+      end
+    end
+  end
+end

data/spec/unit/http/service_spec.rb

@@ -29,4 +29,24 @@ describe Puppet::HTTP::Service do
 
     service.connect(ssl_context: other_ctx)
   end
+
+  it 'raises for unknown service names' do
+    expect {
+      described_class.create_service(client, :westbound)
+    }.to raise_error(ArgumentError, "Unknown service westbound")
+  end
+
+  [:ca].each do |name|
+    it "returns true for #{name}" do
+      expect(described_class.valid_name?(name)).to eq(true)
+    end
+  end
+
+  it "returns false when the service name is a string" do
+    expect(described_class.valid_name?("ca")).to eq(false)
+  end
+
+  it "returns false for unknown service names" do
+    expect(described_class.valid_name?(:westbound)).to eq(false)
+  end
 end

data/spec/unit/http/session_spec.rb

@@ -10,12 +10,12 @@ describe Puppet::HTTP::Session do
     double('good', url: uri, connect: nil)
   }
   let(:bad_service) {
-    service = double('good', url: uri)
+    service = double('bad', url: uri)
     allow(service).to receive(:connect).and_raise(Puppet::HTTP::ConnectionError, 'whoops')
     service
   }
 
-  class DummyResolver
+  class DummyResolver < Puppet::HTTP::Resolver
     attr_reader :count
 
     def initialize(service)
@@ -23,9 +23,9 @@ describe Puppet::HTTP::Session do
       @count = 0
     end
 
-    def resolve(session, name, &block)
+    def resolve(session, name, ssl_context: nil)
       @count += 1
-      yield @service
+      return @service if check_connection?(session, @service, ssl_context: ssl_context)
     end
   end
 
@@ -75,28 +75,63 @@ describe Puppet::HTTP::Session do
     end
   end
 
-  context 'when creating services' do
-    let(:session) { described_class.new(client, []) }
+  context 'when resolving using multiple resolvers' do
+    let(:session) { client.create_session }
 
-    it 'defaults the server and port based on settings' do
-      Puppet[:ca_server] = 'ca.example.com'
-      Puppet[:ca_port] = 8141
-      service = session.create_service(:ca)
+    it "prefers SRV records" do
+      Puppet[:use_srv_records] = true
+      Puppet[:server_list] = 'foo.example.com,bar.example.com,baz.example.com'
+      Puppet[:ca_server] = 'caserver.example.com'
 
-      expect(service.url.to_s).to eq("https://ca.example.com:8141/puppet-ca/v1")
+      allow_any_instance_of(Puppet::Network::Resolver).to receive(:each_srv_record).and_yield('mars.example.srv', 8140)
+      service = session.route_to(:ca)
+
+      expect(service.url).to eq(URI("https://mars.example.srv:8140/puppet-ca/v1"))
     end
 
-    it 'accepts server and port arguments' do
-      service = session.create_service(:ca, 'ca2.example.com', 8142)
+    it "next prefers :ca_server when explicitly set" do
+      Puppet[:use_srv_records] = true
+      Puppet[:server_list] = 'foo.example.com,bar.example.com,baz.example.com'
+      Puppet[:ca_server] = 'caserver.example.com'
+
+      service = session.route_to(:ca)
 
-      expect(service.url.to_s).to eq("https://ca2.example.com:8142/puppet-ca/v1")
+      expect(service.url).to eq(URI("https://caserver.example.com:8140/puppet-ca/v1"))
     end
 
-    it 'raises for unknown service names' do
+    it "next prefers the first successful connection from server_list" do
+      Puppet[:use_srv_records] = true
+      Puppet[:server_list] = 'foo.example.com,bar.example.com,baz.example.com'
+
+      allow_any_instance_of(Puppet::Network::Resolver).to receive(:each_srv_record)
+      stub_request(:get, "https://foo.example.com:8140/status/v1/simple/master").to_return(status: 500)
+      stub_request(:get, "https://bar.example.com:8140/status/v1/simple/master").to_return(status: 200)
+
+      service = session.route_to(:ca)
+
+      expect(service.url).to eq(URI("https://bar.example.com:8140/puppet-ca/v1"))
+    end
+
+    it "fails if server_list doesn't return anything valid" do
+      Puppet[:server_list] = 'foo.example.com,bar.example.com'
+
+      allow_any_instance_of(Puppet::Network::Resolver).to receive(:each_srv_record)
+      stub_request(:get, "https://foo.example.com:8140/status/v1/simple/master").to_return(status: 500)
+      stub_request(:get, "https://bar.example.com:8140/status/v1/simple/master").to_return(status: 500)
+
       expect {
-        session = described_class.new(client, [])
-        session.create_service(:westbound)
-      }.to raise_error(ArgumentError, "Unknown service westbound")
+        session.route_to(:ca)
+      }.to raise_error(Puppet::Error, "Could not select a functional puppet master from server_list: 'foo.example.com,bar.example.com'")
+    end
+
+
+    it "raises when there are no more routes" do
+      allow_any_instance_of(Net::HTTP).to receive(:start).and_raise(Errno::EHOSTUNREACH)
+      session = client.create_session
+
+      expect {
+        session.route_to(:ca)
+      }.to raise_error(Puppet::HTTP::RouteError, 'No more routes to ca')
     end
   end
 end

data/spec/unit/network/http/connection_spec.rb

@@ -1,6 +1,5 @@
 require 'spec_helper'
 require 'puppet/network/http/connection'
-require 'puppet_spec/validators'
 require 'puppet/test_ca'
 
 describe Puppet::Network::HTTP::Connection do

data/spec/unit/pops/evaluator/evaluating_parser_spec.rb

@@ -478,21 +478,26 @@ describe 'Puppet::Pops::Evaluator::EvaluatorImpl' do
       }.each do |source, coerced_val|
           it "should warn about numeric coercion in '#{source}' when strict = warning" do
             Puppet[:strict] = :warning
+            expect(Puppet::Pops::Evaluator::Runtime3Support::EvaluationError).not_to receive(:new)
             collect_notices(source)
             expect(warnings).to include(/The string '#{coerced_val}' was automatically coerced to the numerical value #{coerced_val}/)
           end
 
           it "should not warn about numeric coercion in '#{source}' if strict = off" do
             Puppet[:strict] = :off
+            expect(Puppet::Pops::Evaluator::Runtime3Support::EvaluationError).not_to receive(:new)
             collect_notices(source)
             expect(warnings).to_not include(/The string '#{coerced_val}' was automatically coerced to the numerical value #{coerced_val}/)
           end
 
         it "should error when finding numeric coercion in '#{source}' if strict = error" do
           Puppet[:strict] = :error
-          expect { parser.evaluate_string(scope, source, __FILE__) }.to raise_error(
-            /The string '#{coerced_val}' was automatically coerced to the numerical value #{coerced_val}/
-            )
+          expect {
+            parser.evaluate_string(scope, source, __FILE__)
+          }.to raise_error {|error|
+            expect(error.message).to match(/The string '#{coerced_val}' was automatically coerced to the numerical value #{coerced_val}/)
+            expect(error.backtrace.first).to match(/runtime3_support\.rb.+optionally_fail/)
+          }
         end
       end
 

data/spec/unit/provider/package/portage_spec.rb

@@ -44,13 +44,13 @@ describe Puppet::Type.type(:package).provider(:portage) do
     allow(@unslotted_provider).to receive(:qatom).and_return({:category=>"dev-lang", :pn=>"ruby", :pv=>nil, :pr=>nil, :slot=>nil, :pfx=>nil, :sfx=>nil})
     allow(@unslotted_provider.class).to receive(:emerge).with('--list-sets').and_return(package_sets)
     @slotted_provider = described_class.new(@slotted_resource)
-    allow(@slotted_provider).to receive(:qatom).and_return({:category=>"dev-lang", :pn=>"ruby", :pv=>nil, :pr=>nil, :slot=>":2.1", :pfx=>nil, :sfx=>nil})
+    allow(@slotted_provider).to receive(:qatom).and_return({:category=>"dev-lang", :pn=>"ruby", :pv=>nil, :pr=>nil, :slot=>"2.1", :pfx=>nil, :sfx=>nil})
     allow(@slotted_provider.class).to receive(:emerge).with('--list-sets').and_return(package_sets)
     @versioned_provider = described_class.new(@versioned_resource)
     allow(@versioned_provider).to receive(:qatom).and_return({:category=>"dev-lang", :pn=>"ruby", :pv=>"1.9.3", :pr=>nil, :slot=>nil, :pfx=>"=", :sfx=>nil})
     allow(@versioned_provider.class).to receive(:emerge).with('--list-sets').and_return(package_sets)
     @versioned_slotted_provider = described_class.new(@versioned_slotted_resource)
-    allow(@versioned_slotted_provider).to receive(:qatom).and_return({:category=>"dev-lang", :pn=>"ruby", :pv=>"1.9.3", :pr=>nil, :slot=>":1.9", :pfx=>"=", :sfx=>nil})
+    allow(@versioned_slotted_provider).to receive(:qatom).and_return({:category=>"dev-lang", :pn=>"ruby", :pv=>"1.9.3", :pr=>nil, :slot=>"1.9", :pfx=>"=", :sfx=>nil})
     allow(@versioned_slotted_provider.class).to receive(:emerge).with('--list-sets').and_return(package_sets)
     @set_provider = described_class.new(@set_resource)
     allow(@set_provider).to receive(:qatom).and_return({:category=>nil, :pn=>"@system", :pv=>nil, :pr=>nil, :slot=>nil, :pfx=>nil, :sfx=>nil})
@@ -180,7 +180,7 @@ describe Puppet::Type.type(:package).provider(:portage) do
   end
 
   it "can extract the slot from the package name" do
-    expect(@slotted_provider.qatom[:slot]).to eq(':2.1')
+    expect(@slotted_provider.qatom[:slot]).to eq('2.1')
   end
 
   it "returns nil for as the slot when no slot is specified" do
@@ -196,7 +196,7 @@ describe Puppet::Type.type(:package).provider(:portage) do
     expect(@versioned_slotted_provider.qatom[:category]).to eq('dev-lang')
     expect(@versioned_slotted_provider.qatom[:pn]).to eq('ruby')
     expect(@versioned_slotted_provider.qatom[:pv]).to eq('1.9.3')
-    expect(@versioned_slotted_provider.qatom[:slot]).to eq(':1.9')
+    expect(@versioned_slotted_provider.qatom[:slot]).to eq('1.9')
   end
 
   it "can handle search output with slots for unslotted packages" do