RubyGems - puppet - Versions diffs - 6.12.0-universal-darwin → 6.17.0-universal-darwin - Mend

puppet 6.12.0-universal-darwin → 6.17.0-universal-darwin

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (412) hide show

checksums.yaml +4 -4
data/CODEOWNERS +2 -7
data/CONTRIBUTING.md +7 -13
data/Gemfile +4 -2
data/Gemfile.lock +39 -36
data/README.md +18 -25
data/ext/project_data.yaml +1 -1
data/ext/windows/service/daemon.rb +3 -3
data/lib/puppet.rb +52 -13
data/lib/puppet/agent.rb +20 -14
data/lib/puppet/application/agent.rb +26 -17
data/lib/puppet/application/describe.rb +7 -5
data/lib/puppet/application/device.rb +2 -2
data/lib/puppet/application/filebucket.rb +19 -15
data/lib/puppet/application/plugin.rb +1 -0
data/lib/puppet/application/resource.rb +1 -1
data/lib/puppet/application/ssl.rb +4 -4
data/lib/puppet/configurer.rb +65 -69
data/lib/puppet/configurer/plugin_handler.rb +10 -1
data/lib/puppet/confine.rb +1 -1
data/lib/puppet/context/trusted_information.rb +14 -8
data/lib/puppet/daemon.rb +13 -27
data/lib/puppet/defaults.rb +154 -58
data/lib/puppet/environments.rb +27 -20
data/lib/puppet/face/facts.rb +8 -5
data/lib/puppet/face/help.rb +29 -3
data/lib/puppet/face/module/search.rb +5 -0
data/lib/puppet/face/plugin.rb +2 -2
data/lib/puppet/file_serving/http_metadata.rb +14 -2
data/lib/puppet/file_serving/metadata.rb +4 -1
data/lib/puppet/file_serving/terminus_selector.rb +7 -8
data/lib/puppet/file_system/file_impl.rb +14 -10
data/lib/puppet/file_system/memory_file.rb +6 -0
data/lib/puppet/file_system/memory_impl.rb +13 -0
data/lib/puppet/file_system/uniquefile.rb +12 -16
data/lib/puppet/file_system/windows.rb +7 -10
data/lib/puppet/forge.rb +1 -1
data/lib/puppet/forge/cache.rb +1 -1
data/lib/puppet/forge/repository.rb +4 -7
data/lib/puppet/functions/call.rb +1 -1
data/lib/puppet/functions/eyaml_lookup_key.rb +13 -8
data/lib/puppet/functions/filter.rb +1 -0
data/lib/puppet/functions/reduce.rb +2 -4
data/lib/puppet/http.rb +5 -0
data/lib/puppet/http/client.rb +293 -73
data/lib/puppet/http/errors.rb +2 -0
data/lib/puppet/http/external_client.rb +90 -0
data/lib/puppet/http/redirector.rb +43 -7
data/lib/puppet/http/resolver.rb +46 -3
data/lib/puppet/http/resolver/server_list.rb +76 -16
data/lib/puppet/http/resolver/settings.rb +23 -3
data/lib/puppet/http/resolver/srv.rb +29 -3
data/lib/puppet/http/response.rb +87 -1
data/lib/puppet/http/retry_after_handler.rb +39 -0
data/lib/puppet/http/service.rb +151 -7
data/lib/puppet/http/service/ca.rb +76 -14
data/lib/puppet/http/service/compiler.rb +319 -0
data/lib/puppet/http/service/file_server.rb +206 -0
data/lib/puppet/http/service/report.rb +49 -23
data/lib/puppet/http/session.rb +103 -7
data/lib/puppet/indirector.rb +1 -1
data/lib/puppet/indirector/catalog/compiler.rb +10 -0
data/lib/puppet/indirector/catalog/rest.rb +34 -0
data/lib/puppet/indirector/facts/rest.rb +42 -0
data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
data/lib/puppet/indirector/file_bucket_file/rest.rb +48 -0
data/lib/puppet/indirector/file_content/http.rb +5 -0
data/lib/puppet/indirector/file_content/rest.rb +30 -0
data/lib/puppet/indirector/file_metadata/http.rb +27 -8
data/lib/puppet/indirector/file_metadata/rest.rb +52 -0
data/lib/puppet/indirector/json.rb +1 -1
data/lib/puppet/indirector/msgpack.rb +1 -1
data/lib/puppet/indirector/node/rest.rb +24 -0
data/lib/puppet/indirector/report/rest.rb +19 -0
data/lib/puppet/indirector/report/yaml.rb +23 -0
data/lib/puppet/indirector/request.rb +1 -1
data/lib/puppet/indirector/rest.rb +12 -0
data/lib/puppet/indirector/status/rest.rb +18 -0
data/lib/puppet/loaders.rb +6 -0
data/lib/puppet/metatype/manager.rb +80 -80
data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
data/lib/puppet/network/http/api/master/v3/environment.rb +3 -0
data/lib/puppet/network/http/base_pool.rb +7 -2
data/lib/puppet/network/http/compression.rb +7 -0
data/lib/puppet/network/http/connection.rb +6 -0
data/lib/puppet/network/http/connection_adapter.rb +184 -0
data/lib/puppet/network/http/nocache_pool.rb +2 -0
data/lib/puppet/network/http/pool.rb +13 -6
data/lib/puppet/network/http_pool.rb +2 -1
data/lib/puppet/node/environment.rb +11 -1
data/lib/puppet/pal/catalog_compiler.rb +5 -0
data/lib/puppet/pal/pal_impl.rb +4 -29
data/lib/puppet/parser/ast/leaf.rb +5 -5
data/lib/puppet/parser/ast/pops_bridge.rb +6 -15
data/lib/puppet/parser/compiler.rb +43 -33
data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +2 -0
data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +2 -0
data/lib/puppet/parser/environment_compiler.rb +4 -1
data/lib/puppet/parser/functions.rb +18 -13
data/lib/puppet/parser/functions/filter.rb +1 -0
data/lib/puppet/parser/resource.rb +3 -2
data/lib/puppet/parser/resource/param.rb +6 -0
data/lib/puppet/pops/evaluator/access_operator.rb +2 -2
data/lib/puppet/pops/evaluator/evaluator_impl.rb +6 -6
data/lib/puppet/pops/issues.rb +5 -0
data/lib/puppet/pops/loader/puppet_plan_instantiator.rb +12 -3
data/lib/puppet/pops/loaders.rb +7 -5
data/lib/puppet/pops/parser/evaluating_parser.rb +5 -7
data/lib/puppet/pops/resource/resource_type_impl.rb +2 -0
data/lib/puppet/pops/types/p_object_type_extension.rb +10 -0
data/lib/puppet/pops/types/type_calculator.rb +24 -0
data/lib/puppet/pops/validation/checker4_0.rb +11 -1
data/lib/puppet/pops/validation/tasks_checker.rb +5 -1
data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
data/lib/puppet/provider/aix_object.rb +4 -2
data/lib/puppet/provider/group/aix.rb +1 -0
data/lib/puppet/provider/group/groupadd.rb +57 -24
data/lib/puppet/provider/group/windows_adsi.rb +3 -3
data/lib/puppet/provider/package/aix.rb +17 -2
data/lib/puppet/provider/package/apt.rb +78 -4
data/lib/puppet/provider/package/aptitude.rb +1 -1
data/lib/puppet/provider/package/dnfmodule.rb +69 -15
data/lib/puppet/provider/package/dpkg.rb +14 -7
data/lib/puppet/provider/package/fink.rb +20 -3
data/lib/puppet/provider/package/gem.rb +41 -7
data/lib/puppet/provider/package/openbsd.rb +13 -1
data/lib/puppet/provider/package/pacman.rb +2 -5
data/lib/puppet/provider/package/pip.rb +143 -48
data/lib/puppet/provider/package/pip3.rb +0 -2
data/lib/puppet/provider/package/pkg.rb +18 -5
data/lib/puppet/provider/package/pkgdmg.rb +1 -1
data/lib/puppet/provider/package/pkgng.rb +16 -4
data/lib/puppet/provider/package/portage.rb +2 -2
data/lib/puppet/provider/package/puppet_gem.rb +6 -2
data/lib/puppet/provider/package/rpm.rb +6 -213
data/lib/puppet/provider/package/yum.rb +109 -25
data/lib/puppet/provider/package/zypper.rb +59 -1
data/lib/puppet/provider/service/systemd.rb +22 -4
data/lib/puppet/provider/service/windows.rb +23 -7
data/lib/puppet/provider/user/aix.rb +1 -0
data/lib/puppet/provider/user/directoryservice.rb +30 -5
data/lib/puppet/provider/user/useradd.rb +22 -12
data/lib/puppet/reports/http.rb +15 -9
data/lib/puppet/reports/store.rb +1 -1
data/lib/puppet/resource.rb +2 -1
data/lib/puppet/resource/type.rb +8 -0
data/lib/puppet/resource/type_collection.rb +20 -16
data/lib/puppet/runtime.rb +31 -1
data/lib/puppet/settings.rb +4 -0
data/lib/puppet/settings/http_extra_headers_setting.rb +25 -0
data/lib/puppet/ssl.rb +1 -0
data/lib/puppet/ssl/certificate.rb +2 -1
data/lib/puppet/ssl/host.rb +4 -4
data/lib/puppet/ssl/oids.rb +1 -0
data/lib/puppet/ssl/ssl_context.rb +2 -2
data/lib/puppet/ssl/ssl_provider.rb +20 -1
data/lib/puppet/ssl/state_machine.rb +81 -35
data/lib/puppet/ssl/verifier_adapter.rb +9 -1
data/lib/puppet/test/test_helper.rb +15 -11
data/lib/puppet/transaction/report.rb +2 -2
data/lib/puppet/transaction/resource_harness.rb +1 -1
data/lib/puppet/trusted_external.rb +29 -1
data/lib/puppet/type.rb +18 -6
data/lib/puppet/type/file.rb +51 -13
data/lib/puppet/type/file/checksum.rb +4 -4
data/lib/puppet/type/file/source.rb +51 -60
data/lib/puppet/type/group.rb +2 -2
data/lib/puppet/type/package.rb +102 -10
data/lib/puppet/type/service.rb +55 -8
data/lib/puppet/type/user.rb +3 -28
data/lib/puppet/util.rb +39 -15
data/lib/puppet/util/at_fork.rb +1 -1
data/lib/puppet/util/autoload.rb +4 -18
data/lib/puppet/util/checksums.rb +19 -4
data/lib/puppet/util/fileparsing.rb +2 -2
data/lib/puppet/util/instance_loader.rb +14 -10
data/lib/puppet/util/log/destinations.rb +2 -11
data/lib/puppet/util/package/version/debian.rb +175 -0
data/lib/puppet/util/package/version/gem.rb +15 -0
data/lib/puppet/util/package/version/pip.rb +167 -0
data/lib/puppet/util/package/version/range.rb +53 -0
data/lib/puppet/util/package/version/range/eq.rb +14 -0
data/lib/puppet/util/package/version/range/gt.rb +14 -0
data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
data/lib/puppet/util/package/version/range/lt.rb +14 -0
data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
data/lib/puppet/util/package/version/range/min_max.rb +21 -0
data/lib/puppet/util/package/version/range/simple.rb +11 -0
data/lib/puppet/util/package/version/rpm.rb +73 -0
data/lib/puppet/util/pidlock.rb +36 -10
data/lib/puppet/util/platform.rb +5 -0
data/lib/puppet/util/plist.rb +6 -0
data/lib/puppet/util/provider_features.rb +1 -1
data/lib/puppet/util/reference.rb +1 -1
data/lib/puppet/util/rpm_compare.rb +193 -0
data/lib/puppet/util/storage.rb +0 -1
data/lib/puppet/util/windows/adsi.rb +2 -2
data/lib/puppet/util/windows/api_types.rb +45 -32
data/lib/puppet/util/windows/eventlog.rb +1 -6
data/lib/puppet/util/windows/principal.rb +8 -6
data/lib/puppet/util/windows/process.rb +15 -14
data/lib/puppet/util/windows/registry.rb +11 -11
data/lib/puppet/util/windows/security.rb +1 -0
data/lib/puppet/util/windows/service.rb +43 -26
data/lib/puppet/util/windows/sid.rb +3 -3
data/lib/puppet/util/windows/user.rb +23 -8
data/lib/puppet/util/yaml.rb +1 -1
data/lib/puppet/version.rb +1 -1
data/locales/puppet.pot +707 -574
data/man/man5/puppet.conf.5 +74 -14
data/man/man8/puppet-agent.8 +7 -7
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +2 -2
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +17 -2
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +6 -3
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +4 -1
data/man/man8/puppet-node.8 +1 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +2 -2
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +67 -0
data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -0
data/spec/fixtures/ssl/unknown-ca-key.pem +67 -0
data/spec/fixtures/ssl/unknown-ca.pem +59 -0
data/spec/fixtures/unit/provider/package/dnfmodule/{dnf-module-list-installed.txt → dnf-module-list.txt} +8 -0
data/spec/fixtures/unit/provider/package/pkgng/pkg.version +2 -0
data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +9 -0
data/spec/fixtures/unit/provider/package/zypper/zypper-search-uninstalled.out +13 -0
data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +9 -0
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_fetch_if_not_on_the_local_disk.yml +1 -102
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_not_update_if_content_on_disk_is_up-to-date.yml +1 -106
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_update_if_content_differs_on_disk.yml +1 -106
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_mtime_is_older_on_disk.yml +1 -102
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_no_header_specified.yml +1 -98
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_not_on_the_local_disk.yml +1 -102
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_not_update_if_mtime_is_newer_on_disk.yml +1 -102
data/spec/integration/application/agent_spec.rb +483 -0
data/spec/integration/application/apply_spec.rb +132 -3
data/spec/integration/application/filebucket_spec.rb +190 -0
data/spec/integration/application/plugin_spec.rb +73 -0
data/spec/integration/configurer_spec.rb +26 -7
data/spec/integration/defaults_spec.rb +1 -2
data/spec/integration/http/client_spec.rb +47 -37
data/spec/integration/indirector/facts/facter_spec.rb +4 -0
data/spec/integration/indirector/report/yaml.rb +83 -0
data/spec/integration/module_tool/forge_spec.rb +2 -15
data/spec/integration/network/http_pool_spec.rb +93 -20
data/spec/integration/node/environment_spec.rb +15 -0
data/spec/integration/parser/compiler_spec.rb +11 -0
data/spec/integration/type/file_spec.rb +1 -1
data/spec/integration/util/windows/adsi_spec.rb +6 -1
data/spec/integration/util/windows/registry_spec.rb +7 -7
data/spec/integration/util/windows/user_spec.rb +40 -5
data/spec/lib/puppet/test_ca.rb +2 -2
data/spec/lib/puppet_spec/https.rb +16 -7
data/spec/lib/puppet_spec/puppetserver.rb +119 -0
data/spec/shared_contexts/https.rb +29 -0
data/spec/unit/agent_spec.rb +80 -26
data/spec/unit/application/agent_spec.rb +9 -5
data/spec/unit/application/apply_spec.rb +2 -12
data/spec/unit/application/describe_spec.rb +88 -50
data/spec/unit/application/device_spec.rb +2 -2
data/spec/unit/application/filebucket_spec.rb +22 -2
data/spec/unit/application/resource_spec.rb +2 -2
data/spec/unit/configurer/fact_handler_spec.rb +4 -8
data/spec/unit/configurer/plugin_handler_spec.rb +36 -19
data/spec/unit/configurer_spec.rb +17 -18
data/spec/unit/context/trusted_information_spec.rb +25 -2
data/spec/unit/daemon_spec.rb +5 -64
data/spec/unit/defaults_spec.rb +25 -2
data/spec/unit/environments_spec.rb +65 -28
data/spec/unit/face/facts_spec.rb +24 -20
data/spec/unit/face/module/search_spec.rb +17 -0
data/spec/unit/face/plugin_spec.rb +12 -10
data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
data/spec/unit/file_system/uniquefile_spec.rb +11 -0
data/spec/unit/file_system_spec.rb +26 -2
data/spec/unit/functions/lookup_spec.rb +13 -0
data/spec/unit/http/client_spec.rb +327 -35
data/spec/unit/http/external_client_spec.rb +201 -0
data/spec/unit/http/resolver_spec.rb +34 -2
data/spec/unit/http/response_spec.rb +75 -0
data/spec/unit/http/service/ca_spec.rb +53 -11
data/spec/unit/http/service/compiler_spec.rb +627 -0
data/spec/unit/http/service/file_server_spec.rb +308 -0
data/spec/unit/http/service/report_spec.rb +27 -9
data/spec/unit/http/service_spec.rb +98 -5
data/spec/unit/http/session_spec.rb +190 -7
data/spec/unit/indirector/catalog/compiler_spec.rb +47 -29
data/spec/unit/indirector/catalog/rest_spec.rb +59 -2
data/spec/unit/indirector/facts/rest_spec.rb +79 -24
data/spec/unit/indirector/file_bucket_file/rest_spec.rb +82 -2
data/spec/unit/indirector/file_content/rest_spec.rb +53 -2
data/spec/unit/indirector/file_metadata/http_spec.rb +194 -0
data/spec/unit/indirector/file_metadata/rest_spec.rb +110 -2
data/spec/unit/indirector/node/rest_spec.rb +57 -2
data/spec/unit/indirector/report/rest_spec.rb +58 -51
data/spec/unit/indirector/request_spec.rb +1 -1
data/spec/unit/indirector/resource/ral_spec.rb +7 -8
data/spec/unit/indirector/rest_spec.rb +13 -0
data/spec/unit/indirector/status/rest_spec.rb +43 -2
data/spec/unit/interface_spec.rb +3 -3
data/spec/unit/network/http/api/indirected_routes_spec.rb +2 -1
data/spec/unit/network/http/connection_spec.rb +559 -175
data/spec/unit/network/http/nocache_pool_spec.rb +25 -3
data/spec/unit/network/http/pool_spec.rb +89 -11
data/spec/unit/network/http_pool_spec.rb +63 -57
data/spec/unit/network/http_spec.rb +1 -1
data/spec/unit/node/environment_spec.rb +16 -0
data/spec/unit/node/facts_spec.rb +2 -1
data/spec/unit/node_spec.rb +7 -4
data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
data/spec/unit/parser/environment_compiler_spec.rb +7 -0
data/spec/unit/parser/scope_spec.rb +1 -1
data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +15 -1
data/spec/unit/pops/loaders/loaders_spec.rb +1 -1
data/spec/unit/pops/serialization/to_from_hr_spec.rb +6 -1
data/spec/unit/pops/types/type_calculator_spec.rb +1 -11
data/spec/unit/pops/validator/validator_spec.rb +7 -2
data/spec/unit/provider/aix_object_spec.rb +16 -2
data/spec/unit/provider/group/groupadd_spec.rb +181 -56
data/spec/unit/provider/group/windows_adsi_spec.rb +43 -10
data/spec/unit/provider/package/aix_spec.rb +29 -0
data/spec/unit/provider/package/apt_spec.rb +43 -2
data/spec/unit/provider/package/aptitude_spec.rb +1 -0
data/spec/unit/provider/package/dnfmodule_spec.rb +76 -15
data/spec/unit/provider/package/dpkg_spec.rb +28 -6
data/spec/unit/provider/package/gem_spec.rb +40 -0
data/spec/unit/provider/package/openbsd_spec.rb +17 -0
data/spec/unit/provider/package/pacman_spec.rb +6 -21
data/spec/unit/provider/package/pip_spec.rb +68 -19
data/spec/unit/provider/package/pkg_spec.rb +15 -1
data/spec/unit/provider/package/pkgdmg_spec.rb +1 -1
data/spec/unit/provider/package/pkgng_spec.rb +38 -0
data/spec/unit/provider/package/portage_spec.rb +5 -0
data/spec/unit/provider/package/puppet_gem_spec.rb +8 -0
data/spec/unit/provider/package/rpm_spec.rb +0 -212
data/spec/unit/provider/package/yum_spec.rb +292 -0
data/spec/unit/provider/package/zypper_spec.rb +84 -0
data/spec/unit/provider/service/init_spec.rb +1 -0
data/spec/unit/provider/service/openbsd_spec.rb +9 -0
data/spec/unit/provider/service/openwrt_spec.rb +1 -0
data/spec/unit/provider/service/redhat_spec.rb +9 -0
data/spec/unit/provider/service/systemd_spec.rb +92 -12
data/spec/unit/provider/service/windows_spec.rb +22 -14
data/spec/unit/provider/user/directoryservice_spec.rb +41 -0
data/spec/unit/provider/user/openbsd_spec.rb +1 -0
data/spec/unit/provider/user/useradd_spec.rb +43 -24
data/spec/unit/provider/user/windows_adsi_spec.rb +3 -3
data/spec/unit/puppet_pal_2pec.rb +0 -26
data/spec/unit/puppet_pal_catalog_spec.rb +46 -0
data/spec/unit/puppet_spec.rb +47 -0
data/spec/unit/reports/http_spec.rb +70 -52
data/spec/unit/resource_spec.rb +3 -3
data/spec/unit/settings/autosign_setting_spec.rb +1 -1
data/spec/unit/settings/http_extra_headers_spec.rb +64 -0
data/spec/unit/ssl/certificate_spec.rb +7 -0
data/spec/unit/ssl/host_spec.rb +4 -2
data/spec/unit/ssl/oids_spec.rb +1 -0
data/spec/unit/ssl/ssl_provider_spec.rb +69 -43
data/spec/unit/ssl/state_machine_spec.rb +99 -13
data/spec/unit/test/test_helper_spec.rb +17 -0
data/spec/unit/transaction/persistence_spec.rb +1 -10
data/spec/unit/transaction/report_spec.rb +5 -1
data/spec/unit/transaction_spec.rb +0 -2
data/spec/unit/type/file/ensure_spec.rb +1 -2
data/spec/unit/type/file/source_spec.rb +89 -38
data/spec/unit/type/file_spec.rb +122 -96
data/spec/unit/type/package_spec.rb +8 -0
data/spec/unit/type/service_spec.rb +185 -8
data/spec/unit/type/user_spec.rb +1 -2
data/spec/unit/type_spec.rb +50 -0
data/spec/unit/util/at_fork_spec.rb +3 -2
data/spec/unit/util/autoload_spec.rb +2 -1
data/spec/unit/util/checksums_spec.rb +16 -0
data/spec/unit/util/log/destinations_spec.rb +1 -29
data/spec/unit/util/package/version/debian_spec.rb +83 -0
data/spec/unit/util/package/version/pip_spec.rb +464 -0
data/spec/unit/util/package/version/range_spec.rb +175 -0
data/spec/unit/util/package/version/rpm_spec.rb +121 -0
data/spec/unit/util/pidlock_spec.rb +112 -42
data/spec/unit/util/plist_spec.rb +20 -0
data/spec/unit/util/rpm_compare_spec.rb +196 -0
data/spec/unit/util/storage_spec.rb +1 -8
data/spec/unit/util/windows/adsi_spec.rb +4 -4
data/spec/unit/util/windows/api_types_spec.rb +104 -40
data/spec/unit/util/windows/service_spec.rb +4 -4
data/spec/unit/util/windows/sid_spec.rb +2 -2
data/spec/unit/util_spec.rb +3 -3
data/spec/unit/x509/cert_provider_spec.rb +1 -1
data/tasks/generate_cert_fixtures.rake +15 -1
data/tasks/manpages.rake +5 -35
metadata +73 -12
data/COMMITTERS.md +0 -244
data/spec/integration/faces/plugin_spec.rb +0 -61
data/spec/integration/test/test_helper_spec.rb +0 -31

data/spec/unit/face/module/search_spec.rb CHANGED

@@ -211,4 +211,21 @@ describe "puppet module search" do
       end
     end
   end
+  it "should include a deprecation warning" do
+    stub_request(:get, "https://forgeapi.puppet.com/v3/modules?query=puppetlabs-apache").to_return(status: 200, body: [answers: [], result: :success])
+    subject.search("puppetlabs-apache")
+    expect(@logs).to include(an_object_having_attributes(level: :warning, message: /This action has been deprecated. Please use the Puppet Forge to search for modules./))
+  end
+  it "omits the warning when deprecations are disabled" do
+    stub_request(:get, "https://forgeapi.puppet.com/v3/modules?query=puppetlabs-apache").to_return(status: 200, body: [answers: [], result: :success])
+    Puppet[:disable_warnings] = 'deprecations'
+    subject.search("puppetlabs-apache")
+    expect(@logs).not_to include(an_object_having_attributes(level: :warning))
+  end
 end

data/spec/unit/face/plugin_spec.rb CHANGED

@@ -10,9 +10,10 @@ describe Puppet::Face[:plugin, :current] do
   end
   context "download" do
-    before :each do
-      #Server_agent version needs to be at 5.3.4 in order to mount locales
-      Puppet.push_context({:server_agent_version => "5.3.4"})
+    around do |example|
+      Puppet.override(server_agent_version: "5.3.4") do
+        example.run
+      end
     end
     it "downloads plugins, external facts, and locales" do
@@ -61,9 +62,10 @@ describe Puppet::Face[:plugin, :current] do
   end
   context "download when server_agent_version is 5.3.3" do
-    before :each do
-      #Server_agent version needs to be at 5.3.4 in order to mount locales
-      Puppet.push_context({:server_agent_version => "5.3.3"})
+    around do |example|
+      Puppet.override(server_agent_version: "5.3.3") do
+        example.run
+      end
     end
     it "downloads plugins, and external facts, but not locales" do
@@ -87,10 +89,10 @@ describe Puppet::Face[:plugin, :current] do
   end
   context "download when server_agent_version is blank" do
-    before :each do
-      #Server_agent version needs to be at 5.3.4 in order to mount locales
-      #A blank version will default to 0.0
-      Puppet.push_context({:server_agent_version => ""})
+    around do |example|
+      Puppet.override(server_agent_version: "") do
+        example.run
+      end
     end
     it "downloads plugins, and external facts, but not locales" do

data/spec/unit/file_serving/http_metadata_spec.rb CHANGED

@@ -30,11 +30,6 @@ describe Puppet::FileServing::HttpMetadata do
     end
     context "with no Last-Modified or Content-MD5 header from the server" do
-      before do
-        allow(http_response).to receive(:[]).with('last-modified').and_return(nil)
-        allow(http_response).to receive(:[]).with('content-md5').and_return(nil)
-      end
       it "should use :mtime as the checksum type, based on current time" do
         # Stringifying Time.now does some rounding; do so here so we don't end up with a time
         # that's greater than the stringified version returned by collect.
@@ -51,13 +46,9 @@ describe Puppet::FileServing::HttpMetadata do
     context "with a Last-Modified header from the server" do
       let(:time) { Time.now.utc }
-      before do
-        allow(http_response).to receive(:[]).with('content-md5').and_return(nil)
-      end
       it "should use :mtime as the checksum type, based on Last-Modified" do
         # HTTP uses "GMT" not "UTC"
-        allow(http_response).to receive(:[]).with('last-modified').and_return(time.strftime("%a, %d %b %Y %T GMT"))
+        http_response.add_field('last-modified', time.strftime("%a, %d %b %Y %T GMT"))
         metadata = described_class.new(http_response)
         metadata.collect
         expect( metadata.checksum_type ).to eq :mtime
@@ -70,16 +61,48 @@ describe Puppet::FileServing::HttpMetadata do
       let(:base64) { Digest::MD5.new.base64digest input }
       let(:hex) { Digest::MD5.new.hexdigest input }
-      before do
-        allow(http_response).to receive(:[]).with('last-modified').and_return(nil)
-        allow(http_response).to receive(:[]).with('content-md5').and_return(base64)
+      it "should use the md5 checksum" do
+        http_response.add_field('content-md5', base64)
+        metadata = described_class.new(http_response)
+        metadata.collect
+        expect( metadata.checksum_type ).to eq :md5
+        expect( metadata.checksum ).to eq "{md5}#{hex}"
       end
+    end
+    context "with X-Checksum-Md5" do
+      let(:md5) { "c58989e9740a748de4f5054286faf99b" }
       it "should use the md5 checksum" do
+        http_response.add_field('X-Checksum-Md5', md5)
         metadata = described_class.new(http_response)
         metadata.collect
         expect( metadata.checksum_type ).to eq :md5
-        expect( metadata.checksum ).to eq "{md5}#{hex}"
+        expect( metadata.checksum ).to eq "{md5}#{md5}"
+      end
+    end
+    context "with X-Checksum-Sha1" do
+      let(:sha1) { "01e4d15746f4274b84d740a93e04b9fd2882e3ea" }
+      it "should use the SHA1 checksum" do
+        http_response.add_field('X-Checksum-Sha1', sha1)
+        metadata = described_class.new(http_response)
+        metadata.collect
+        expect( metadata.checksum_type ).to eq :sha1
+        expect( metadata.checksum ).to eq "{sha1}#{sha1}"
+      end
+    end
+    context "with X-Checksum-Sha256" do
+      let(:sha256) { "a3eda98259c30e1e75039c2123670c18105e1c46efb672e42ca0e4cbe77b002a" }
+      it "should use the SHA256 checksum" do
+        http_response.add_field('X-Checksum-Sha256', sha256)
+        metadata = described_class.new(http_response)
+        metadata.collect
+        expect( metadata.checksum_type ).to eq :sha256
+        expect( metadata.checksum ).to eq "{sha256}#{sha256}"
       end
     end
   end

data/spec/unit/file_serving/terminus_selector_spec.rb CHANGED

@@ -3,62 +3,81 @@ require 'spec_helper'
 require 'puppet/file_serving/terminus_selector'
 describe Puppet::FileServing::TerminusSelector do
-  before do
-    @object = Object.new
-    @object.extend(Puppet::FileServing::TerminusSelector)
+  class TestSelector
+    include Puppet::FileServing::TerminusSelector
+  end
-    @request = double('request', :key => "mymod/myfile", :options => {:node => "whatever"}, :server => nil, :protocol => nil)
+  def create_request(key)
+    Puppet::Indirector::Request.new(:indirection_name, :find, key, nil, {node: 'whatever'})
   end
+  subject { TestSelector.new }
   describe "when being used to select termini" do
     it "should return :file if the request key is fully qualified" do
-      expect(@request).to receive(:key).and_return(File.expand_path('/foo'))
-      expect(@object.select(@request)).to eq(:file)
+      request = create_request(File.expand_path('/foo'))
+      expect(subject.select(request)).to eq(:file)
+    end
+    it "should return :file_server if the request key is relative" do
+      request = create_request('modules/my_module/path/to_file')
+      expect(subject.select(request)).to eq(:file_server)
     end
     it "should return :file if the URI protocol is set to 'file'" do
-      expect(@request).to receive(:protocol).and_return("file")
-      expect(@object.select(@request)).to eq(:file)
+      request = create_request(Puppet::Util.path_to_uri(File.expand_path("/foo")).to_s)
+      expect(subject.select(request)).to eq(:file)
     end
     it "should return :http if the URI protocol is set to 'http'" do
-      expect(@request).to receive(:protocol).and_return("http")
-      expect(@object.select(@request)).to eq :http
+      request = create_request("http://www.example.com")
+      expect(subject.select(request)).to eq(:http)
     end
     it "should return :http if the URI protocol is set to 'https'" do
-      expect(@request).to receive(:protocol).and_return("https")
-      expect(@object.select(@request)).to eq :http
+      request = create_request("https://www.example.com")
+      expect(subject.select(request)).to eq(:http)
+    end
+    it "should return :http if the path starts with a double slash" do
+      request = create_request("https://www.example.com//index.html")
+      expect(subject.select(request)).to eq(:http)
     end
     it "should fail when a protocol other than :puppet, :http(s) or :file is used" do
-      allow(@request).to receive(:protocol).and_return("ftp")
-      expect { @object.select(@request) }.to raise_error(ArgumentError)
+      request = create_request("ftp://ftp.example.com")
+      expect {
+        subject.select(request)
+      }.to raise_error(ArgumentError, /URI protocol 'ftp' is not currently supported for file serving/)
     end
     describe "and the protocol is 'puppet'" do
-      before do
-        allow(@request).to receive(:protocol).and_return("puppet")
-      end
       it "should choose :rest when a server is specified" do
-        allow(@request).to receive(:protocol).and_return("puppet")
-        expect(@request).to receive(:server).and_return("foo")
-        expect(@object.select(@request)).to eq(:rest)
+        request = create_request("puppet://puppetserver.example.com")
+        expect(subject.select(request)).to eq(:rest)
       end
       # This is so a given file location works when bootstrapping with no server.
       it "should choose :rest when default_file_terminus is rest" do
-        allow(@request).to receive(:protocol).and_return("puppet")
         Puppet[:server] = 'localhost'
-        expect(@object.select(@request)).to eq(:rest)
+        request = create_request("puppet:///plugins")
+        expect(subject.select(request)).to eq(:rest)
       end
       it "should choose :file_server when default_file_terminus is file_server and no server is specified on the request" do
-        expect(@request).to receive(:protocol).and_return("puppet")
-        expect(@request).to receive(:server).and_return(nil)
         Puppet[:default_file_terminus] = 'file_server'
-        expect(@object.select(@request)).to eq(:file_server)
+        request = create_request("puppet:///plugins")
+        expect(subject.select(request)).to eq(:file_server)
       end
     end
   end

data/spec/unit/file_system/uniquefile_spec.rb CHANGED

@@ -1,6 +1,8 @@
 require 'spec_helper'
 describe Puppet::FileSystem::Uniquefile do
+  include PuppetSpec::Files
   it "makes the name of the file available" do
     Puppet::FileSystem::Uniquefile.open_tmp('foo') do |file|
       expect(file.path).to match(/foo/)
@@ -73,6 +75,15 @@ describe Puppet::FileSystem::Uniquefile do
     Puppet::FileSystem::Uniquefile.open_tmp('foo') { |tmp| }
   end
+  it "reports when a parent directory does not exist" do
+    dir = tmpdir('uniquefile')
+    lock = File.join(dir, 'path', 'to', 'lock')
+    expect {
+      Puppet::FileSystem::Uniquefile.open_tmp(lock) { |tmp| }
+    }.to raise_error(Errno::ENOENT, %r{No such file or directory - A directory component in .* does not exist or is a dangling symbolic link})
+  end
   context "Ruby 1.9.3 Tempfile tests" do
     # the remaining tests in this file are ported directly from the ruby 1.9.3 source,
     # since most of this file was ported from there

data/spec/unit/file_system_spec.rb CHANGED

@@ -970,6 +970,16 @@ describe "Puppet::FileSystem" do
           mode = Puppet::FileSystem.stat(dest).mode
           expect(mode & 07777).to eq(0400)
         end
+        it 'preserves file ownership' do
+          allow(Puppet::FileSystem).to receive(:lstat)
+            .with(Puppet::FileSystem.pathname(dest))
+            .and_return(double(uid: 1, gid: 2))
+          expect(FileUtils).to receive(:chown).with(1, 2, /#{dest}/)
+          Puppet::FileSystem.replace_file(dest, 0644) { |f| f.write(content) }
+        end
       end
       context 'on windows', if: Puppet::Util::Platform.windows? do
@@ -988,7 +998,7 @@ describe "Puppet::FileSystem" do
         it 'rejects unsupported modes' do
           expect {
             Puppet::FileSystem.replace_file(dest, 0755) { |_| }
-          }.to raise_error(ArgumentError, /Only modes 0644, 0640 and 0600 are allowed/)
+          }.to raise_error(ArgumentError, /Only modes 0644, 0640, 0660, and 0440 are allowed/)
         end
       end
     end
@@ -1065,12 +1075,26 @@ describe "Puppet::FileSystem" do
           end
         end
-        it 'applies the specified mode' do
+        it 'applies 0644 mode' do
           Puppet::FileSystem.replace_file(dest, 0644) { |f| f.write(content) }
           expects_public_file(dest)
         end
+        [0660, 0640, 0600, 0440].each do |mode|
+          it "applies #{mode} mode" do
+            Puppet::FileSystem.replace_file(dest, mode) { |f| f.write(content) }
+            current_sid = Puppet::Util::Windows::SID.name_to_sid(Puppet::Util::Windows::ADSI::User.current_user_name)
+            sd = Puppet::Util::Windows::Security.get_security_descriptor(dest)
+            expect(sd.dacl).to contain_exactly(
+              an_object_having_attributes(sid: Puppet::Util::Windows::SID::LocalSystem, mask: 0x1f01ff),
+              an_object_having_attributes(sid: Puppet::Util::Windows::SID::BuiltinAdministrators, mask: 0x1f01ff),
+              an_object_having_attributes(sid: current_sid, mask: 0x1f01ff),
+            )
+          end
+        end
         it 'raises Errno::EACCES if access is denied' do
           allow(Puppet::Util::Windows::Security).to receive(:get_security_descriptor).and_raise(Puppet::Util::Windows::Error.new('access denied', 5))

data/spec/unit/functions/lookup_spec.rb CHANGED

@@ -3082,6 +3082,19 @@ describe "The lookup function" do
       let(:env_data) { data_files }
+      context 'with unencryptable eyaml' do
+        let(:data_files) do
+          {
+            'common.eyaml' => <<-YAML.unindent
+              key_with_invalid_eyaml: ENC[PKCS7,INVALID]
+              YAML
+          }
+        end
+        it 'fails and reports error with ENC value, key being looked up and filename' do
+          expect { lookup('key_with_invalid_eyaml') }.to raise_error(Puppet::DataBinding::LookupError, /hiera-eyaml backend error decrypting ENC\[PKCS7,INVALID\] when looking up key_with_invalid_eyaml in .*common\.eyaml\. Error was/)
+        end
+      end
       context 'and a module using eyaml with different options' do
         let(:private_module_key) do

data/spec/unit/http/client_spec.rb CHANGED

@@ -4,7 +4,9 @@ require 'puppet/http'
 describe Puppet::HTTP::Client do
   let(:uri) { URI.parse('https://www.example.com') }
-  let(:client) { described_class.new }
+  let(:puppet_context) { Puppet::SSL::SSLContext.new }
+  let(:system_context) { Puppet::SSL::SSLContext.new }
+  let(:client) { described_class.new(ssl_context: puppet_context, system_ssl_context: system_context) }
   let(:credentials) { ['user', 'pass'] }
   it 'creates unique sessions' do
@@ -45,6 +47,46 @@ describe Puppet::HTTP::Client do
         client.connect(uri)
       }.to raise_error(Puppet::HTTP::ConnectionError, %r{^Request to https://www.example.com timed out connect operation after .* seconds})
     end
+    it 'connects using the default ssl context' do
+      expect(client.pool).to receive(:with_connection) do |_, verifier|
+        expect(verifier.ssl_context).to equal(puppet_context)
+      end
+      client.connect(uri)
+    end
+    it 'connects using a specified ssl context' do
+      other_context = Puppet::SSL::SSLContext.new
+      expect(client.pool).to receive(:with_connection) do |_, verifier|
+        expect(verifier.ssl_context).to equal(other_context)
+      end
+      client.connect(uri, options: {ssl_context: other_context})
+    end
+    it 'connects using the system store' do
+      expect(client.pool).to receive(:with_connection) do |_, verifier|
+        expect(verifier.ssl_context).to equal(system_context)
+      end
+      client.connect(uri, options: {include_system_store: true})
+    end
+    it 'does not create a verifier for HTTP connections' do
+      expect(client.pool).to receive(:with_connection) do |_, verifier|
+        expect(verifier).to be_nil
+      end
+      client.connect(URI.parse('http://www.example.com'))
+    end
+    it 'raises an HTTPError if both are specified' do
+      expect {
+        client.connect(uri, options: {ssl_context: puppet_context, include_system_store: true})
+      }.to raise_error(Puppet::HTTP::HTTPError, /The ssl_context and include_system_store parameters are mutually exclusive/)
+    end
   end
   context 'after connecting' do
@@ -75,10 +117,8 @@ describe Puppet::HTTP::Client do
   context "when closing" do
     it "closes all connections in the pool" do
-      pool = double('pool')
-      expect(pool).to receive(:close)
+      expect(client.pool).to receive(:close)
-      client = described_class.new(pool: pool)
       client.close
     end
   end
@@ -99,6 +139,12 @@ describe Puppet::HTTP::Client do
       client.get(uri, params: {:foo => "bar=baz"})
     end
+    it "fails if a user passes in an invalid param type" do
+      environment = Puppet::Node::Environment.create(:testing, [])
+      expect{client.get(uri, params: {environment: environment})}.to raise_error(Puppet::HTTP::SerializationError, /HTTP REST queries cannot handle values of type/)
+    end
     it "merges custom headers with default ones" do
       stub_request(:get, uri).with(headers: { 'X-Foo' => 'Bar', 'X-Puppet-Version' => /./, 'User-Agent' => /./ })
@@ -132,6 +178,28 @@ describe Puppet::HTTP::Client do
       expect(io.string).to eq("abc")
     end
+    context 'when connecting' do
+      it 'uses a specified ssl context' do
+        stub_request(:get, uri).to_return(body: "abc")
+        other_context = Puppet::SSL::SSLContext.new
+        client.get(uri, options: {ssl_context: other_context})
+      end
+      it 'uses the system store' do
+        stub_request(:get, uri).to_return(body: "abc")
+        client.get(uri, options: {include_system_store: true})
+      end
+      it 'raises an HTTPError if both are specified' do
+        expect {
+          client.get(uri, options: {ssl_context: puppet_context, include_system_store: true})
+        }.to raise_error(Puppet::HTTP::HTTPError, /The ssl_context and include_system_store parameters are mutually exclusive/)
+      end
+    end
   end
   context "for HEAD requests" do
@@ -167,6 +235,28 @@ describe Puppet::HTTP::Client do
       expect(client.head(uri).body).to eq("abc")
     end
+    context 'when connecting' do
+      it 'uses a specified ssl context' do
+        stub_request(:head, uri)
+        other_context = Puppet::SSL::SSLContext.new
+        client.head(uri, options: {ssl_context: other_context})
+      end
+      it 'uses the system store' do
+        stub_request(:head, uri)
+        client.head(uri, options: {include_system_store: true})
+      end
+      it 'raises an HTTPError if both are specified' do
+        expect {
+          client.head(uri, options: {ssl_context: puppet_context, include_system_store: true})
+        }.to raise_error(Puppet::HTTP::HTTPError, /The ssl_context and include_system_store parameters are mutually exclusive/)
+      end
+    end
   end
   context "for PUT requests" do
@@ -176,25 +266,25 @@ describe Puppet::HTTP::Client do
         expect(request.headers).to_not include('X-Puppet-Profiling')
       end
-      client.put(uri, content_type: 'text/plain', body: "")
+      client.put(uri, "", headers: {'Content-Type' => 'text/plain'})
     end
     it "stringifies keys and encodes values in the query" do
       stub_request(:put, "https://www.example.com").with(query: "foo=bar%3Dbaz")
-      client.put(uri, params: {:foo => "bar=baz"}, content_type: 'text/plain', body: "")
+      client.put(uri, "", params: {:foo => "bar=baz"}, headers: {'Content-Type' => 'text/plain'})
     end
     it "includes custom headers" do
       stub_request(:put, "https://www.example.com").with(headers: { 'X-Foo' => 'Bar' })
-      client.put(uri, headers: {'X-Foo' => 'Bar'}, content_type: 'text/plain', body: "")
+      client.put(uri, "", headers: {'X-Foo' => 'Bar', 'Content-Type' => 'text/plain'})
     end
     it "returns the response" do
       stub_request(:put, uri)
-      response = client.put(uri, content_type: 'text/plain', body: "")
+      response = client.put(uri, "", headers: {'Content-Type' => 'text/plain'})
       expect(response).to be_an_instance_of(Puppet::HTTP::Response)
       expect(response).to be_success
       expect(response.code).to eq(200)
@@ -203,7 +293,41 @@ describe Puppet::HTTP::Client do
     it "sets content-length and content-type for the body" do
       stub_request(:put, uri).with(headers: {"Content-Length" => "5", "Content-Type" => "text/plain"})
-      client.put(uri, content_type: 'text/plain', body: "hello")
+      client.put(uri, "hello", headers: {'Content-Type' => 'text/plain'})
+    end
+     it 'raises an ArgumentError if `body` is missing' do
+       expect {
+         client.put(uri, nil, headers: {'Content-Type' => 'text/plain'})
+       }.to raise_error(ArgumentError, /'put' requires a string 'body' argument/)
+     end
+     it 'raises an ArgumentError if `content_type` is missing from the headers hash' do
+       expect {
+         client.put(uri, '')
+       }.to raise_error(ArgumentError, /'put' requires a 'content-type' header/)
+     end
+    context 'when connecting' do
+      it 'uses a specified ssl context' do
+        stub_request(:put, uri)
+        other_context = Puppet::SSL::SSLContext.new
+        client.put(uri, "", headers: {'Content-Type' => 'text/plain'}, options: {ssl_context: other_context})
+      end
+      it 'uses the system store' do
+        stub_request(:put, uri)
+        client.put(uri, "", headers: {'Content-Type' => 'text/plain'}, options: {include_system_store: true})
+      end
+      it 'raises an HTTPError if both are specified' do
+        expect {
+          client.put(uri, "", headers: {'Content-Type' => 'text/plain'}, options: {ssl_context: puppet_context, include_system_store: true})
+        }.to raise_error(Puppet::HTTP::HTTPError, /The ssl_context and include_system_store parameters are mutually exclusive/)
+      end
     end
   end
@@ -211,25 +335,25 @@ describe Puppet::HTTP::Client do
     it "includes default HTTP headers" do
       stub_request(:post, uri).with(headers: {'X-Puppet-Version' => /./, 'User-Agent' => /./})
-      client.post(uri, content_type: 'text/plain', body: "")
+      client.post(uri, "", headers: {'Content-Type' => 'text/plain'})
     end
     it "stringifies keys and encodes values in the query" do
       stub_request(:post, "https://www.example.com").with(query: "foo=bar%3Dbaz")
-      client.post(uri, params: {:foo => "bar=baz"}, content_type: 'text/plain', body: "")
+      client.post(uri, "", params: {:foo => "bar=baz"}, headers: {'Content-Type' => 'text/plain'})
     end
     it "includes custom headers" do
       stub_request(:post, "https://www.example.com").with(headers: { 'X-Foo' => 'Bar' })
-      client.post(uri, headers: {'X-Foo' => 'Bar'}, content_type: 'text/plain', body: "")
+      client.post(uri, "", headers: {'X-Foo' => 'Bar', 'Content-Type' => 'text/plain'})
     end
     it "returns the response" do
       stub_request(:post, uri)
-      response = client.post(uri, content_type: 'text/plain', body: "")
+      response = client.post(uri, "", headers: {'Content-Type' => 'text/plain'})
       expect(response).to be_an_instance_of(Puppet::HTTP::Response)
       expect(response).to be_success
       expect(response.code).to eq(200)
@@ -238,14 +362,14 @@ describe Puppet::HTTP::Client do
     it "sets content-length and content-type for the body" do
       stub_request(:post, uri).with(headers: {"Content-Length" => "5", "Content-Type" => "text/plain"})
-      client.post(uri, content_type: 'text/plain', body: "hello")
+      client.post(uri, "hello", headers: {'Content-Type' => 'text/plain'})
     end
     it "streams the response body when a block is given" do
       stub_request(:post, uri).to_return(body: "abc")
       io = StringIO.new
-      client.post(uri, content_type: 'text/plain', body: "") do |response|
+      client.post(uri, "", headers: {'Content-Type' => 'text/plain'}) do |response|
         response.read_body do |data|
           io.write(data)
         end
@@ -253,6 +377,40 @@ describe Puppet::HTTP::Client do
       expect(io.string).to eq("abc")
     end
+    it 'raises an ArgumentError if `body` is missing' do
+      expect {
+        client.post(uri, nil, headers: {'Content-Type' => 'text/plain'})
+      }.to raise_error(ArgumentError, /'post' requires a string 'body' argument/)
+    end
+    it 'raises an ArgumentError if `content_type` is missing from the headers hash' do
+      expect {
+        client.post(uri, "")
+      }.to raise_error(ArgumentError, /'post' requires a 'content-type' header/)
+    end
+    context 'when connecting' do
+      it 'uses a specified ssl context' do
+        stub_request(:post, uri)
+        other_context = Puppet::SSL::SSLContext.new
+        client.post(uri, "", headers: {'Content-Type' => 'text/plain'}, options: {body: "", ssl_context: other_context})
+      end
+      it 'uses the system store' do
+        stub_request(:post, uri)
+        client.post(uri, "", headers: {'Content-Type' => 'text/plain'}, options: {include_system_store: true})
+      end
+      it 'raises an HTTPError if both are specified' do
+        expect {
+          client.post(uri, "", headers: {'Content-Type' => 'text/plain'}, options: {ssl_context: puppet_context, include_system_store: true})
+        }.to raise_error(Puppet::HTTP::HTTPError, /The ssl_context and include_system_store parameters are mutually exclusive/)
+      end
+    end
   end
   context "for DELETE requests" do
@@ -288,44 +446,80 @@ describe Puppet::HTTP::Client do
       expect(client.delete(uri).body).to eq("abc")
     end
+    context 'when connecting' do
+      it 'uses a specified ssl context' do
+        stub_request(:delete, uri)
+        other_context = Puppet::SSL::SSLContext.new
+        client.delete(uri, options: {ssl_context: other_context})
+      end
+      it 'uses the system store' do
+        stub_request(:delete, uri)
+        client.delete(uri, options: {include_system_store: true})
+      end
+      it 'raises an HTTPError if both are specified' do
+        expect {
+          client.delete(uri, options: {ssl_context: puppet_context, include_system_store: true})
+        }.to raise_error(Puppet::HTTP::HTTPError, /The ssl_context and include_system_store parameters are mutually exclusive/)
+      end
+    end
   end
   context "Basic Auth" do
     it "submits credentials for GET requests" do
       stub_request(:get, uri).with(basic_auth: credentials)
-      client.get(uri, user: 'user', password: 'pass')
+      client.get(uri, options: {basic_auth: {user: 'user', password: 'pass'}})
     end
     it "submits credentials for PUT requests" do
       stub_request(:put, uri).with(basic_auth: credentials)
-      client.put(uri, content_type: 'text/plain', body: "hello", user: 'user', password: 'pass')
+      client.put(uri, "hello", headers: {'Content-Type' => 'text/plain'}, options: {basic_auth: {user: 'user', password: 'pass'}})
     end
     it "returns response containing access denied" do
       stub_request(:get, uri).with(basic_auth: credentials).to_return(status: [403, "Ye Shall Not Pass"])
-      response = client.get(uri, user: 'user', password: 'pass')
+      response = client.get(uri, options: {basic_auth: {user: 'user', password: 'pass'}})
       expect(response.code).to eq(403)
       expect(response.reason).to eq("Ye Shall Not Pass")
       expect(response).to_not be_success
     end
-    it 'omits basic auth if user is nil' do
+    it 'includes basic auth if user is nil' do
       stub_request(:get, uri).with do |req|
-        expect(req.headers).to_not include('Authorization')
+        expect(req.headers).to include('Authorization')
       end
-      client.get(uri, user: nil, password: 'pass')
+      client.get(uri, options: {basic_auth: {user: nil, password: 'pass'}})
     end
-    it 'omits basic auth if password is nil' do
+    it 'includes basic auth if password is nil' do
       stub_request(:get, uri).with do |req|
-        expect(req.headers).to_not include('Authorization')
+        expect(req.headers).to include('Authorization')
       end
-      client.get(uri, user: 'user', password: nil)
+      client.get(uri, options: {basic_auth: {user: 'user', password: nil}})
+    end
+    it 'observes userinfo in the URL' do
+      stub_request(:get, uri).with(basic_auth: credentials)
+      client.get(URI("https://user:pass@www.example.com"))
+    end
+    it 'prefers explicit basic_auth credentials' do
+      uri = URI("https://ignored_user:ignored_pass@www.example.com")
+      stub_request(:get, "https://www.example.com").with(basic_auth: credentials)
+      client.get(uri, options: {basic_auth: {user: 'user', password: 'pass'}})
     end
   end
@@ -351,14 +545,45 @@ describe Puppet::HTTP::Client do
       stub_request(:put, start_url).to_return(redirect_to(url: bar_url))
       stub_request(:put, bar_url).to_return(status: 200)
-      response = client.put(start_url, body: "", content_type: 'text/plain')
+      response = client.put(start_url, "", headers: {'Content-Type' => 'text/plain'})
+      expect(response).to be_success
+    end
+    it "updates the Host header from the Location host and port" do
+      stub_request(:get, start_url).with(headers: { 'Host' => 'www.example.com:8140' })
+        .to_return(redirect_to(url: other_host))
+      stub_request(:get, other_host).with(headers: { 'Host' => 'other.example.com:8140' })
+        .to_return(status: 200)
+      response = client.get(start_url)
+      expect(response).to be_success
+    end
+    it "omits the default HTTPS port from the Host header" do
+      stub_request(:get, start_url).with(headers: { 'Host' => 'www.example.com:8140' })
+        .to_return(redirect_to(url: "https://other.example.com/qux"))
+      stub_request(:get, "https://other.example.com/qux").with(headers: { 'Host' => 'other.example.com' })
+        .to_return(status: 200)
+      response = client.get(start_url)
+      expect(response).to be_success
+    end
+    it "omits the default HTTP port from the Host header" do
+      stub_request(:get, start_url).with(headers: { 'Host' => 'www.example.com:8140' })
+        .to_return(redirect_to(url: "http://other.example.com/qux"))
+      stub_request(:get, "http://other.example.com/qux").with(headers: { 'Host' => 'other.example.com' })
+        .to_return(status: 200)
+      response = client.get(start_url)
       expect(response).to be_success
     end
-    it "preserves query parameters" do
-      query = { 'debug' => true }
-      stub_request(:get, start_url).with(query: query).to_return(redirect_to(url: bar_url))
-      stub_request(:get, bar_url).with(query: query).to_return(status: 200)
+    it "applies query parameters from the location header" do
+      query = { 'redirected' => false }
+      stub_request(:get, start_url).with(query: query).to_return(redirect_to(url: "#{bar_url}?redirected=true"))
+      stub_request(:get, bar_url).with(query: {'redirected' => 'true'}).to_return(status: 200)
       response = client.get(start_url, params: query)
       expect(response).to be_success
@@ -377,7 +602,7 @@ describe Puppet::HTTP::Client do
       stub_request(:get, start_url).with(basic_auth: credentials).to_return(redirect_to(url: bar_url))
       stub_request(:get, bar_url).with(basic_auth: credentials).to_return(status: 200)
-      client.get(start_url, user: 'user', password: 'pass')
+      client.get(start_url, options: {basic_auth: {user: 'user', password: 'pass'}})
     end
     it "redirects given a relative location" do
@@ -389,22 +614,33 @@ describe Puppet::HTTP::Client do
       expect(response).to be_success
     end
-    it "preserves query parameters given a relative location" do
+    it "applies query parameters from the location header" do
       relative_url = "/people.html"
-      query = { 'debug' => true }
-      stub_request(:get, start_url).with(query: query).to_return(redirect_to(url: relative_url))
-      stub_request(:get, "https://www.example.com:8140/people.html").with(query: query).to_return(status: 200)
+      query = { 'redirected' => false }
+      stub_request(:get, start_url).with(query: query).to_return(redirect_to(url: "#{relative_url}?redirected=true"))
+      stub_request(:get, "https://www.example.com:8140/people.html").with(query: {'redirected' => 'true'}).to_return(status: 200)
       response = client.get(start_url, params: query)
       expect(response).to be_success
     end
+    it "removes dot segments from a relative location" do
+      # from https://tools.ietf.org/html/rfc3986#section-5.4.2
+      base_url = URI("http://a/b/c/d;p?q")
+      relative_url = "../../../../g"
+      stub_request(:get, base_url).to_return(redirect_to(url: relative_url))
+      stub_request(:get, "http://a/g").to_return(status: 200)
+      response = client.get(base_url)
+      expect(response).to be_success
+    end
     it "preserves request body for each request" do
       data = 'some data'
       stub_request(:put, start_url).with(body: data).to_return(redirect_to(url: bar_url))
       stub_request(:put, bar_url).with(body: data).to_return(status: 200)
-      response = client.put(start_url, body: data, content_type: 'text/plain')
+      response = client.put(start_url, data, headers: {'Content-Type' => 'text/plain'})
       expect(response).to be_success
     end
@@ -533,6 +769,32 @@ describe Puppet::HTTP::Client do
       }.to raise_error(Puppet::HTTP::ProtocolError, /Failed to parse Retry-After header 'foo' as an integer or RFC 2822 date/)
     end
+    it "should close the connection before sleeping" do
+      retry_after('42')
+      site = Puppet::Network::HTTP::Site.from_uri(uri)
+      http1 = Net::HTTP.new(site.host, site.port)
+      http1.use_ssl = true
+      allow(http1).to receive(:started?).and_return(true)
+      http2 = Net::HTTP.new(site.host, site.port)
+      http2.use_ssl = true
+      allow(http2).to receive(:started?).and_return(true)
+      pool = Puppet::Network::HTTP::Pool.new(15)
+      client = Puppet::HTTP::Client.new(pool: pool)
+      # The "with_connection" method is required to yield started connections
+      allow(pool).to receive(:with_connection).and_yield(http1).and_yield(http2)
+      expect(http1).to receive(:finish).ordered
+      expect(::Kernel).to receive(:sleep).with(42).ordered
+      client.get(uri)
+    end
     it "should sleep and retry if Retry-After is an Integer" do
       retry_after('42')
@@ -569,4 +831,34 @@ describe Puppet::HTTP::Client do
       client.get(uri)
     end
   end
+  context "persistent connections" do
+    before :each do
+      stub_request(:get, uri)
+    end
+    it 'defaults keepalive to http_keepalive_timeout' do
+      expect(client.pool.keepalive_timeout).to eq(Puppet[:http_keepalive_timeout])
+    end
+    it 'reuses a cached connection' do
+      allow(Puppet).to receive(:debug)
+      expect(Puppet).to receive(:debug).with(/^Creating new connection/)
+      expect(Puppet).to receive(:debug).with(/^Using cached connection/)
+      client.get(uri)
+      client.get(uri)
+    end
+    it 'can be disabled' do
+      Puppet[:http_keepalive_timeout] = 0
+      allow(Puppet).to receive(:debug)
+      expect(Puppet).to receive(:debug).with(/^Creating new connection/).twice
+      expect(Puppet).to receive(:debug).with(/^Using cached connection/).never
+      client.get(uri)
+      client.get(uri)
+    end
+  end
 end