puppet 6.13.0 → 6.14.0

data/spec/unit/functions/lookup_spec.rb

@@ -3082,6 +3082,19 @@ describe "The lookup function" do
 
       let(:env_data) { data_files }
 
+      context 'with unencryptable eyaml' do
+        let(:data_files) do
+          {
+            'common.eyaml' => <<-YAML.unindent
+              key_with_invalid_eyaml: ENC[PKCS7,INVALID]
+              YAML
+          }
+        end
+
+        it 'fails and reports error with ENC value, key being looked up and filename' do
+          expect { lookup('key_with_invalid_eyaml') }.to raise_error(Puppet::DataBinding::LookupError, /hiera-eyaml backend error decrypting ENC\[PKCS7,INVALID\] when looking up key_with_invalid_eyaml in .*common\.eyaml\. Error was/)
+        end
+      end
       context 'and a module using eyaml with different options' do
 
         let(:private_module_key) do

data/spec/unit/http/client_spec.rb

@@ -4,7 +4,10 @@ require 'puppet/http'
 
 describe Puppet::HTTP::Client do
   let(:uri) { URI.parse('https://www.example.com') }
-  let(:client) { described_class.new }
+  let(:pool) { Puppet::Network::HTTP::Pool.new }
+  let(:puppet_context) { Puppet::SSL::SSLContext.new }
+  let(:system_context) { Puppet::SSL::SSLContext.new }
+  let(:client) { described_class.new(pool: pool, ssl_context: puppet_context, system_ssl_context: system_context) }
   let(:credentials) { ['user', 'pass'] }
 
   it 'creates unique sessions' do
@@ -45,6 +48,38 @@ describe Puppet::HTTP::Client do
         client.connect(uri)
       }.to raise_error(Puppet::HTTP::ConnectionError, %r{^Request to https://www.example.com timed out connect operation after .* seconds})
     end
+
+    it 'connects using the default ssl context' do
+      expect(pool).to receive(:with_connection) do |_, verifier|
+        expect(verifier.ssl_context).to equal(puppet_context)
+      end
+
+      client.connect(uri)
+    end
+
+    it 'connects using a specified ssl context' do
+      other_context = Puppet::SSL::SSLContext.new
+
+      expect(pool).to receive(:with_connection) do |_, verifier|
+        expect(verifier.ssl_context).to equal(other_context)
+      end
+
+      client.connect(uri, ssl_context: other_context)
+    end
+
+    it 'connects using the system store' do
+      expect(pool).to receive(:with_connection) do |_, verifier|
+        expect(verifier.ssl_context).to equal(system_context)
+      end
+
+      client.connect(uri, include_system_store: true)
+    end
+
+    it 'raises an HTTPError if both are specified' do
+      expect {
+        client.connect(uri, ssl_context: puppet_context, include_system_store: true)
+      }.to raise_error(Puppet::HTTP::HTTPError, /The ssl_context and include_system_store parameters are mutually exclusive/)
+    end
   end
 
   context 'after connecting' do
@@ -138,6 +173,28 @@ describe Puppet::HTTP::Client do
 
       expect(io.string).to eq("abc")
     end
+
+    context 'when connecting' do
+      it 'uses a specified ssl context' do
+        stub_request(:get, uri).to_return(body: "abc")
+
+        other_context = Puppet::SSL::SSLContext.new
+
+        client.get(uri, ssl_context: other_context)
+      end
+
+      it 'uses the system store' do
+        stub_request(:get, uri).to_return(body: "abc")
+
+        client.get(uri, include_system_store: true)
+      end
+
+      it 'raises an HTTPError if both are specified' do
+        expect {
+          client.get(uri, ssl_context: puppet_context, include_system_store: true)
+        }.to raise_error(Puppet::HTTP::HTTPError, /The ssl_context and include_system_store parameters are mutually exclusive/)
+      end
+    end
   end
 
   context "for HEAD requests" do
@@ -173,6 +230,28 @@ describe Puppet::HTTP::Client do
 
       expect(client.head(uri).body).to eq("abc")
     end
+
+    context 'when connecting' do
+      it 'uses a specified ssl context' do
+        stub_request(:head, uri)
+
+        other_context = Puppet::SSL::SSLContext.new
+
+        client.head(uri, ssl_context: other_context)
+      end
+
+      it 'uses the system store' do
+        stub_request(:head, uri)
+
+        client.head(uri, include_system_store: true)
+      end
+
+      it 'raises an HTTPError if both are specified' do
+        expect {
+          client.head(uri, ssl_context: puppet_context, include_system_store: true)
+        }.to raise_error(Puppet::HTTP::HTTPError, /The ssl_context and include_system_store parameters are mutually exclusive/)
+      end
+    end
   end
 
   context "for PUT requests" do
@@ -211,6 +290,28 @@ describe Puppet::HTTP::Client do
 
       client.put(uri, content_type: 'text/plain', body: "hello")
     end
+
+    context 'when connecting' do
+      it 'uses a specified ssl context' do
+        stub_request(:put, uri)
+
+        other_context = Puppet::SSL::SSLContext.new
+
+        client.put(uri, content_type: 'text/plain', body: "", ssl_context: other_context)
+      end
+
+      it 'uses the system store' do
+        stub_request(:put, uri)
+
+        client.put(uri, content_type: 'text/plain', body: "", include_system_store: true)
+      end
+
+      it 'raises an HTTPError if both are specified' do
+        expect {
+          client.put(uri, content_type: 'text/plain', body: "", ssl_context: puppet_context, include_system_store: true)
+        }.to raise_error(Puppet::HTTP::HTTPError, /The ssl_context and include_system_store parameters are mutually exclusive/)
+      end
+    end
   end
 
   context "for POST requests" do
@@ -259,6 +360,28 @@ describe Puppet::HTTP::Client do
 
       expect(io.string).to eq("abc")
     end
+
+    context 'when connecting' do
+      it 'uses a specified ssl context' do
+        stub_request(:post, uri)
+
+        other_context = Puppet::SSL::SSLContext.new
+
+        client.post(uri, content_type: 'text/plain', body: "", ssl_context: other_context)
+      end
+
+      it 'uses the system store' do
+        stub_request(:post, uri)
+
+        client.post(uri, content_type: 'text/plain', body: "", include_system_store: true)
+      end
+
+      it 'raises an HTTPError if both are specified' do
+        expect {
+          client.post(uri, content_type: 'text/plain', body: "", ssl_context: puppet_context, include_system_store: true)
+        }.to raise_error(Puppet::HTTP::HTTPError, /The ssl_context and include_system_store parameters are mutually exclusive/)
+      end
+    end
   end
 
   context "for DELETE requests" do
@@ -294,6 +417,28 @@ describe Puppet::HTTP::Client do
 
       expect(client.delete(uri).body).to eq("abc")
     end
+
+    context 'when connecting' do
+      it 'uses a specified ssl context' do
+        stub_request(:delete, uri)
+
+        other_context = Puppet::SSL::SSLContext.new
+
+        client.delete(uri, ssl_context: other_context)
+      end
+
+      it 'uses the system store' do
+        stub_request(:delete, uri)
+
+        client.delete(uri, include_system_store: true)
+      end
+
+      it 'raises an HTTPError if both are specified' do
+        expect {
+          client.delete(uri, ssl_context: puppet_context, include_system_store: true)
+        }.to raise_error(Puppet::HTTP::HTTPError, /The ssl_context and include_system_store parameters are mutually exclusive/)
+      end
+    end
   end
 
   context "Basic Auth" do
@@ -539,6 +684,32 @@ describe Puppet::HTTP::Client do
       }.to raise_error(Puppet::HTTP::ProtocolError, /Failed to parse Retry-After header 'foo' as an integer or RFC 2822 date/)
     end
 
+    it "should close the connection before sleeping" do
+      retry_after('42')
+
+      site = Puppet::Network::HTTP::Site.from_uri(uri)
+
+      http1 = Net::HTTP.new(site.host, site.port)
+      http1.use_ssl = true
+      allow(http1).to receive(:started?).and_return(true)
+
+      http2 = Net::HTTP.new(site.host, site.port)
+      http2.use_ssl = true
+      allow(http2).to receive(:started?).and_return(true)
+
+
+      pool = Puppet::Network::HTTP::Pool.new()
+      client = Puppet::HTTP::Client.new(pool: pool)
+
+      # The "with_connection" method is required to yield started connections
+      allow(pool).to receive(:with_connection).and_yield(http1).and_yield(http2)
+
+      expect(http1).to receive(:finish).ordered
+      expect(::Kernel).to receive(:sleep).with(42).ordered
+
+      client.get(uri)
+    end
+
     it "should sleep and retry if Retry-After is an Integer" do
       retry_after('42')
 

data/spec/unit/http/resolver_spec.rb

@@ -22,10 +22,11 @@ describe Puppet::HTTP::Resolver do
   end
 
   context 'when resolving using server_list' do
+    let(:subject) { Puppet::HTTP::Resolver::ServerList.new(client, server_list_setting: Puppet.settings.setting(:server_list), default_port: 8142, services: Puppet::HTTP::Service::SERVICE_NAMES) }
+
     before :each do
       Puppet[:server_list] = 'ca.example.com:8141,apple.example.com'
     end
-    let(:subject) { Puppet::HTTP::Resolver::ServerList.new(client, server_list_setting: Puppet.settings.setting(:server_list), default_port: 8142, services: [:puppet, :ca]) }
 
     it 'returns a service based on the current server_list setting' do
       stub_request(:get, "https://ca.example.com:8141/status/v1/simple/master").to_return(status: 200)
@@ -43,7 +44,18 @@ describe Puppet::HTTP::Resolver do
       expect(service.url.to_s).to eq("https://ca.example.com:8141/puppet-ca/v1")
     end
 
-    it 'falls fails if no servers in server_list are accessible' do
+    it 'logs unsuccessful HTTP 500 responses' do
+      Puppet[:log_level] = "debug"
+
+      stub_request(:get, "https://ca.example.com:8141/status/v1/simple/master").to_return(status: [500, 'Internal Server Error'])
+      stub_request(:get, "https://apple.example.com:8142/status/v1/simple/master").to_return(status: 200)
+
+      subject.resolve(session, :ca)
+
+      expect(@logs.map(&:message)).to include(/Puppet server ca.example.com:8141 is unavailable: 500 Internal Server Error/)
+    end
+
+    it 'fails if no servers in server_list are accessible' do
       stub_request(:get, "https://ca.example.com:8141/status/v1/simple/master").to_return(status: 503)
       stub_request(:get, "https://apple.example.com:8142/status/v1/simple/master").to_return(status: 503)
 

data/spec/unit/http/response_spec.rb

@@ -0,0 +1,69 @@
+require 'spec_helper'
+require 'puppet/http'
+
+describe Puppet::HTTP::Response do
+  let(:uri) { URI.parse('https://www.example.com') }
+  let(:client) { Puppet::HTTP::Client.new }
+
+  it "returns the request URL" do
+    stub_request(:get, uri)
+
+    response = client.get(uri)
+    expect(response.url).to eq(uri)
+  end
+
+  it "returns the HTTP code" do
+    stub_request(:get, uri)
+
+    response = client.get(uri)
+    expect(response.code).to eq(200)
+  end
+
+  it "returns the HTTP reason string" do
+    stub_request(:get, uri).to_return(status: [418, "I'm a teapot"])
+
+    response = client.get(uri)
+    expect(response.reason).to eq("I'm a teapot")
+  end
+
+  it "returns the response body" do
+    stub_request(:get, uri).to_return(status: 200, body: "I'm the body")
+
+    response = client.get(uri)
+    expect(response.body).to eq("I'm the body")
+  end
+
+  it "streams the response body" do
+    stub_request(:get, uri).to_return(status: 200, body: "I'm the streaming body")
+
+    content = StringIO.new
+    client.get(uri) do |response|
+      response.read_body do |data|
+        content << data
+      end
+    end
+    expect(content.string).to eq("I'm the streaming body")
+  end
+
+  it "raises if a block isn't given when streaming" do
+    stub_request(:get, uri).to_return(status: 200, body: "")
+
+    expect {
+      client.get(uri) do |response|
+        response.read_body
+      end
+    }.to raise_error(Puppet::HTTP::HTTPError, %r{Request to https://www.example.com failed after .* seconds: A block is required})
+  end
+
+  it "returns success for all 2xx codes" do
+    stub_request(:get, uri).to_return(status: 202)
+
+    expect(client.get(uri)).to be_success
+  end
+
+  it "returns a header value" do
+    stub_request(:get, uri).to_return(status: 200, headers: { 'Content-Encoding' => 'gzip' })
+
+    expect(client.get(uri)['Content-Encoding']).to eq('gzip')
+  end
+end

data/spec/unit/http/service/ca_spec.rb

@@ -5,6 +5,7 @@ require 'puppet/http'
 describe Puppet::HTTP::Service::Ca do
   let(:ssl_context) { Puppet::SSL::SSLContext.new }
   let(:client) { Puppet::HTTP::Client.new(ssl_context: ssl_context) }
+  let(:session) { Puppet::HTTP::Session.new(client, []) }
   let(:subject) { client.create_session.route_to(:ca) }
 
   before :each do
@@ -23,15 +24,6 @@ describe Puppet::HTTP::Service::Ca do
 
       subject.get_certificate('ca')
     end
-
-
-    it 'includes the X-Puppet-Profiling header when Puppet[:profile] is true' do
-      stub_request(:get, uri).with(headers: {'X-Puppet-Version' => /./, 'User-Agent' => /./, 'X-Puppet-Profiling' => 'true'})
-
-      Puppet[:profile] = true
-
-      subject.get_certificate('ca')
-    end
   end
 
   context 'when routing to the CA service' do
@@ -64,6 +56,15 @@ describe Puppet::HTTP::Service::Ca do
     let(:pem) { cert.to_pem }
     let(:url) { "https://www.example.com/puppet-ca/v1/certificate/ca" }
 
+    it 'includes headers set via the :http_extra_headers and :profile settings' do
+      stub_request(:get, url).with(headers: {'Example-Header' => 'real-thing', 'another' => 'thing', 'X-Puppet-Profiling' => 'true'})
+
+      Puppet[:http_extra_headers] = 'Example-Header:real-thing,another:thing'
+      Puppet[:profile] = true
+
+      subject.get_certificate('ca')
+    end
+
     it 'gets a certificate from the "certificate" endpoint' do
       stub_request(:get, url).to_return(body: pem)
 
@@ -94,6 +95,15 @@ describe Puppet::HTTP::Service::Ca do
     let(:pem) { crl.to_pem }
     let(:url) { "https://www.example.com/puppet-ca/v1/certificate_revocation_list/ca" }
 
+    it 'includes headers set via the :http_extra_headers and :profile settings' do
+      stub_request(:get, url).with(headers: {'Example-Header' => 'real-thing', 'another' => 'thing', 'X-Puppet-Profiling' => 'true'})
+
+      Puppet[:http_extra_headers] = 'Example-Header:real-thing,another:thing'
+      Puppet[:profile] = true
+
+      subject.get_certificate_revocation_list
+    end
+
     it 'gets a CRL from "certificate_revocation_list" endpoint' do
       stub_request(:get, url).to_return(body: pem)
 
@@ -136,6 +146,15 @@ describe Puppet::HTTP::Service::Ca do
     let(:pem) { request.to_pem }
     let(:url) { "https://www.example.com/puppet-ca/v1/certificate_request/infinity" }
 
+    it 'includes headers set via the :http_extra_headers and :profile settings' do
+      stub_request(:put, url).with(headers: {'Example-Header' => 'real-thing', 'another' => 'thing', 'X-Puppet-Profiling' => 'true'})
+
+      Puppet[:http_extra_headers] = 'Example-Header:real-thing,another:thing'
+      Puppet[:profile] = true
+
+      subject.put_certificate_request('infinity', request)
+    end
+
     it 'submits a CSR to the "certificate_request" endpoint' do
       stub_request(:put, url).with(body: pem, headers: { 'Content-Type' => 'text/plain' })
 

data/spec/unit/http/service/compiler_spec.rb

@@ -12,6 +12,7 @@ describe Puppet::HTTP::Service::Compiler do
   let(:node) { Puppet::Node.new(certname) }
   let(:facts) { Puppet::Node::Facts.new(certname) }
   let(:catalog) { Puppet::Resource::Catalog.new(certname) }
+  let(:status) { Puppet::Status.new }
   let(:formatter) { Puppet::Network::FormatHandler.format(:json) }
 
   before :each do
@@ -30,16 +31,7 @@ describe Puppet::HTTP::Service::Compiler do
         expect(request.headers).to_not include('X-Puppet-Profiling')
       end.to_return(body: formatter.render(catalog), headers: {'Content-Type' => formatter.mime })
 
-      subject.get_catalog(certname, environment: environment, facts: facts)
-    end
-
-    it 'includes the X-Puppet-Profiling header in requests when Puppet[:profile] is true' do
-      stub_request(:post, uri).with(headers: {'X-Puppet-Version' => /./, 'User-Agent' => /./, 'X-Puppet-Profiling' => 'true'})
-        .to_return(body: formatter.render(catalog), headers: {'Content-Type' => formatter.mime })
-
-      Puppet[:profile] = true
-
-      subject.get_catalog(certname, environment: environment, facts: facts)
+      subject.post_catalog(certname, environment: environment, facts: facts)
     end
   end
 
@@ -51,7 +43,7 @@ describe Puppet::HTTP::Service::Compiler do
       stub_request(:post, "https://compiler2.example.com:8141/puppet/v3/catalog/ziggy?environment=testing")
         .to_return(body: formatter.render(catalog), headers: {'Content-Type' => formatter.mime })
 
-      subject.get_catalog(certname, environment: environment, facts: facts)
+      subject.post_catalog(certname, environment: environment, facts: facts)
     end
   end
 
@@ -59,12 +51,22 @@ describe Puppet::HTTP::Service::Compiler do
     let(:uri) { %r{/puppet/v3/catalog/ziggy} }
     let(:catalog_response) { { body: formatter.render(catalog), headers: {'Content-Type' => formatter.mime } } }
 
+    it 'includes puppet headers set via the :http_extra_headers and :profile settings' do
+      stub_request(:post, uri).with(headers: {'Example-Header' => 'real-thing', 'another' => 'thing', 'X-Puppet-Profiling' => 'true'}).
+        to_return(body: formatter.render(catalog), headers: {'Content-Type' => formatter.mime })
+
+      Puppet[:http_extra_headers] = 'Example-Header:real-thing,another:thing'
+      Puppet[:profile] = true
+
+      subject.post_catalog(certname, environment: environment, facts: facts)
+    end
+
     it 'submits facts as application/json by default' do
       stub_request(:post, uri)
         .with(body: hash_including("facts_format" => /application\/json/))
         .to_return(**catalog_response)
 
-      subject.get_catalog(certname, environment: environment, facts: facts)
+      subject.post_catalog(certname, environment: environment, facts: facts)
     end
 
     it 'submits facts as pson if set as the preferred format' do
@@ -74,7 +76,7 @@ describe Puppet::HTTP::Service::Compiler do
         .with(body: hash_including("facts_format" => /pson/))
         .to_return(**catalog_response)
 
-      subject.get_catalog(certname, environment: environment, facts: facts)
+      subject.post_catalog(certname, environment: environment, facts: facts)
     end
 
     it 'includes environment as a query parameter AND in the POST body' do
@@ -83,7 +85,7 @@ describe Puppet::HTTP::Service::Compiler do
               body: hash_including("environment" => 'outerspace'))
         .to_return(**catalog_response)
 
-      subject.get_catalog(certname, environment: 'outerspace', facts: facts)
+      subject.post_catalog(certname, environment: 'outerspace', facts: facts)
     end
 
     it 'includes configured_environment' do
@@ -91,7 +93,7 @@ describe Puppet::HTTP::Service::Compiler do
         .with(body: hash_including("configured_environment" => 'agent_specified'))
         .to_return(**catalog_response)
 
-      subject.get_catalog(certname, environment: 'production', facts: facts, configured_environment: 'agent_specified')
+      subject.post_catalog(certname, environment: 'production', facts: facts, configured_environment: 'agent_specified')
     end
 
     it 'includes transaction_uuid' do
@@ -101,7 +103,7 @@ describe Puppet::HTTP::Service::Compiler do
         .with(body: hash_including("transaction_uuid" => uuid))
         .to_return(**catalog_response)
 
-      subject.get_catalog(certname, environment: 'production', facts: facts, transaction_uuid: uuid)
+      subject.post_catalog(certname, environment: 'production', facts: facts, transaction_uuid: uuid)
     end
 
     it 'includes job_uuid' do
@@ -111,7 +113,7 @@ describe Puppet::HTTP::Service::Compiler do
         .with(body: hash_including("job_uuid" => uuid))
         .to_return(**catalog_response)
 
-      subject.get_catalog(certname, environment: 'production', facts: facts, job_uuid: uuid)
+      subject.post_catalog(certname, environment: 'production', facts: facts, job_uuid: uuid)
     end
 
     it 'includes static_catalog' do
@@ -119,7 +121,7 @@ describe Puppet::HTTP::Service::Compiler do
         .with(body: hash_including("static_catalog" => "false"))
         .to_return(**catalog_response)
 
-      subject.get_catalog(certname, environment: 'production', facts: facts, static_catalog: false)
+      subject.post_catalog(certname, environment: 'production', facts: facts, static_catalog: false)
     end
 
     it 'includes dot-separated list of checksum_types' do
@@ -127,14 +129,14 @@ describe Puppet::HTTP::Service::Compiler do
         .with(body: hash_including("checksum_type" => "sha256.sha384"))
         .to_return(**catalog_response)
 
-      subject.get_catalog(certname, environment: 'production', facts: facts, checksum_type: %w[sha256 sha384])
+      subject.post_catalog(certname, environment: 'production', facts: facts, checksum_type: %w[sha256 sha384])
     end
 
     it 'returns a deserialized catalog' do
       stub_request(:post, uri)
         .to_return(**catalog_response)
 
-      cat = subject.get_catalog(certname, environment: 'production', facts: facts)
+      cat = subject.post_catalog(certname, environment: 'production', facts: facts)
       expect(cat).to be_a(Puppet::Resource::Catalog)
       expect(cat.name).to eq(certname)
     end
@@ -144,7 +146,7 @@ describe Puppet::HTTP::Service::Compiler do
         .to_return(status: [500, "Server Error"])
 
       expect {
-        subject.get_catalog(certname, environment: 'production', facts: facts)
+        subject.post_catalog(certname, environment: 'production', facts: facts)
       }.to raise_error do |err|
         expect(err).to be_an_instance_of(Puppet::HTTP::ResponseError)
         expect(err.message).to eq('Server Error')
@@ -157,7 +159,7 @@ describe Puppet::HTTP::Service::Compiler do
         .to_return(body: "content-type is missing")
 
       expect {
-        subject.get_catalog(certname, environment: 'production', facts: facts)
+        subject.post_catalog(certname, environment: 'production', facts: facts)
       }.to raise_error(Puppet::HTTP::ProtocolError, /No content type in http response; cannot parse/)
     end
 
@@ -166,7 +168,7 @@ describe Puppet::HTTP::Service::Compiler do
         .to_return(body: "this isn't valid JSON", headers: {'Content-Type' => 'application/json'})
 
       expect {
-        subject.get_catalog(certname, environment: 'production', facts: facts)
+        subject.post_catalog(certname, environment: 'production', facts: facts)
       }.to raise_error(Puppet::HTTP::SerializationError, /Failed to deserialize Puppet::Resource::Catalog from json/)
     end
 
@@ -194,7 +196,7 @@ describe Puppet::HTTP::Service::Compiler do
             .with(body: hash_including("facts" => /#{test_fact[:encoded]}/))
             .to_return(**catalog_response)
 
-          subject.get_catalog(certname, environment: environment, facts: facts)
+          subject.post_catalog(certname, environment: environment, facts: facts)
         end
       end
     end
@@ -204,6 +206,16 @@ describe Puppet::HTTP::Service::Compiler do
     let(:uri) { %r{/puppet/v3/node/ziggy} }
     let(:node_response) { { body: formatter.render(node), headers: {'Content-Type' => formatter.mime } } }
 
+    it 'includes custom headers set via the :http_extra_headers and :profile settings' do
+      stub_request(:get, uri).with(headers: {'Example-Header' => 'real-thing', 'another' => 'thing', 'X-Puppet-Profiling' => 'true'}).
+        to_return(**node_response)
+
+      Puppet[:http_extra_headers] = 'Example-Header:real-thing,another:thing'
+      Puppet[:profile] = true
+
+      subject.get_node(certname, environment: 'production')
+    end
+
     it 'includes environment' do
       stub_request(:get, uri)
           .with(query: hash_including("environment" => "outerspace"))
@@ -271,9 +283,71 @@ describe Puppet::HTTP::Service::Compiler do
     end
   end
 
+  context 'when getting facts' do
+    let(:uri) { %r{/puppet/v3/facts/ziggy} }
+    let(:facts_response) { { body: formatter.render(facts), headers: {'Content-Type' => formatter.mime } } }
+
+    it 'includes environment' do
+      stub_request(:get, uri)
+          .with(query: hash_including("environment" => "outerspace"))
+          .to_return(**facts_response)
+
+      subject.get_facts(certname, environment: 'outerspace')
+    end
+
+    it 'returns a deserialized facts object' do
+      stub_request(:get, uri)
+        .to_return(**facts_response)
+
+      n = subject.get_facts(certname, environment: 'production')
+      expect(n).to be_a(Puppet::Node::Facts)
+      expect(n.name).to eq(certname)
+    end
+
+    it 'raises a response error if unsuccessful' do
+      stub_request(:get, uri)
+        .to_return(status: [500, "Server Error"])
+
+      expect {
+        subject.get_facts(certname, environment: 'production')
+      }.to raise_error do |err|
+        expect(err).to be_an_instance_of(Puppet::HTTP::ResponseError)
+        expect(err.message).to eq('Server Error')
+        expect(err.response.code).to eq(500)
+      end
+    end
+
+    it 'raises a protocol error if the content-type header is missing' do
+      stub_request(:get, uri)
+        .to_return(body: "content-type is missing")
+
+      expect {
+        subject.get_facts(certname, environment: 'production')
+      }.to raise_error(Puppet::HTTP::ProtocolError, /No content type in http response; cannot parse/)
+    end
+
+    it 'raises a serialization error if the content is invalid' do
+      stub_request(:get, uri)
+        .to_return(body: "this isn't valid JSON", headers: {'Content-Type' => 'application/json'})
+
+      expect {
+        subject.get_facts(certname, environment: 'production')
+      }.to raise_error(Puppet::HTTP::SerializationError, /Failed to deserialize Puppet::Node::Facts from json/)
+    end
+  end
+
   context 'when putting facts' do
     let(:uri) { %r{/puppet/v3/facts/ziggy} }
 
+    it 'includes custom headers set the :http_extra_headers and :profile settings' do
+      stub_request(:put, uri).with(headers: {'Example-Header' => 'real-thing', 'another' => 'thing', 'X-Puppet-Profiling' => 'true'})
+
+      Puppet[:http_extra_headers] = 'Example-Header:real-thing,another:thing'
+      Puppet[:profile] = true
+
+      subject.put_facts(certname, environment: environment, facts: facts)
+    end
+
     it 'serializes facts in the body' do
       facts = Puppet::Node::Facts.new(certname, { 'domain' => 'zork'})
       Puppet::Node::Facts.indirection.save(facts)
@@ -319,4 +393,57 @@ describe Puppet::HTTP::Service::Compiler do
       }.to raise_error(Puppet::HTTP::SerializationError, /Failed to serialize Puppet::Node::Facts to json: "\\xE2" from ASCII-8BIT to UTF-8/)
     end
   end
+
+  context 'when getting status' do
+    let(:uri) { %r{/puppet/v3/status/ziggy} }
+    let(:status_response) { { body: formatter.render(status), headers: {'Content-Type' => formatter.mime } } }
+
+    it 'always sends production' do
+      stub_request(:get, uri)
+          .with(query: hash_including("environment" => "production"))
+          .to_return(**status_response)
+
+      subject.get_status(certname)
+    end
+
+    it 'returns a deserialized status' do
+      stub_request(:get, uri)
+        .to_return(**status_response)
+
+      s = subject.get_status(certname)
+      expect(s).to be_a(Puppet::Status)
+      expect(s.status).to eq("is_alive" => true)
+    end
+
+    it 'raises a response error if unsuccessful' do
+      stub_request(:get, uri)
+        .to_return(status: [500, "Server Error"])
+
+      expect {
+        subject.get_status(certname)
+      }.to raise_error do |err|
+        expect(err).to be_an_instance_of(Puppet::HTTP::ResponseError)
+        expect(err.message).to eq('Server Error')
+        expect(err.response.code).to eq(500)
+      end
+    end
+
+    it 'raises a protocol error if the content-type header is missing' do
+      stub_request(:get, uri)
+        .to_return(body: "content-type is missing")
+
+      expect {
+        subject.get_status(certname)
+      }.to raise_error(Puppet::HTTP::ProtocolError, /No content type in http response; cannot parse/)
+    end
+
+    it 'raises a serialization error if the content is invalid' do
+      stub_request(:get, uri)
+        .to_return(body: "this isn't valid JSON", headers: {'Content-Type' => 'application/json'})
+
+      expect {
+        subject.get_status(certname)
+      }.to raise_error(Puppet::HTTP::SerializationError, /Failed to deserialize Puppet::Status from json/)
+    end
+  end
 end