RubyGems - puppet - Versions diffs - 6.14.0 → 6.15.0 - Mend

puppet 6.14.0 → 6.15.0

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (195) hide show

checksums.yaml +4 -4
data/Gemfile.lock +15 -15
data/ext/windows/service/daemon.rb +3 -3
data/lib/puppet.rb +1 -1
data/lib/puppet/agent.rb +2 -10
data/lib/puppet/application/agent.rb +2 -1
data/lib/puppet/application/filebucket.rb +5 -14
data/lib/puppet/application/ssl.rb +2 -2
data/lib/puppet/configurer.rb +7 -3
data/lib/puppet/configurer/plugin_handler.rb +1 -1
data/lib/puppet/defaults.rb +22 -2
data/lib/puppet/environments.rb +4 -5
data/lib/puppet/face/plugin.rb +1 -1
data/lib/puppet/file_system/file_impl.rb +13 -9
data/lib/puppet/forge/repository.rb +1 -1
data/lib/puppet/functions/call.rb +1 -1
data/lib/puppet/functions/reduce.rb +2 -4
data/lib/puppet/http.rb +2 -0
data/lib/puppet/http/client.rb +191 -52
data/lib/puppet/http/external_client.rb +96 -0
data/lib/puppet/http/redirector.rb +34 -0
data/lib/puppet/http/resolver.rb +46 -3
data/lib/puppet/http/resolver/server_list.rb +75 -15
data/lib/puppet/http/resolver/settings.rb +22 -2
data/lib/puppet/http/resolver/srv.rb +28 -2
data/lib/puppet/http/response.rb +63 -1
data/lib/puppet/http/retry_after_handler.rb +39 -0
data/lib/puppet/http/service.rb +67 -1
data/lib/puppet/http/service/ca.rb +71 -9
data/lib/puppet/http/service/compiler.rb +213 -11
data/lib/puppet/http/service/file_server.rb +105 -4
data/lib/puppet/http/service/report.rb +36 -3
data/lib/puppet/http/session.rb +59 -8
data/lib/puppet/indirector/catalog/rest.rb +2 -1
data/lib/puppet/indirector/facts/rest.rb +2 -1
data/lib/puppet/indirector/file_bucket_file/rest.rb +48 -0
data/lib/puppet/indirector/file_metadata/rest.rb +4 -2
data/lib/puppet/indirector/node/rest.rb +2 -1
data/lib/puppet/indirector/report/yaml.rb +23 -0
data/lib/puppet/indirector/status/rest.rb +2 -1
data/lib/puppet/metatype/manager.rb +80 -80
data/lib/puppet/network/http/base_pool.rb +6 -1
data/lib/puppet/network/http/pool.rb +2 -4
data/lib/puppet/network/http_pool.rb +1 -0
data/lib/puppet/node/environment.rb +11 -1
data/lib/puppet/pal/pal_impl.rb +1 -29
data/lib/puppet/parser/compiler.rb +14 -7
data/lib/puppet/parser/functions.rb +18 -13
data/lib/puppet/pops/loaders.rb +7 -5
data/lib/puppet/provider/group/windows_adsi.rb +3 -3
data/lib/puppet/provider/package/apt.rb +61 -1
data/lib/puppet/provider/package/dnfmodule.rb +39 -12
data/lib/puppet/provider/package/gem.rb +41 -7
data/lib/puppet/provider/package/pacman.rb +2 -5
data/lib/puppet/provider/package/pip.rb +105 -33
data/lib/puppet/provider/package/pip3.rb +0 -2
data/lib/puppet/provider/package/pkgdmg.rb +1 -1
data/lib/puppet/provider/package/pkgng.rb +16 -4
data/lib/puppet/provider/package/puppet_gem.rb +6 -2
data/lib/puppet/provider/package/rpm.rb +6 -213
data/lib/puppet/provider/package/yum.rb +92 -19
data/lib/puppet/provider/service/systemd.rb +2 -1
data/lib/puppet/reports/http.rb +13 -11
data/lib/puppet/resource/type_collection.rb +20 -16
data/lib/puppet/ssl.rb +1 -0
data/lib/puppet/ssl/host.rb +4 -4
data/lib/puppet/ssl/oids.rb +1 -0
data/lib/puppet/ssl/state_machine.rb +50 -33
data/lib/puppet/transaction/report.rb +2 -2
data/lib/puppet/type.rb +6 -1
data/lib/puppet/type/file/source.rb +4 -2
data/lib/puppet/type/package.rb +25 -2
data/lib/puppet/type/user.rb +0 -19
data/lib/puppet/util/at_fork.rb +1 -1
data/lib/puppet/util/autoload.rb +3 -0
data/lib/puppet/util/instance_loader.rb +14 -10
data/lib/puppet/util/package/version/debian.rb +175 -0
data/lib/puppet/util/package/version/gem.rb +15 -0
data/lib/puppet/util/package/version/pip.rb +167 -0
data/lib/puppet/util/package/version/range.rb +50 -0
data/lib/puppet/util/package/version/range/gt.rb +14 -0
data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
data/lib/puppet/util/package/version/range/lt.rb +14 -0
data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
data/lib/puppet/util/package/version/range/min_max.rb +21 -0
data/lib/puppet/util/package/version/range/simple.rb +11 -0
data/lib/puppet/util/package/version/rpm.rb +73 -0
data/lib/puppet/util/pidlock.rb +13 -7
data/lib/puppet/util/platform.rb +5 -0
data/lib/puppet/util/rpm_compare.rb +193 -0
data/lib/puppet/util/windows/adsi.rb +2 -2
data/lib/puppet/util/windows/process.rb +15 -14
data/lib/puppet/util/windows/security.rb +1 -0
data/lib/puppet/util/windows/sid.rb +3 -3
data/lib/puppet/version.rb +1 -1
data/locales/puppet.pot +207 -201
data/man/man5/puppet.conf.5 +11 -3
data/man/man8/puppet-agent.8 +1 -1
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +1 -1
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +1 -1
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +1 -1
data/man/man8/puppet-node.8 +1 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +1 -1
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +67 -0
data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -0
data/spec/fixtures/ssl/unknown-ca-key.pem +67 -0
data/spec/fixtures/ssl/unknown-ca.pem +59 -0
data/spec/fixtures/unit/provider/package/dnfmodule/{dnf-module-list-installed.txt → dnf-module-list-enabled.txt} +2 -0
data/spec/fixtures/unit/provider/package/pkgng/pkg.version +2 -0
data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +9 -0
data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +9 -0
data/spec/integration/application/agent_spec.rb +329 -0
data/spec/integration/application/apply_spec.rb +132 -3
data/spec/integration/application/filebucket_spec.rb +190 -0
data/spec/integration/application/plugin_spec.rb +50 -0
data/spec/integration/http/client_spec.rb +34 -40
data/spec/integration/indirector/report/yaml.rb +83 -0
data/spec/integration/module_tool/forge_spec.rb +2 -15
data/spec/integration/network/http_pool_spec.rb +11 -19
data/spec/integration/node/environment_spec.rb +15 -0
data/spec/integration/util/windows/adsi_spec.rb +1 -1
data/spec/lib/puppet/test_ca.rb +2 -2
data/spec/lib/puppet_spec/https.rb +10 -7
data/spec/lib/puppet_spec/puppetserver.rb +119 -0
data/spec/shared_contexts/https.rb +29 -0
data/spec/unit/agent_spec.rb +33 -25
data/spec/unit/application/agent_spec.rb +5 -1
data/spec/unit/application/device_spec.rb +2 -2
data/spec/unit/application/filebucket_spec.rb +22 -2
data/spec/unit/configurer_spec.rb +1 -1
data/spec/unit/defaults_spec.rb +24 -1
data/spec/unit/environments_spec.rb +8 -0
data/spec/unit/file_system_spec.rb +10 -0
data/spec/unit/http/client_spec.rb +105 -46
data/spec/unit/http/external_client_spec.rb +201 -0
data/spec/unit/http/resolver_spec.rb +20 -0
data/spec/unit/http/service/ca_spec.rb +25 -2
data/spec/unit/http/service/compiler_spec.rb +184 -6
data/spec/unit/http/service/file_server_spec.rb +35 -3
data/spec/unit/http/service/report_spec.rb +3 -1
data/spec/unit/http/service_spec.rb +3 -3
data/spec/unit/http/session_spec.rb +56 -7
data/spec/unit/indirector/file_bucket_file/rest_spec.rb +82 -2
data/spec/unit/network/http/pool_spec.rb +3 -3
data/spec/unit/node/environment_spec.rb +16 -0
data/spec/unit/provider/group/windows_adsi_spec.rb +43 -10
data/spec/unit/provider/package/apt_spec.rb +30 -0
data/spec/unit/provider/package/dnfmodule_spec.rb +33 -14
data/spec/unit/provider/package/gem_spec.rb +40 -0
data/spec/unit/provider/package/pacman_spec.rb +6 -21
data/spec/unit/provider/package/pip_spec.rb +26 -3
data/spec/unit/provider/package/pkgdmg_spec.rb +1 -1
data/spec/unit/provider/package/pkgng_spec.rb +38 -0
data/spec/unit/provider/package/puppet_gem_spec.rb +8 -0
data/spec/unit/provider/package/rpm_spec.rb +0 -212
data/spec/unit/provider/package/yum_spec.rb +235 -1
data/spec/unit/provider/service/systemd_spec.rb +10 -1
data/spec/unit/provider/user/windows_adsi_spec.rb +3 -3
data/spec/unit/puppet_pal_2pec.rb +0 -29
data/spec/unit/reports/http_spec.rb +70 -52
data/spec/unit/ssl/host_spec.rb +4 -2
data/spec/unit/ssl/oids_spec.rb +1 -0
data/spec/unit/ssl/state_machine_spec.rb +38 -6
data/spec/unit/transaction/report_spec.rb +4 -0
data/spec/unit/util/at_fork_spec.rb +2 -2
data/spec/unit/util/package/version/debian_spec.rb +83 -0
data/spec/unit/util/package/version/pip_spec.rb +464 -0
data/spec/unit/util/package/version/range_spec.rb +154 -0
data/spec/unit/util/package/version/rpm_spec.rb +121 -0
data/spec/unit/util/pidlock_spec.rb +83 -47
data/spec/unit/util/rpm_compare_spec.rb +196 -0
data/spec/unit/util/windows/adsi_spec.rb +4 -4
data/spec/unit/util/windows/sid_spec.rb +2 -2
data/tasks/generate_cert_fixtures.rake +15 -1
metadata +51 -6
data/spec/integration/faces/plugin_spec.rb +0 -63

data/spec/integration/application/filebucket_spec.rb ADDED

@@ -0,0 +1,190 @@
+require 'spec_helper'
+require 'puppet/face'
+require 'puppet_spec/puppetserver'
+require 'puppet_spec/files'
+describe "puppet filebucket", unless: Puppet::Util::Platform.jruby? do
+  include PuppetSpec::Files
+  include_context "https client"
+  let(:server) { PuppetSpec::Puppetserver.new }
+  let(:filebucket) { Puppet::Application[:filebucket] }
+  let(:backup_file) { tmpfile('backup_file') }
+  before :each do
+    Puppet[:log_level] = 'debug'
+  end
+  it "backs up files to the filebucket server" do
+    File.binwrite(backup_file, 'some random text')
+    md5 = Digest::MD5.file(backup_file).to_s
+    server.start_server do |port|
+      Puppet[:masterport] = port
+      expect {
+        filebucket.command_line.args << 'backup'
+        filebucket.command_line.args << backup_file
+        filebucket.run
+      }.to output(a_string_matching(
+        %r{Debug: HTTP HEAD https:\/\/127.0.0.1:#{port}\/puppet\/v3\/file_bucket_file\/md5\/#{md5}\/#{File.realpath(backup_file)}\?environment\=production returned 404 Not Found}
+      ).and matching(
+        %r{Debug: HTTP PUT https:\/\/127.0.0.1:#{port}\/puppet\/v3\/file_bucket_file\/md5\/#{md5}\/#{File.realpath(backup_file)}\?environment\=production returned 200 OK}
+      ).and matching(
+        %r{#{backup_file}: #{md5}}
+      )).to_stdout
+    end
+  end
+  it "doesn't attempt to back up file that already exists on the filebucket server" do
+    file_exists_handler = -> (req, res) {
+        res.status = 200
+    }
+    File.binwrite(backup_file, 'some random text')
+    md5 = Digest::MD5.file(backup_file).to_s
+    server.start_server(mounts: {filebucket: file_exists_handler}) do |port|
+      Puppet[:masterport] = port
+      expect {
+        filebucket.command_line.args << 'backup'
+        filebucket.command_line.args << backup_file
+        filebucket.run
+      }.to output(a_string_matching(
+        %r{Debug: HTTP HEAD https:\/\/127.0.0.1:#{port}\/puppet\/v3\/file_bucket_file\/md5\/#{md5}\/#{File.realpath(backup_file)}\?environment\=production returned 200 OK}
+      ).and matching(
+        %r{#{backup_file}: #{md5}}
+      )).to_stdout
+    end
+  end
+  it "downloads files from the filebucket server" do
+    get_handler = -> (req, res) {
+      res['Content-Type'] = 'application/octet-stream'
+      res.body = 'something to store'
+    }
+    server.start_server(mounts: {filebucket: get_handler}) do |port|
+      Puppet[:masterport] = port
+      expect {
+        filebucket.command_line.args << 'get'
+        filebucket.command_line.args << 'fac251367c9e083c6b1f0f3181'
+        filebucket.run
+      }.to output(a_string_matching(
+        %r{Debug: HTTP GET https:\/\/127.0.0.1:#{port}\/puppet\/v3\/file_bucket_file\/md5\/fac251367c9e083c6b1f0f3181\?environment\=production returned 200 OK}
+      ).and matching(
+        %r{something to store}
+       )).to_stdout
+    end
+  end
+  context 'diff', unless: Puppet::Util::Platform.windows? || Puppet::Util::Platform.jruby? do
+    context 'using a remote bucket' do
+      it 'outputs a diff between a local and remote file' do
+        File.binwrite(backup_file, "bar\nbaz")
+        get_handler = -> (req, res) {
+          res['Content-Type'] = 'application/octet-stream'
+          res.body = 'foo'
+        }
+        server.start_server(mounts: {filebucket: get_handler}) do |port|
+          Puppet[:masterport] = port
+          expect {
+            filebucket.command_line.args += ['diff', 'fac251367c9e083c6b1f0f3181', backup_file, '--remote']
+            filebucket.run
+          }.to output(a_string_matching(
+            /[-<] ?foo/
+          ).and matching(
+            /[+>] ?bar/
+          ).and matching(
+            /[+>] ?baz/
+          )).to_stdout
+        end
+      end
+      it 'outputs a diff between two remote files' do
+        get_handler = -> (req, res) {
+          res['Content-Type'] = 'application/octet-stream'
+          res.body = <<~END
+          --- /opt/puppetlabs/server/data/puppetserver/bucket/d/3/b/0/7/3/8/4/d3b07384d113edec49eaa6238ad5ff00/contents\t2020-04-06 21:25:24.892367570 +0000
+          +++ /opt/puppetlabs/server/data/puppetserver/bucket/9/9/b/9/9/9/2/0/99b999207e287afffc86c053e5693247/contents\t2020-04-06 21:26:13.603398063 +0000
+          @@ -1 +1,2 @@
+          -foo
+          +bar
+          +baz
+          END
+        }
+        server.start_server(mounts: {filebucket: get_handler}) do |port|
+          Puppet[:masterport] = port
+          expect {
+            filebucket.command_line.args += ['diff', 'd3b07384d113edec49eaa6238ad5ff00', "99b999207e287afffc86c053e5693247", '--remote']
+            filebucket.run
+          }.to output(a_string_matching(
+            /[-<] ?foo/
+          ).and matching(
+            /[+>] ?bar/
+          ).and matching(
+            /[+>] ?baz/
+          )).to_stdout
+        end
+      end
+    end
+    context 'using a local bucket' do
+      let(:filea) {
+        f = tmpfile('filea')
+        File.binwrite(f, 'foo')
+        f
+      }
+      let(:fileb) {
+        f = tmpfile('fileb')
+        File.binwrite(f, "bar\nbaz")
+        f
+      }
+      let(:checksuma) { Digest::MD5.file(filea).to_s }
+      let(:checksumb) { Digest::MD5.file(fileb).to_s }
+      it 'compares to files stored in a local bucket' do
+        expect {
+          filebucket.command_line.args = ['backup', filea, '--local']
+          filebucket.run
+        }.to output(/#{filea}: #{checksuma}/).to_stdout
+        expect{
+          filebucket.command_line.args = ['backup', fileb, '--local']
+          filebucket.run
+        }.to output(/#{fileb}: #{checksumb}\n/).to_stdout
+        expect {
+          filebucket.command_line.args = ['diff', checksuma, checksumb, '--local']
+          filebucket.run
+        }.to output(a_string_matching(
+          /[-<] ?foo/
+        ).and matching(
+          /[+>] ?bar/
+        ).and matching(
+          /[+>] ?baz/
+        )).to_stdout
+      end
+      it 'compares a file on the filesystem and a file stored in a local bucket' do
+        expect {
+          filebucket.command_line.args = ['backup', filea, '--local']
+          filebucket.run
+        }.to output(/#{filea}: #{checksuma}/).to_stdout
+        expect {
+          filebucket.command_line.args = ['diff', checksuma, fileb, '--local']
+          filebucket.run
+        }.to output(a_string_matching(
+          /[-<] ?foo/
+        ).and matching(
+          /[+>] ?bar/
+        ).and matching(
+          /[+>] ?baz/
+        )).to_stdout
+      end
+    end
+  end
+end

data/spec/integration/application/plugin_spec.rb ADDED

@@ -0,0 +1,50 @@
+require 'spec_helper'
+require 'puppet/face'
+require 'puppet_spec/puppetserver'
+describe "puppet plugin" do
+  include_context "https client"
+  let(:server) { PuppetSpec::Puppetserver.new }
+  let(:plugin) { Puppet::Application[:plugin] }
+  let(:response_body) { "[{\"path\":\"/etc/puppetlabs/code/environments/production/modules\",\"relative_path\":\".\",\"links\":\"follow\",\"owner\":0,\"group\":0,\"mode\":493,\"checksum\":{\"type\":\"ctime\",\"value\":\"{ctime}2020-03-06 20:14:25 UTC\"},\"type\":\"directory\",\"destination\":null}]" }
+  it "downloads from plugins, pluginsfacts and locales mounts" do
+    current_version_handler = -> (req, res) {
+      res['X-Puppet-Version'] = Puppet.version
+      res['Content-Type'] = 'application/json'
+      res.body = response_body
+    }
+    server.start_server(mounts: {file_metadatas: current_version_handler}) do |port|
+      Puppet[:masterport] = port
+      expect {
+        plugin.command_line.args << 'download'
+        plugin.run
+      }.to exit_with(0)
+       .and output(matching(
+         "Downloaded these plugins: #{Regexp.escape(Puppet[:pluginfactdest])}, #{Regexp.escape(Puppet[:plugindest])}, #{Regexp.escape(Puppet[:localedest])}"
+       )).to_stdout
+    end
+  end
+  it "downloads from plugins and pluginsfacts from older puppetservers" do
+    no_locales_handler = -> (req, res) {
+      res['X-Puppet-Version'] = '5.3.3' # locales mount was added in 5.3.4
+      res['Content-Type'] = 'application/json'
+      res.body = response_body
+    }
+    server.start_server(mounts: {file_metadatas: no_locales_handler}) do |port|
+      Puppet[:masterport] = port
+      expect {
+        plugin.command_line.args << 'download'
+        plugin.run
+      }.to exit_with(0)
+       .and output(matching(
+         "Downloaded these plugins: #{Regexp.escape(Puppet[:pluginfactdest])}, #{Regexp.escape(Puppet[:plugindest])}"
+       )).to_stdout
+    end
+  end
+end

data/spec/integration/http/client_spec.rb CHANGED

@@ -4,31 +4,17 @@ require 'puppet_spec/files'
 describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
   include PuppetSpec::Files
+  include_context "https client"
-  before :all do
-    WebMock.disable!
-  end
-  after :all do
-    WebMock.enable!
-  end
-  before :each do
-    # make sure we don't take too long
-    Puppet[:http_connect_timeout] = '5s'
-  end
-  let(:hostname) { '127.0.0.1' }
   let(:wrong_hostname) { 'localhost' }
-  let(:server) { PuppetSpec::HTTPSServer.new }
   let(:client) { Puppet::HTTP::Client.new }
   let(:ssl_provider) { Puppet::SSL::SSLProvider.new }
-  let(:root_context) { ssl_provider.create_root_context(cacerts: [server.ca_cert], crls: [server.ca_crl]) }
+  let(:root_context) { ssl_provider.create_root_context(cacerts: [https_server.ca_cert], crls: [https_server.ca_crl]) }
   context "when verifying an HTTPS server" do
     it "connects over SSL" do
-      server.start_server do |port|
-        res = client.get(URI("https://127.0.0.1:#{port}"), ssl_context: root_context)
+      https_server.start_server do |port|
+        res = client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: root_context})
         expect(res).to be_success
       end
     end
@@ -41,14 +27,14 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
       port = tcps.connect_address.ip_port
       expect {
-        client.get(URI("https://127.0.0.1:#{port}"), ssl_context: root_context)
+        client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: root_context})
       }.to raise_error(Puppet::HTTP::ConnectionError, %r{^Request to https://127.0.0.1:#{port} timed out connect operation after .* seconds})
     end
     it "raises if the server's cert doesn't match the hostname we connected to" do
-      server.start_server do |port|
+      https_server.start_server do |port|
         expect {
-          client.get(URI("https://#{wrong_hostname}:#{port}"), ssl_context: root_context)
+          client.get(URI("https://#{wrong_hostname}:#{port}"), options: {ssl_context: root_context})
         }.to raise_error { |err|
           expect(err).to be_instance_of(Puppet::SSL::CertMismatchError)
           expect(err.message).to match(/Server hostname '#{wrong_hostname}' did not match server certificate; expected one of (.+)/)
@@ -63,9 +49,9 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
       wrong_ca = cert_fixture('netlock-arany-utf8.pem')
       alt_context = ssl_provider.create_root_context(cacerts: [wrong_ca], revocation: false)
-      server.start_server do |port|
+      https_server.start_server do |port|
         expect {
-          client.get(URI("https://127.0.0.1:#{port}"), ssl_context: alt_context)
+          client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: alt_context})
         }.to raise_error(Puppet::SSL::CertVerifyError,
                          %r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.})
       end
@@ -73,8 +59,8 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
     it "prints TLS protocol and ciphersuite in debug" do
       Puppet[:log_level] = 'debug'
-      server.start_server do |port|
-        client.get(URI("https://127.0.0.1:#{port}"), ssl_context: root_context)
+      https_server.start_server do |port|
+        client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: root_context})
         # TLS version string can be TLSv1 or TLSv1.[1-3], but not TLSv1.0
         expect(@logs).to include(
           an_object_having_attributes(level: :debug, message: /Using TLSv1(\.[1-3])? with cipher .*/),
@@ -93,12 +79,12 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
     it "mutually authenticates the connection" do
       client_context = ssl_provider.create_context(
-        cacerts: [server.ca_cert], crls: [server.ca_crl],
-        client_cert: server.server_cert, private_key: server.server_key
+        cacerts: [https_server.ca_cert], crls: [https_server.ca_crl],
+        client_cert: https_server.server_cert, private_key: https_server.server_key
       )
-      server.start_server(ctx_proc: ctx_proc) do |port|
-        res = client.get(URI("https://127.0.0.1:#{port}"), ssl_context: client_context)
+      https_server.start_server(ctx_proc: ctx_proc) do |port|
+        res = client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: client_context})
         expect(res).to be_success
       end
     end
@@ -106,10 +92,10 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
   context "with a system trust store" do
     it "connects when the client trusts the server's CA" do
-      system_context = ssl_provider.create_system_context(cacerts: [server.ca_cert])
+      system_context = ssl_provider.create_system_context(cacerts: [https_server.ca_cert])
-      server.start_server do |port|
-        res = client.get(URI("https://127.0.0.1:#{port}"), ssl_context: system_context)
+      https_server.start_server do |port|
+        res = client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: system_context})
         expect(res).to be_success
       end
     end
@@ -117,14 +103,14 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
     it "connects when the server's CA is in the system store" do
       # create a temp cacert bundle
       ssl_file = tmpfile('systemstore')
-      File.write(ssl_file, server.ca_cert)
+      File.write(ssl_file, https_server.ca_cert)
       # override path to system cacert bundle, this must be done before
       # the SSLContext is created and the call to X509::Store.set_default_paths
       Puppet::Util.withenv("SSL_CERT_FILE" => ssl_file) do
         system_context = ssl_provider.create_system_context(cacerts: [])
-        server.start_server do |port|
-          res = client.get(URI("https://127.0.0.1:#{port}"), ssl_context: system_context)
+        https_server.start_server do |port|
+          res = client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: system_context})
           expect(res).to be_success
         end
       end
@@ -133,9 +119,9 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
     it "raises if the server's CA is not in the context or system store" do
       system_context = ssl_provider.create_system_context(cacerts: [cert_fixture('netlock-arany-utf8.pem')])
-      server.start_server do |port|
+      https_server.start_server do |port|
         expect {
-          client.get(URI("https://127.0.0.1:#{port}"), ssl_context: system_context)
+          client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: system_context})
         }.to raise_error(Puppet::SSL::CertVerifyError,
                          %r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.})
       end
@@ -144,11 +130,19 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
   context 'persistent connections' do
     it "detects when the server has closed the connection and reconnects" do
-      server.start_server do |port|
+      Puppet[:http_debug] = true
+      https_server.start_server do |port|
         uri = URI("https://127.0.0.1:#{port}")
+        kwargs = {headers: {'Content-Type' => 'text/plain'}, options: {ssl_context: root_context}}
-        expect(client.get(uri, ssl_context: root_context)).to be_success
-        expect(client.get(uri, ssl_context: root_context)).to be_success
+        expect {
+          expect(client.post(uri, '', **kwargs)).to be_success
+          # the server closes its connection after each request, so posting
+          # again will force ruby to detect that the remote side closed the
+          # connection, and reconnect
+          expect(client.post(uri, '', **kwargs)).to be_success
+        }.to output(/Conn close because of EOF/).to_stderr
       end
     end
   end

data/spec/integration/indirector/report/yaml.rb ADDED

@@ -0,0 +1,83 @@
+require 'spec_helper'
+require 'puppet/transaction/report'
+require 'puppet/indirector/report/yaml'
+describe Puppet::Transaction::Report::Yaml do
+  describe '#save' do
+    subject(:indirection) { described_class.indirection }
+    let(:request) { described_class.new }
+    let(:certname) { 'ziggy' }
+    let(:report) do
+      report = Puppet::Transaction::Report.new
+      report.host = certname
+      report
+    end
+    let(:file) { request.path(:me) }
+    before do
+      indirection.terminus_class = :yaml
+    end
+    it 'is saves a report' do
+      indirection.save(report)
+    end
+    it 'saves the instance of the report as YAML to disk' do
+      indirection.save(report)
+      content = Puppet::Util::Yaml.safe_load_file(
+        Puppet[:lastrunreport], [Puppet::Transaction::Report]
+      )
+      expect(content.host).to eq(certname)
+    end
+    it 'allows mode overwrite' do
+      Puppet.settings.setting(:lastrunreport).mode = '0644'
+      indirection.save(report)
+      if Puppet::Util::Platform.windows?
+        require 'puppet/util/windows/security'
+        mode = Puppet::Util::Windows::Security.get_mode(file)
+      else
+        mode = Puppet::FileSystem.stat(file).mode
+      end
+      expect(mode & 07777).to eq(0644)
+    end
+    context 'when mode is invalid' do
+      before do
+        Puppet.settings.setting(:lastrunreport).mode = '9999'
+      end
+      after do
+        Puppet.settings.setting(:lastrunreport).mode = '0644'
+      end
+      it 'raises Puppet::DevError ' do
+        expect{
+          indirection.save(report)
+        }.to raise_error(Puppet::DevError, "replace_file mode: 9999 is invalid")
+      end
+    end
+    context 'when repport is invalid' do
+      it 'logs error' do
+        expect(Puppet).to receive(:send_log).with(:err, /Could not save yaml ziggy: can't dump anonymous class/)
+        report.configuration_version = Class.new
+        indirection.save(report)
+      end
+    end
+    context 'when report cannot be saved' do
+      it 'raises Errno::EISDIR' do
+        FileUtils.mkdir_p(file)
+        expect {
+          indirection.save(report)
+         }.to raise_error(Errno::EISDIR, /last_run_report.yaml/)
+      end
+    end
+  end
+end