puppet 6.15.0 → 6.16.0

data/spec/unit/http/external_client_spec.rb

@@ -164,38 +164,38 @@ describe Puppet::HTTP::ExternalClient do
     it "submits credentials for GET requests" do
       stub_request(:get, uri).with(basic_auth: credentials)
 
-      client.get(uri, options: {user: 'user', password: 'pass'})
+      client.get(uri, options: {basic_auth: {user: 'user', password: 'pass'}})
     end
 
     it "submits credentials for POST requests" do
       stub_request(:post, uri).with(basic_auth: credentials)
 
-      client.post(uri, "", options: {content_type: 'text/plain', user: 'user', password: 'pass'})
+      client.post(uri, "", options: {content_type: 'text/plain', basic_auth: {user: 'user', password: 'pass'}})
     end
 
     it "returns response containing access denied" do
       stub_request(:get, uri).with(basic_auth: credentials).to_return(status: [403, "Ye Shall Not Pass"])
 
-      response = client.get(uri, options: {user: 'user', password: 'pass'})
+      response = client.get(uri, options: { basic_auth: {user: 'user', password: 'pass'}})
       expect(response.code).to eq(403)
       expect(response.reason).to eq("Ye Shall Not Pass")
       expect(response).to_not be_success
     end
 
-    it 'omits basic auth if user is nil' do
+    it 'includes basic auth if user is nil' do
       stub_request(:get, uri).with do |req|
-        expect(req.headers).to_not include('Authorization')
+        expect(req.headers).to include('Authorization')
       end
 
-      client.get(uri, options: {user: nil, password: 'pass'})
+      client.get(uri, options: {basic_auth: {user: nil, password: 'pass'}})
     end
 
-    it 'omits basic auth if password is nil' do
+    it 'includes basic auth if password is nil' do
       stub_request(:get, uri).with do |req|
-        expect(req.headers).to_not include('Authorization')
+        expect(req.headers).to include('Authorization')
       end
 
-      client.get(uri, options: {user: 'user', password: nil})
+      client.get(uri, options: {basic_auth: {user: 'user', password: nil}})
     end
   end
 end

data/spec/unit/indirector/catalog/compiler_spec.rb

@@ -477,6 +477,7 @@ describe Puppet::Resource::Catalog::Compiler do
     end
 
     it "should add 'pe_serverversion' when PE" do
+      allow(File).to receive(:readable?).and_call_original
       allow(File).to receive(:readable?).with(pe_version_file).and_return(true)
       allow(File).to receive(:zero?).with(pe_version_file).and_return(false)
       allow(File).to receive(:read).and_call_original

data/spec/unit/indirector/file_metadata/http_spec.rb

@@ -0,0 +1,167 @@
+require 'spec_helper'
+
+require 'puppet/indirector/file_metadata'
+require 'puppet/indirector/file_metadata/http'
+
+describe Puppet::Indirector::FileMetadata::Http do
+  DEFAULT_HEADERS = {
+    "Cache-Control" => "private, max-age=0",
+    "Connection" => "close",
+    "Content-Encoding" => "gzip",
+    "Content-Type" => "text/html; charset=ISO-8859-1",
+    "Date" => "Fri, 01 May 2020 17:16:00 GMT",
+    "Expires" => "-1",
+    "Server" => "gws"
+  }.freeze
+
+  let(:certname) { 'ziggy' }
+  # The model is Puppet:FileServing::Metadata
+  let(:model) { described_class.model }
+  # The http terminus creates instances of HttpMetadata which subclass Metadata
+  let(:metadata) { Puppet::FileServing::HttpMetadata.new(key) }
+  let(:key) { "https://example.com/path/to/file" }
+  # Digest::MD5.base64digest("") => "1B2M2Y8AsgTpgAmY7PhCfg=="
+  let(:content_md5) { {"Content-MD5" => "1B2M2Y8AsgTpgAmY7PhCfg=="} }
+  let(:last_modified) { {"Last-Modified" => "Wed, 01 Jan 2020 08:00:00 GMT"} }
+
+  before :each do
+    described_class.indirection.terminus_class = :http
+  end
+
+  context "when finding" do
+    it "returns http file metadata" do
+      stub_request(:head, key)
+        .to_return(status: 200, headers: DEFAULT_HEADERS)
+
+      result = model.indirection.find(key)
+      expect(result.ftype).to eq('file')
+      expect(result.path).to eq('/dev/null')
+      expect(result.relative_path).to be_nil
+      expect(result.destination).to be_nil
+      expect(result.checksum).to match(%r{mtime})
+      expect(result.owner).to be_nil
+      expect(result.group).to be_nil
+      expect(result.mode).to be_nil
+    end
+
+    it "reports an md5 checksum if present in the response" do
+      stub_request(:head, key)
+        .to_return(status: 200, headers: DEFAULT_HEADERS.merge(content_md5))
+
+      result = model.indirection.find(key)
+      expect(result.checksum_type).to eq(:md5)
+      expect(result.checksum).to eq("{md5}d41d8cd98f00b204e9800998ecf8427e")
+    end
+
+    it "reports an mtime checksum if present in the response" do
+      stub_request(:head, key)
+        .to_return(status: 200, headers: DEFAULT_HEADERS.merge(last_modified))
+
+      result = model.indirection.find(key)
+      expect(result.checksum_type).to eq(:mtime)
+      expect(result.checksum).to eq("{mtime}2020-01-01 08:00:00 UTC")
+    end
+
+    it "prefers md5" do
+      stub_request(:head, key)
+        .to_return(status: 200, headers: DEFAULT_HEADERS.merge(content_md5).merge(last_modified))
+
+      result = model.indirection.find(key)
+      expect(result.checksum_type).to eq(:md5)
+      expect(result.checksum).to eq("{md5}d41d8cd98f00b204e9800998ecf8427e")
+    end
+
+    it "prefers mtime when explicitly requested" do
+      stub_request(:head, key)
+        .to_return(status: 200, headers: DEFAULT_HEADERS.merge(content_md5).merge(last_modified))
+
+      result = model.indirection.find(key, checksum_type: :mtime)
+      expect(result.checksum_type).to eq(:mtime)
+      expect(result.checksum).to eq("{mtime}2020-01-01 08:00:00 UTC")
+    end
+
+    it "leniently parses base64" do
+      # Content-MD5 header is missing '==' padding
+      stub_request(:head, key)
+        .to_return(status: 200, headers: DEFAULT_HEADERS.merge("Content-MD5" => "1B2M2Y8AsgTpgAmY7PhCfg"))
+
+      result = model.indirection.find(key)
+      expect(result.checksum_type).to eq(:md5)
+      expect(result.checksum).to eq("{md5}d41d8cd98f00b204e9800998ecf8427e")
+    end
+
+    it "URL encodes special characters" do
+      pending("HTTP terminus doesn't encode the URI before parsing")
+
+      stub_request(:head, %r{/path%20to%20file})
+
+      model.indirection.find('https://example.com/path to file')
+    end
+
+    it "sends query parameters" do
+      stub_request(:head, key).with(query: {'a' => 'b'})
+
+      model.indirection.find("#{key}?a=b")
+    end
+
+    it "returns nil if the content doesn't exist" do
+      stub_request(:head, key).to_return(status: 404)
+
+      expect(model.indirection.find(key)).to be_nil
+    end
+
+    it "returns nil if fail_on_404" do
+      stub_request(:head, key).to_return(status: 404)
+
+      expect(model.indirection.find(key, fail_on_404: true)).to be_nil
+    end
+
+    it "returns nil on HTTP 500" do
+      stub_request(:head, key).to_return(status: 500)
+
+      # this is kind of strange, but it does allow puppet to try
+      # multiple `source => ["URL1", "URL2"]` and use the first
+      # one based on sourceselect
+      expect(model.indirection.find(key)).to be_nil
+    end
+
+    it "accepts all content types" do
+      stub_request(:head, key).with(headers: {'Accept' => '*/*'})
+
+      model.indirection.find(key)
+    end
+
+    it "sets puppet user-agent" do
+      stub_request(:head, key).with(headers: {'User-Agent' => Puppet[:http_user_agent]})
+
+      model.indirection.find(key)
+    end
+
+    it "tries to persist the connection" do
+      # HTTP/1.1 defaults to persistent connections, so check for
+      # the header's absence
+      stub_request(:head, key).with do |request|
+        expect(request.headers).to_not include('Connection')
+      end
+
+      model.indirection.find(key)
+    end
+
+    it "follows redirects" do
+      new_url = "https://example.com/different/path"
+      redirect = { status: 200, headers: { 'Location' => new_url }, body: ""}
+      stub_request(:head, key).to_return(redirect)
+      stub_request(:head, new_url)
+
+      model.indirection.find(key)
+    end
+  end
+
+  context "when searching" do
+    it "raises an error" do
+      expect {
+        model.indirection.search(key)
+      }.to raise_error(Puppet::Error, 'cannot lookup multiple files')
+    end
+  end
+end

data/spec/unit/indirector/file_metadata/rest_spec.rb

@@ -6,6 +6,7 @@ require 'puppet/indirector/file_metadata/rest'
 describe Puppet::Indirector::FileMetadata::Rest do
   let(:certname) { 'ziggy' }
   let(:formatter) { Puppet::Network::FormatHandler.format(:json) }
+  let(:model) { described_class.model }
 
   before :each do
     described_class.indirection.terminus_class = :rest
@@ -18,13 +19,13 @@ describe Puppet::Indirector::FileMetadata::Rest do
   context "when finding" do
     let(:uri) { %r{/puppet/v3/file_metadata/:mount/path/to/file} }
     let(:key) { "puppet:///:mount/path/to/file" }
-    let(:metadata) { Puppet::FileServing::Metadata.new('/path/to/file') }
+    let(:metadata) { model.new('/path/to/file') }
 
     it "returns file metadata" do
       stub_request(:get, uri)
         .to_return(status: 200, **metadata_response(metadata))
 
-      result = described_class.indirection.find(key)
+      result = model.indirection.find(key)
       expect(result.path).to eq('/path/to/file')
     end
 
@@ -32,20 +33,20 @@ describe Puppet::Indirector::FileMetadata::Rest do
       stub_request(:get, %r{/puppet/v3/file_metadata/:mount/path%20to%20file})
         .to_return(status: 200, **metadata_response(metadata))
 
-      described_class.indirection.find('puppet:///:mount/path to file')
+      model.indirection.find('puppet:///:mount/path to file')
     end
 
     it "returns nil if the content doesn't exist" do
       stub_request(:get, uri).to_return(status: 404)
 
-      expect(described_class.indirection.find(key)).to be_nil
+      expect(model.indirection.find(key)).to be_nil
     end
 
     it "raises if fail_on_404 is true" do
       stub_request(:get, uri).to_return(status: 404, headers: { 'Content-Type' => 'application/json'}, body: "{}")
 
       expect {
-        described_class.indirection.find(key, fail_on_404: true)
+        model.indirection.find(key, fail_on_404: true)
       }.to raise_error(Puppet::Error, %r{Find /puppet/v3/file_metadata/:mount/path/to/file resulted in 404 with the message: {}})
     end
 
@@ -53,7 +54,7 @@ describe Puppet::Indirector::FileMetadata::Rest do
       stub_request(:get, uri).to_return(status: 500, headers: { 'Content-Type' => 'application/json'}, body: "{}")
 
       expect {
-        described_class.indirection.find(key)
+        model.indirection.find(key)
       }.to raise_error(Net::HTTPError, %r{Error 500 on SERVER: })
     end
 
@@ -61,20 +62,20 @@ describe Puppet::Indirector::FileMetadata::Rest do
       stub_request(:get, %r{https://example.com:8140/puppet/v3/file_metadata/:mount/path/to/file})
         .to_return(status: 200, **metadata_response(metadata))
 
-      described_class.indirection.find("puppet://example.com:8140/:mount/path/to/file")
+      model.indirection.find("puppet://example.com:8140/:mount/path/to/file")
     end
   end
 
   context "when searching" do
     let(:uri) { %r{/puppet/v3/file_metadatas/:mount/path/to/dir} }
     let(:key) { "puppet:///:mount/path/to/dir" }
-    let(:metadatas) { [Puppet::FileServing::Metadata.new('/path/to/dir')] }
+    let(:metadatas) { [model.new('/path/to/dir')] }
 
     it "returns an array of file metadata" do
       stub_request(:get, uri)
         .to_return(status: 200, **metadata_response(metadatas))
 
-      result = described_class.indirection.search(key)
+      result = model.indirection.search(key)
       expect(result.first.path).to eq('/path/to/dir')
     end
 
@@ -82,26 +83,26 @@ describe Puppet::Indirector::FileMetadata::Rest do
       stub_request(:get, %r{/puppet/v3/file_metadatas/:mount/path%20to%20dir})
         .to_return(status: 200, **metadata_response(metadatas))
 
-      described_class.indirection.search('puppet:///:mount/path to dir')
+      model.indirection.search('puppet:///:mount/path to dir')
     end
 
     it "returns an empty array if the metadata doesn't exist" do
       stub_request(:get, uri).to_return(status: 404)
 
-      expect(described_class.indirection.search(key)).to eq([])
+      expect(model.indirection.search(key)).to eq([])
     end
 
     it "returns an empty array if the metadata doesn't exist and fail_on_404 is true" do
       stub_request(:get, uri).to_return(status: 404, headers: { 'Content-Type' => 'application/json'}, body: "{}")
 
-      expect(described_class.indirection.search(key, fail_on_404: true)).to eq([])
+      expect(model.indirection.search(key, fail_on_404: true)).to eq([])
     end
 
     it "raises an error on HTTP 500" do
       stub_request(:get, uri).to_return(status: 500, headers: { 'Content-Type' => 'application/json'}, body: "{}")
 
       expect {
-        described_class.indirection.search(key)
+        model.indirection.search(key)
       }.to raise_error(Net::HTTPError, %r{Error 500 on SERVER: })
     end
 
@@ -109,7 +110,7 @@ describe Puppet::Indirector::FileMetadata::Rest do
       stub_request(:get, %r{https://example.com:8140/puppet/v3/file_metadatas/:mount/path/to/dir})
         .to_return(status: 200, **metadata_response(metadatas))
 
-      described_class.indirection.search("puppet://example.com:8140/:mount/path/to/dir")
+      model.indirection.search("puppet://example.com:8140/:mount/path/to/dir")
     end
   end
 

data/spec/unit/indirector/rest_spec.rb

@@ -45,6 +45,19 @@ shared_examples_for "a REST terminus method" do |terminus_method|
 
       expect(Puppet[:preferred_serialization_format]).to eq("pson")
     end
+
+    it "logs a deprecation warning" do
+      terminus.send(terminus_method, request)
+
+      expect(@logs).to include(an_object_having_attributes(level: :warning, message: /Puppet::Indirector::Rest##{terminus_method} is deprecated. Use Puppet::HTTP::Client instead./))
+    end
+
+    it "omits the warning when deprecations are disabled" do
+      Puppet[:disable_warnings] = 'deprecations'
+      terminus.send(terminus_method, request)
+
+      expect(@logs).to eq([])
+    end
   end
 
   HTTP_ERROR_CODES.each do |code|

data/spec/unit/network/http/connection_spec.rb

@@ -1,296 +1,648 @@
 require 'spec_helper'
 require 'puppet/network/http/connection'
+require 'puppet/network/http/connection_adapter'
 require 'puppet/test_ca'
 
 describe Puppet::Network::HTTP::Connection do
-  let (:host) { "me.example.com" }
-  let (:port) { 8140 }
-  let (:url) { "https://#{host}:#{port}/foo" }
+  let(:host) { "me.example.com" }
+  let(:port) { 8140 }
+  let(:path) { '/foo' }
+  let(:url) { "https://#{host}:#{port}#{path}" }
 
-  subject { Puppet::Network::HTTP::Connection.new(host, port, :verify => Puppet::SSL::Validator.no_validator) }
+  shared_examples_for "an HTTP connection" do |klass, legacy_api|
+    subject { klass.new(host, port, :verify => Puppet::SSL::Validator.no_validator) }
 
-  context "when providing HTTP connections" do
-    context "when initializing http instances" do
-      it "should return an http instance created with the passed host and port" do
-        conn = Puppet::Network::HTTP::Connection.new(host, port, :verify => Puppet::SSL::Validator.no_validator)
+    context "when providing HTTP connections" do
+      context "when initializing http instances" do
+        it "should return an http instance created with the passed host and port" do
+          conn = klass.new(host, port, :verify => Puppet::SSL::Validator.no_validator)
 
-        expect(conn.address).to eq(host)
-        expect(conn.port).to eq(port)
+          expect(conn.address).to eq(host)
+          expect(conn.port).to eq(port)
+        end
+
+        it "should enable ssl on the http instance by default" do
+          conn = klass.new(host, port, :verify => Puppet::SSL::Validator.no_validator)
+
+          expect(conn).to be_use_ssl
+        end
+
+        it "can disable ssl using an option and ignore the verify" do
+          conn = klass.new(host, port, :use_ssl => false)
+
+          expect(conn).to_not be_use_ssl
+        end
+
+        it "can enable ssl using an option" do
+          conn = klass.new(host, port, :use_ssl => true, :verify => Puppet::SSL::Validator.no_validator)
+
+          expect(conn).to be_use_ssl
+        end
+
+        it "ignores the ':verify' option when ssl is disabled" do
+          conn = klass.new(host, port, :use_ssl => false, :verify => Puppet::SSL::Validator.no_validator)
+
+          expect(conn.verifier).to be_nil
+        end
+
+        it "wraps the validator in an adapter" do
+          conn = klass.new(host, port, :verify => Puppet::SSL::Validator.no_validator)
+
+          expect(conn.verifier).to be_a_kind_of(Puppet::SSL::VerifierAdapter)
+        end
+
+        it "should raise Puppet::Error when invalid options are specified" do
+          expect { klass.new(host, port, :invalid_option => nil) }.to raise_error(Puppet::Error, 'Unrecognized option(s): :invalid_option')
+        end
+
+        it "accepts a verifier" do
+          verifier = Puppet::SSL::Verifier.new(host, double('ssl_context'))
+          conn = klass.new(host, port, :use_ssl => true, :verifier => verifier)
+
+          expect(conn.verifier).to eq(verifier)
+        end
+
+        it "raises if the wrong verifier class is specified" do
+          expect {
+            klass.new(host, port, :verifier => Puppet::SSL::Validator.default_validator)
+          }.to raise_error(ArgumentError,
+                           "Expected an instance of Puppet::SSL::Verifier but was passed a Puppet::SSL::Validator::DefaultValidator")
+        end
       end
+    end
 
-      it "should enable ssl on the http instance by default" do
-        conn = Puppet::Network::HTTP::Connection.new(host, port, :verify => Puppet::SSL::Validator.no_validator)
+    context "for streaming GET requests" do
+      it 'yields the response' do
+        stub_request(:get, url)
 
-        expect(conn).to be_use_ssl
+        expect { |b|
+          subject.request_get('/foo', {}, &b)
+        }.to yield_with_args(Net::HTTPResponse)
       end
 
-      it "can disable ssl using an option and ignore the verify" do
-        conn = Puppet::Network::HTTP::Connection.new(host, port, :use_ssl => false)
+      it "stringifies keys and encodes values in the query" do
+        stub_request(:get, url).with(query: "foo=bar%3Dbaz")
 
-        expect(conn).to_not be_use_ssl
+        subject.request_get("#{path}?foo=bar=baz") { |_| }
       end
 
-      it "can enable ssl using an option" do
-        conn = Puppet::Network::HTTP::Connection.new(host, port, :use_ssl => true, :verify => Puppet::SSL::Validator.no_validator)
+      it "merges custom headers with default ones" do
+        stub_request(:get, url).with(headers: { 'X-Foo' => 'Bar', 'User-Agent' => /./ })
 
-        expect(conn).to be_use_ssl
+        subject.request_get(path, {'X-Foo' => 'Bar'}) { |_| }
       end
 
-      it "ignores the ':verify' option when ssl is disabled" do
-        conn = Puppet::Network::HTTP::Connection.new(host, port, :use_ssl => false, :verify => Puppet::SSL::Validator.no_validator)
+      it "returns the response" do
+        stub_request(:get, url)
 
-        expect(conn.verifier).to be_nil
+        response = subject.request_get(path) { |_| }
+        expect(response).to be_an_instance_of(Net::HTTPOK)
+        expect(response.code).to eq("200")
       end
 
-      it "wraps the validator in an adapter" do
-        conn = Puppet::Network::HTTP::Connection.new(host, port, :verify => Puppet::SSL::Validator.no_validator)
+      it "accepts a URL string as the path" do
+        stub_request(:get, url)
 
-        expect(conn.verifier).to be_a_kind_of(Puppet::SSL::VerifierAdapter)
+        response = subject.request_get(url) { |_| }
+        expect(response).to be_an_instance_of(Net::HTTPOK)
       end
+    end
+
+    context "for streaming head requests" do
+      it 'yields the response when request_head is called' do
+        stub_request(:head, url)
 
-      it "should raise Puppet::Error when invalid options are specified" do
-        expect { Puppet::Network::HTTP::Connection.new(host, port, :invalid_option => nil) }.to raise_error(Puppet::Error, 'Unrecognized option(s): :invalid_option')
+        expect { |b|
+          subject.request_head('/foo', {}, &b)
+        }.to yield_with_args(Net::HTTPResponse)
       end
 
-      it "accepts a verifier" do
-        verifier = Puppet::SSL::Verifier.new('fqdn', double('ssl_context'))
-        conn = Puppet::Network::HTTP::Connection.new(host, port, :use_ssl => true, :verifier => verifier)
+      it "stringifies keys and encodes values in the query" do
+        stub_request(:head, url).with(query: "foo=bar%3Dbaz")
 
-        expect(conn.verifier).to eq(verifier)
+        subject.request_head("#{path}?foo=bar=baz") { |_| }
       end
 
-      it "raises if the wrong verifier class is specified" do
-        expect {
-          Puppet::Network::HTTP::Connection.new(host, port, :verifier => Puppet::SSL::Validator.default_validator)
-        }.to raise_error(ArgumentError,
-                         "Expected an instance of Puppet::SSL::Verifier but was passed a Puppet::SSL::Validator::DefaultValidator")
+      it "merges custom headers with default ones" do
+        stub_request(:head, url).with(headers: { 'X-Foo' => 'Bar', 'User-Agent' => /./ })
+
+        subject.request_head(path, {'X-Foo' => 'Bar'}) { |_| }
       end
-    end
-  end
 
-  context "when handling requests" do
-    it 'yields the response when request_get is called' do
-      stub_request(:get, url)
+      it "returns the response" do
+        stub_request(:head, url)
 
-      expect { |b|
-        subject.request_get('/foo', {}, &b)
-      }.to yield_with_args(Net::HTTPResponse)
-    end
+        response = subject.request_head(path) { |_| }
+        expect(response).to be_an_instance_of(Net::HTTPOK)
+        expect(response.code).to eq("200")
+      end
 
-    it 'yields the response when request_head is called' do
-      stub_request(:head, url)
+      it "accepts a URL string as the path" do
+        stub_request(:head, url)
 
-      expect { |b|
-        subject.request_head('/foo', {}, &b)
-      }.to yield_with_args(Net::HTTPResponse)
+        response = subject.request_head(url) { |_| }
+        expect(response).to be_an_instance_of(Net::HTTPOK)
+      end
     end
 
-    it 'yields the response when request_post is called' do
-      stub_request(:post, url)
+    context "for streaming post requests" do
+      it 'yields the response when request_post is called' do
+        stub_request(:post, url)
 
-      expect { |b|
-        subject.request_post('/foo', "param: value", &b)
-      }.to yield_with_args(Net::HTTPResponse)
-    end
-  end
+        expect { |b|
+          subject.request_post('/foo', "param: value", &b)
+        }.to yield_with_args(Net::HTTPResponse)
+      end
 
-  context "when response is a redirect" do
-    def create_connection(options = {})
-      options[:use_ssl] = false
-      options[:verify] = Puppet::SSL::Validator.no_validator
-      Puppet::Network::HTTP::Connection.new(host, port, options)
-    end
+      it "stringifies keys and encodes values in the query" do
+        stub_request(:post, url).with(query: "foo=bar%3Dbaz")
 
-    def redirect_to(url)
-      { status: 302, headers: { 'Location' => url } }
-    end
+        subject.request_post("#{path}?foo=bar=baz", "") { |_| }
+      end
 
-    it "should follow the redirect to the final resource location" do
-      stub_request(:get, "http://me.example.com:8140/foo").to_return(redirect_to("http://me.example.com:8140/bar"))
-      stub_request(:get, "http://me.example.com:8140/bar").to_return(status: 200)
+      it "merges custom headers with default ones" do
+        stub_request(:post, url).with(headers: { 'X-Foo' => 'Bar', 'User-Agent' => /./ })
 
-      create_connection.get('/foo')
-    end
+        subject.request_post(path, "", {'X-Foo' => 'Bar'}) { |_| }
+      end
 
-    def expects_limit_exceeded(conn)
-      expect {
-        conn.get('/')
-      }.to raise_error(Puppet::Network::HTTP::RedirectionLimitExceededException)
-    end
+      it "returns the response" do
+        stub_request(:post, url)
 
-    it "should not follow any redirects when the limit is 0" do
-      stub_request(:get, "http://me.example.com:8140/").to_return(redirect_to("http://me.example.com:8140/foo"))
+        response = subject.request_post(path, "") { |_| }
+        expect(response).to be_an_instance_of(Net::HTTPOK)
+        expect(response.code).to eq("200")
+      end
+
+      it "accepts a URL string as the path" do
+        stub_request(:post, url)
 
-      conn = create_connection(:redirect_limit => 0)
-      expects_limit_exceeded(conn)
+        response = subject.request_post(url, "") { |_| }
+        expect(response).to be_an_instance_of(Net::HTTPOK)
+      end
     end
 
-    it "should follow the redirect once" do
-      stub_request(:get, "http://me.example.com:8140/").to_return(redirect_to("http://me.example.com:8140/foo"))
-      stub_request(:get, "http://me.example.com:8140/foo").to_return(redirect_to("http://me.example.com:8140/bar"))
+    context "for GET requests" do
+      it "includes default HTTP headers" do
+        stub_request(:get, url).with(headers: {'User-Agent' => /./})
 
-      conn = create_connection(:redirect_limit => 1)
-      expects_limit_exceeded(conn)
-    end
+        subject.get(path)
+      end
 
-    it "should raise an exception when the redirect limit is exceeded" do
-      stub_request(:get, "http://me.example.com:8140/").to_return(redirect_to("http://me.example.com:8140/foo"))
-      stub_request(:get, "http://me.example.com:8140/foo").to_return(redirect_to("http://me.example.com:8140/bar"))
-      stub_request(:get, "http://me.example.com:8140/bar").to_return(redirect_to("http://me.example.com:8140/baz"))
-      stub_request(:get, "http://me.example.com:8140/baz").to_return(redirect_to("http://me.example.com:8140/qux"))
+      it "stringifies keys and encodes values in the query" do
+        stub_request(:get, url).with(query: "foo=bar%3Dbaz")
 
-      conn = create_connection(:redirect_limit => 3)
-      expects_limit_exceeded(conn)
-    end
-  end
+        subject.get("#{path}?foo=bar=baz")
+      end
 
-  context "when response indicates an overloaded server" do
-    def retry_after(datetime)
-      stub_request(:get, url)
-        .to_return(status: [503, 'Service Unavailable'], headers: {'Retry-After' => datetime}).then
-        .to_return(status: 200)
-    end
+      it "merges custom headers with default ones" do
+        stub_request(:get, url).with(headers: { 'X-Foo' => 'Bar', 'User-Agent' => /./ })
 
-    it "should return a 503 response if Retry-After is not set" do
-      stub_request(:get, url).to_return(status: [503, 'Service Unavailable'])
+        subject.get(path, {'X-Foo' => 'Bar'})
+      end
 
-      result = subject.get('/foo')
-      expect(result.code).to eq("503")
-    end
+      it "returns the response" do
+        stub_request(:get, url)
+
+        response = subject.get(path)
+        expect(response).to be_an_instance_of(Net::HTTPOK)
+        expect(response.code).to eq("200")
+      end
+
+      it "returns the entire response body" do
+        stub_request(:get, url).to_return(body: "abc")
+
+        response = subject.get(path)
+        expect(response.body).to eq("abc")
+      end
 
-    it "should return a 503 response if Retry-After is not convertible to an Integer or RFC 2822 Date" do
-      retry_after('foo')
+      it "accepts a URL string as the path" do
+        stub_request(:get, url)
 
-      result = subject.get('/foo')
-      expect(result.code).to eq("503")
+        response = subject.get(url)
+        expect(response).to be_an_instance_of(Net::HTTPOK)
+      end
     end
 
-    it "should close the connection before sleeping" do
-      retry_after('42')
+    context "for HEAD requests" do
+      it "includes default HTTP headers" do
+        stub_request(:head, url).with(headers: {'User-Agent' => /./})
 
-      http1 = Net::HTTP.new(host, port)
-      http1.use_ssl = true
-      allow(http1).to receive(:started?).and_return(true)
+        subject.head(path)
+      end
 
-      http2 = Net::HTTP.new(host, port)
-      http2.use_ssl = true
-      allow(http1).to receive(:started?).and_return(true)
+      it "stringifies keys and encodes values in the query" do
+        stub_request(:head, url).with(query: "foo=bar%3Dbaz")
 
-      # The "with_connection" method is required to yield started connections
-      pool = Puppet.lookup(:http_pool)
-      allow(pool).to receive(:with_connection).and_yield(http1).and_yield(http2)
+        subject.head("#{path}?foo=bar=baz")
+      end
 
-      expect(http1).to receive(:finish).ordered
-      expect(::Kernel).to receive(:sleep).with(42).ordered
+      it "merges custom headers with default ones" do
+        stub_request(:head, url).with(headers: { 'X-Foo' => 'Bar', 'User-Agent' => /./ })
 
-      subject.get('/foo')
-    end
+        subject.head(path, {'X-Foo' => 'Bar'})
+      end
+
+      it "returns the response" do
+        stub_request(:head, url)
 
-    it "should sleep and retry if Retry-After is an Integer" do
-      retry_after('42')
+        response = subject.head(path)
+        expect(response).to be_an_instance_of(Net::HTTPOK)
+        expect(response.code).to eq("200")
+      end
 
-      expect(::Kernel).to receive(:sleep).with(42)
+      it "accepts a URL string as the path" do
+        stub_request(:head, url)
 
-      result = subject.get('/foo')
-      expect(result.code).to eq("200")
+        response = subject.head(url)
+        expect(response).to be_an_instance_of(Net::HTTPOK)
+      end
     end
 
-    it "should sleep and retry if Retry-After is an RFC 2822 Date" do
-      retry_after('Wed, 13 Apr 2005 15:18:05 GMT')
+    context "for PUT requests" do
+      it "includes default HTTP headers" do
+        stub_request(:put, url).with(headers: {'User-Agent' => /./})
 
-      now = DateTime.new(2005, 4, 13, 8, 17, 5, '-07:00')
-      allow(DateTime).to receive(:now).and_return(now)
+        subject.put(path, "", {'Content-Type' => 'text/plain'})
+      end
 
-      expect(::Kernel).to receive(:sleep).with(60)
+      it "stringifies keys and encodes values in the query" do
+        stub_request(:put, url).with(query: "foo=bar%3Dbaz")
 
-      result = subject.get('/foo')
-      expect(result.code).to eq("200")
-    end
+        subject.put("#{path}?foo=bar=baz", "")
+      end
 
-    it "should sleep for no more than the Puppet runinterval" do
-      retry_after('60')
+      it "includes custom headers" do
+        stub_request(:put, url).with(headers: { 'X-Foo' => 'Bar' })
 
-      Puppet[:runinterval] = 30
+        subject.put(path, "", {'X-Foo' => 'Bar', 'Content-Type' => 'text/plain'})
+      end
 
-      expect(::Kernel).to receive(:sleep).with(30)
+      it "returns the response" do
+        stub_request(:put, url)
 
-      subject.get('/foo')
-    end
+        response = subject.put(path, "", {'Content-Type' => 'text/plain'})
+        expect(response).to be_an_instance_of(Net::HTTPOK)
+        expect(response.code).to eq("200")
+      end
+
+      it "sets content-type for the body" do
+        stub_request(:put, url).with(headers: {"Content-Type" => "text/plain"})
 
-    it "should sleep for 0 seconds if the RFC 2822 date has past" do
-      retry_after('Wed, 13 Apr 2005 15:18:05 GMT')
+        subject.put(path, "hello", {'Content-Type' => 'text/plain'})
+      end
 
-      expect(::Kernel).to receive(:sleep).with(0)
+      it 'sends an empty body' do
+        stub_request(:put, url).with(body: '')
 
-      subject.get('/foo')
-    end
-  end
+        subject.put(path, nil)
+      end
+
+      it 'defaults content-type to application/x-www-form-urlencoded' do
+        skip("Net::HTTP sends a default content-type header, but it's not visible to webmock") if legacy_api
 
-  context "basic auth" do
-    let(:auth) { { :user => 'user', :password => 'password' } }
-    let(:creds) { [ 'user', 'password'] }
+        stub_request(:put, url).with(headers: {'Content-Type' => 'application/x-www-form-urlencoded'})
 
-    it "is allowed in get requests" do
-      stub_request(:get, url).with(basic_auth: creds)
+        subject.put(path, '')
+      end
+
+      it "accepts a URL string as the path" do
+        stub_request(:put, url)
 
-      subject.get('/foo', nil, :basic_auth => auth)
+        response = subject.put(url, '')
+        expect(response).to be_an_instance_of(Net::HTTPOK)
+      end
     end
 
-    it "is allowed in post requests" do
-      stub_request(:post, url).with(basic_auth: creds)
+    context "for POST requests" do
+      it "includes default HTTP headers" do
+        stub_request(:post, url).with(headers: {'User-Agent' => /./})
+
+        subject.post(path, "", {'Content-Type' => 'text/plain'})
+      end
+
+      it "stringifies keys and encodes values in the query" do
+        stub_request(:post, url).with(query: "foo=bar%3Dbaz")
+
+        subject.post("#{path}?foo=bar=baz", "", {'Content-Type' => 'text/plain'})
+      end
+
+      it "includes custom headers" do
+        stub_request(:post, url).with(headers: { 'X-Foo' => 'Bar' })
+
+        subject.post(path, "", {'X-Foo' => 'Bar', 'Content-Type' => 'text/plain'})
+      end
+
+      it "returns the response" do
+        stub_request(:post, url)
+
+        response = subject.post(path, "", {'Content-Type' => 'text/plain'})
+        expect(response).to be_an_instance_of(Net::HTTPOK)
+        expect(response.code).to eq("200")
+      end
+
+      it "sets content-type for the body" do
+        stub_request(:post, url).with(headers: {"Content-Type" => "text/plain"})
+
+        subject.post(path, "hello", {'Content-Type' => 'text/plain'})
+      end
+
+      it 'sends an empty body' do
+        stub_request(:post, url).with(body: '')
+
+        subject.post(path, nil)
+      end
+
+      it 'defaults content-type to application/x-www-form-urlencoded' do
+        skip("Net::HTTP sends a default content-type header, but it's not visible to webmock") if legacy_api
+
+        stub_request(:post, url).with(headers: {'Content-Type' => 'application/x-www-form-urlencoded'})
+
+        subject.post(path, "")
+      end
 
-      subject.post('/foo', 'data', nil, :basic_auth => auth)
+      it "accepts a URL string as the path" do
+        stub_request(:post, url)
+
+        response = subject.post(url, '')
+        expect(response).to be_an_instance_of(Net::HTTPOK)
+      end
     end
 
-    it "is allowed in head requests" do
-      stub_request(:head, url).with(basic_auth: creds)
+    context "for DELETE requests" do
+      it "includes default HTTP headers" do
+        stub_request(:delete, url).with(headers: {'User-Agent' => /./})
+
+        subject.delete(path)
+      end
+
+      it "merges custom headers with default ones" do
+        stub_request(:delete, url).with(headers: { 'X-Foo' => 'Bar', 'User-Agent' => /./ })
+
+        subject.delete(path, {'X-Foo' => 'Bar'})
+      end
+
+      it "stringifies keys and encodes values in the query" do
+        stub_request(:delete, url).with(query: "foo=bar%3Dbaz")
+
+        subject.delete("#{path}?foo=bar=baz")
+      end
+
+      it "returns the response" do
+        stub_request(:delete, url)
+
+        response = subject.delete(path)
+        expect(response).to be_an_instance_of(Net::HTTPOK)
+        expect(response.code).to eq("200")
+      end
+
+      it "returns the entire response body" do
+        stub_request(:delete, url).to_return(body: "abc")
+
+        expect(subject.delete(path).body).to eq("abc")
+      end
+
+      it "accepts a URL string as the path" do
+        stub_request(:delete, url)
 
-      subject.head('/foo', nil, :basic_auth => auth)
+        response = subject.delete(url)
+        expect(response).to be_an_instance_of(Net::HTTPOK)
+      end
     end
 
-    it "is allowed in delete requests" do
-      stub_request(:delete, url).with(basic_auth: creds)
+    context "when response is a redirect" do
+      subject { klass }
+
+      def create_connection(options = {})
+        options[:use_ssl] = false
+        options[:verify] = Puppet::SSL::Validator.no_validator
+        subject.new(host, port, options)
+      end
+
+      def redirect_to(url)
+        { status: 302, headers: { 'Location' => url } }
+      end
+
+      it "should follow the redirect to the final resource location" do
+        stub_request(:get, "http://me.example.com:8140/foo").to_return(redirect_to("http://me.example.com:8140/bar"))
+        stub_request(:get, "http://me.example.com:8140/bar").to_return(status: 200)
+
+        create_connection.get('/foo')
+      end
+
+      def expects_limit_exceeded(conn)
+        expect {
+          conn.get('/')
+        }.to raise_error(Puppet::Network::HTTP::RedirectionLimitExceededException)
+      end
+
+      it "should not follow any redirects when the limit is 0" do
+        stub_request(:get, "http://me.example.com:8140/").to_return(redirect_to("http://me.example.com:8140/foo"))
+
+        conn = create_connection(:redirect_limit => 0)
+        expects_limit_exceeded(conn)
+      end
+
+      it "should follow the redirect once" do
+        stub_request(:get, "http://me.example.com:8140/").to_return(redirect_to("http://me.example.com:8140/foo"))
+        stub_request(:get, "http://me.example.com:8140/foo").to_return(redirect_to("http://me.example.com:8140/bar"))
+
+        conn = create_connection(:redirect_limit => 1)
+        expects_limit_exceeded(conn)
+      end
+
+      it "should raise an exception when the redirect limit is exceeded" do
+        stub_request(:get, "http://me.example.com:8140/").to_return(redirect_to("http://me.example.com:8140/foo"))
+        stub_request(:get, "http://me.example.com:8140/foo").to_return(redirect_to("http://me.example.com:8140/bar"))
+        stub_request(:get, "http://me.example.com:8140/bar").to_return(redirect_to("http://me.example.com:8140/baz"))
+        stub_request(:get, "http://me.example.com:8140/baz").to_return(redirect_to("http://me.example.com:8140/qux"))
+
+        conn = create_connection(:redirect_limit => 3)
+        expects_limit_exceeded(conn)
+      end
 
-      subject.delete('/foo', nil, :basic_auth => auth)
+      it 'raises an exception when the location header is missing' do
+        stub_request(:get, "http://me.example.com:8140/").to_return(status: 302)
+
+        if legacy_api
+          expect {
+            create_connection.get('/')
+          }.to raise_error(URI::InvalidURIError, /bad URI/)
+        else
+          expect {
+            create_connection.get('/')
+          }.to raise_error(Puppet::HTTP::ProtocolError, /Location response header is missing/)
+        end
+      end
     end
 
-    it "is allowed in put requests" do
-      stub_request(:put, url).with(basic_auth: creds)
+    context "when response indicates an overloaded server" do
+      def retry_after(datetime)
+        stub_request(:get, url)
+          .to_return(status: [503, 'Service Unavailable'], headers: {'Retry-After' => datetime}).then
+          .to_return(status: 200)
+      end
+
+      it "should return a 503 response if Retry-After is not set" do
+        stub_request(:get, url).to_return(status: [503, 'Service Unavailable'])
+
+        result = subject.get('/foo')
+        expect(result.code).to eq("503")
+      end
+
+      it "should return a 503 response if Retry-After is not convertible to an Integer or RFC 2822 Date" do
+        retry_after('foo')
+
+        if legacy_api
+          result = subject.get('/foo')
+          expect(result.code).to eq("503")
+        else
+          expect {
+            subject.get('/foo')
+          }.to raise_error(Puppet::HTTP::ProtocolError, /Failed to parse Retry-After header 'foo'/)
+        end
+      end
+
+      it "should close the connection before sleeping" do
+        retry_after('42')
+
+        http1 = Net::HTTP.new(host, port)
+        http1.use_ssl = true
+        allow(http1).to receive(:started?).and_return(true)
+
+        http2 = Net::HTTP.new(host, port)
+        http2.use_ssl = true
+        allow(http1).to receive(:started?).and_return(true)
+
+        # The "with_connection" method is required to yield started connections
+        pool = if legacy_api
+                 Puppet.lookup(:http_pool)
+               else
+                 Puppet.runtime[:http].pool
+               end
 
-      subject.put('/foo', 'data', nil, :basic_auth => auth)
+        allow(pool).to receive(:with_connection).and_yield(http1).and_yield(http2)
+
+        expect(http1).to receive(:finish).ordered
+        expect(::Kernel).to receive(:sleep).with(42).ordered
+
+        subject.get('/foo')
+      end
+
+      it "should sleep and retry if Retry-After is an Integer" do
+        retry_after('42')
+
+        expect(::Kernel).to receive(:sleep).with(42)
+
+        result = subject.get('/foo')
+        expect(result.code).to eq("200")
+      end
+
+      it "should sleep and retry if Retry-After is an RFC 2822 Date" do
+        retry_after('Wed, 13 Apr 2005 15:18:05 GMT')
+
+        now = DateTime.new(2005, 4, 13, 8, 17, 5, '-07:00')
+        allow(DateTime).to receive(:now).and_return(now)
+
+        expect(::Kernel).to receive(:sleep).with(60)
+
+        result = subject.get('/foo')
+        expect(result.code).to eq("200")
+      end
+
+      it "should sleep for no more than the Puppet runinterval" do
+        retry_after('60')
+
+        Puppet[:runinterval] = 30
+
+        expect(::Kernel).to receive(:sleep).with(30)
+
+        subject.get('/foo')
+      end
+
+      it "should sleep for 0 seconds if the RFC 2822 date has past" do
+        retry_after('Wed, 13 Apr 2005 15:18:05 GMT')
+
+        expect(::Kernel).to receive(:sleep).with(0)
+
+        subject.get('/foo')
+      end
     end
-  end
 
-  it "sets HTTP User-Agent header" do
-    puppet_ua = "Puppet/#{Puppet.version} Ruby/#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL} (#{RUBY_PLATFORM})"
-    stub_request(:get, url).with(headers: { 'User-Agent' => puppet_ua })
+    context "basic auth" do
+      let(:auth) { { :user => 'user', :password => 'password' } }
+      let(:creds) { [ 'user', 'password'] }
 
-    subject.get('/foo')
-  end
+      it "is allowed in get requests" do
+        stub_request(:get, url).with(basic_auth: creds)
 
-  describe 'connection request errors' do
-    it "logs and raises generic http errors" do
-      generic_error = Net::HTTPError.new('generic error', double("response"))
-      stub_request(:get, url).to_raise(generic_error)
+        subject.get('/foo', nil, :basic_auth => auth)
+      end
 
-      expect(Puppet).to receive(:log_exception).with(anything, /^.*failed: generic error$/)
-      expect { subject.get('/foo') }.to raise_error(generic_error)
+      it "is allowed in post requests" do
+        stub_request(:post, url).with(basic_auth: creds)
+
+        subject.post('/foo', 'data', nil, :basic_auth => auth)
+      end
+
+      it "is allowed in head requests" do
+        stub_request(:head, url).with(basic_auth: creds)
+
+        subject.head('/foo', nil, :basic_auth => auth)
+      end
+
+      it "is allowed in delete requests" do
+        stub_request(:delete, url).with(basic_auth: creds)
+
+        subject.delete('/foo', nil, :basic_auth => auth)
+      end
+
+      it "is allowed in put requests" do
+        stub_request(:put, url).with(basic_auth: creds)
+
+        subject.put('/foo', 'data', nil, :basic_auth => auth)
+      end
     end
 
-    it "logs and raises timeout errors" do
-      timeout_error = Timeout::Error.new
-      stub_request(:get, url).to_raise(timeout_error)
+    it "sets HTTP User-Agent header" do
+      puppet_ua = "Puppet/#{Puppet.version} Ruby/#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL} (#{RUBY_PLATFORM})"
+      stub_request(:get, url).with(headers: { 'User-Agent' => puppet_ua })
 
-      expect(Puppet).to receive(:log_exception).with(anything, /^.*timed out after .* seconds$/)
-      expect { subject.get('/foo') }.to raise_error(timeout_error)
+      subject.get('/foo')
     end
 
-    it "logs and raises eof errors" do
-      eof_error = EOFError
-      stub_request(:get, url).to_raise(eof_error)
+    describe 'connection request errors' do
+      it "logs and raises generic http errors" do
+        generic_error = Net::HTTPError.new('generic error', double("response"))
+        stub_request(:get, url).to_raise(generic_error)
 
-      expect(Puppet).to receive(:log_exception).with(anything, /^.*interrupted after .* seconds$/)
-      expect { subject.get('/foo') }.to raise_error(eof_error)
+        expect(Puppet).to receive(:log_exception).with(anything, /^.*failed.*: generic error$/)
+        expect { subject.get('/foo') }.to raise_error(generic_error)
+      end
+
+      it "logs and raises timeout errors" do
+        timeout_error = Net::OpenTimeout.new
+        stub_request(:get, url).to_raise(timeout_error)
+
+        expect(Puppet).to receive(:log_exception).with(anything, /^.*timed out .*after .* seconds/)
+        expect { subject.get('/foo') }.to raise_error(timeout_error)
+      end
+
+      it "logs and raises eof errors" do
+        eof_error = EOFError
+        stub_request(:get, url).to_raise(eof_error)
+
+        expect(Puppet).to receive(:log_exception).with(anything, /^.*interrupted after .* seconds$/)
+        expect { subject.get('/foo') }.to raise_error(eof_error)
+      end
     end
   end
+
+  describe Puppet::Network::HTTP::Connection do
+    it_behaves_like "an HTTP connection", described_class, true
+  end
+
+  describe Puppet::Network::HTTP::ConnectionAdapter do
+    it_behaves_like "an HTTP connection", described_class, false
+  end
 end