puppet 6.19.1-x86-mingw32 → 7.0.0-x86-mingw32

data/spec/unit/network/http_spec.rb

@@ -1,9 +0,0 @@
-require 'spec_helper'
-require 'puppet/network/http'
-
-describe Puppet::Network::HTTP do
-  it 'defines an http_pool context' do
-    pool = Puppet.lookup(:http_pool)
-    expect(pool).to be_a(Puppet::Network::HTTP::Pool)
-  end
-end

data/spec/unit/network/rights_spec.rb

@@ -1,439 +0,0 @@
-require 'spec_helper'
-
-require 'puppet/network/rights'
-
-describe Puppet::Network::Rights do
-  before do
-    @right = Puppet::Network::Rights.new
-  end
-
-  describe "when validating a :head request" do
-    [:find, :save].each do |allowed_method|
-      it "should allow the request if only #{allowed_method} is allowed" do
-        rights = Puppet::Network::Rights.new
-        right = rights.newright("/")
-        right.allow("*")
-        right.restrict_method(allowed_method)
-        right.restrict_authenticated(:any)
-        expect(rights.is_request_forbidden_and_why?(:head, "/indirection_name/key", {})).to eq(nil)
-      end
-    end
-
-    it "should disallow the request if neither :find nor :save is allowed" do
-      rights = Puppet::Network::Rights.new
-      why_forbidden = rights.is_request_forbidden_and_why?(:head, "/indirection_name/key", {})
-      expect(why_forbidden).to be_instance_of(Puppet::Network::AuthorizationError)
-      expect(why_forbidden.to_s).to eq("Forbidden request: /indirection_name/key [find]")
-    end
-  end
-
-  it "should throw an error if type can't be determined" do
-    expect { @right.newright("name") }.to raise_error(ArgumentError, /Unknown right type/)
-  end
-
-  describe "when creating new path ACLs" do
-    it "should not throw an error if the ACL already exists" do
-      @right.newright("/name")
-
-      expect { @right.newright("/name")}.not_to raise_error
-    end
-
-    it "should throw an error if the acl uri path is not absolute" do
-      expect { @right.newright("name")}.to raise_error(ArgumentError, /Unknown right type/)
-    end
-
-    it "should create a new ACL with the correct path" do
-      @right.newright("/name")
-
-      expect(@right["/name"]).not_to be_nil
-    end
-
-    it "should create an ACL of type Puppet::Network::AuthStore" do
-      @right.newright("/name")
-
-      expect(@right["/name"]).to be_a_kind_of(Puppet::Network::AuthStore)
-    end
-  end
-
-  describe "when creating new regex ACLs" do
-    it "should not throw an error if the ACL already exists" do
-      @right.newright("~ .rb$")
-
-      expect { @right.newright("~ .rb$")}.not_to raise_error
-    end
-
-    it "should create a new ACL with the correct regex" do
-      @right.newright("~ .rb$")
-
-      expect(@right.include?(".rb$")).not_to be_nil
-    end
-
-    it "should be able to lookup the regex" do
-      @right.newright("~ .rb$")
-
-      expect(@right[".rb$"]).not_to be_nil
-    end
-
-    it "should be able to lookup the regex by its full name" do
-      @right.newright("~ .rb$")
-
-      expect(@right["~ .rb$"]).not_to be_nil
-    end
-
-    it "should create an ACL of type Puppet::Network::AuthStore" do
-      expect(@right.newright("~ .rb$")).to be_a_kind_of(Puppet::Network::AuthStore)
-    end
-  end
-
-  describe "when checking ACLs existence" do
-    it "should return false if there are no matching rights" do
-      expect(@right.include?("name")).to be_falsey
-    end
-
-    it "should return true if a path right exists" do
-      @right.newright("/name")
-
-      expect(@right.include?("/name")).to be_truthy
-    end
-
-    it "should return false if no matching path rights exist" do
-      @right.newright("/name")
-
-      expect(@right.include?("/differentname")).to be_falsey
-    end
-
-    it "should return true if a regex right exists" do
-      @right.newright("~ .rb$")
-
-      expect(@right.include?(".rb$")).to be_truthy
-    end
-
-    it "should return false if no matching path rights exist" do
-      @right.newright("~ .rb$")
-
-      expect(@right.include?(".pp$")).to be_falsey
-    end
-  end
-
-  describe "when checking if right is allowed" do
-    before :each do
-      allow(@right).to receive(:right).and_return(nil)
-
-      @pathacl = double('pathacl', :"<=>" => 1, :line => 0, :file => 'dummy')
-      allow(Puppet::Network::Rights::Right).to receive(:new).and_return(@pathacl)
-    end
-
-    it "should delegate to is_forbidden_and_why?" do
-      expect(@right).to receive(:is_forbidden_and_why?).with("namespace", :node => "host.domain.com", :ip => "127.0.0.1").and_return(nil)
-
-      @right.allowed?("namespace", "host.domain.com", "127.0.0.1")
-    end
-
-    it "should return true if is_forbidden_and_why? returns nil" do
-      allow(@right).to receive(:is_forbidden_and_why?).and_return(nil)
-      expect(@right.allowed?("namespace", :args)).to be_truthy
-    end
-
-    it "should return false if is_forbidden_and_why? returns an AuthorizationError" do
-      allow(@right).to receive(:is_forbidden_and_why?).and_return(Puppet::Network::AuthorizationError.new("forbidden"))
-      expect(@right.allowed?("namespace", :args1, :args2)).to be_falsey
-    end
-
-    it "should pass the match? return to allowed?" do
-      @right.newright("/path/to/there")
-
-      expect(@pathacl).to receive(:match?).and_return(:match)
-      expect(@pathacl).to receive(:allowed?).with(anything, anything, hash_including(match: :match)).and_return(true)
-
-      expect(@right.is_forbidden_and_why?("/path/to/there", {})).to eq(nil)
-    end
-
-    describe "with path acls" do
-      before :each do
-        @long_acl = double('longpathacl', :name => "/path/to/there", :line => 0, :file => 'dummy')
-        allow(Puppet::Network::Rights::Right).to receive(:new).with("/path/to/there", 0, nil).and_return(@long_acl)
-
-        @short_acl = double('shortpathacl', :name => "/path/to", :line => 0, :file => 'dummy')
-        allow(Puppet::Network::Rights::Right).to receive(:new).with("/path/to", 0, nil).and_return(@short_acl)
-
-        allow(@long_acl).to receive(:"<=>").with(@short_acl).and_return(0)
-        allow(@short_acl).to receive(:"<=>").with(@long_acl).and_return(0)
-      end
-
-      it "should select the first match" do
-        @right.newright("/path/to", 0)
-        @right.newright("/path/to/there", 0)
-
-        allow(@long_acl).to receive(:match?).and_return(true)
-        allow(@short_acl).to receive(:match?).and_return(true)
-
-        expect(@short_acl).to receive(:allowed?).and_return(true)
-        expect(@long_acl).not_to receive(:allowed?)
-
-        expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
-      end
-
-      it "should select the first match that doesn't return :dunno" do
-        @right.newright("/path/to/there", 0, nil)
-        @right.newright("/path/to", 0, nil)
-
-        allow(@long_acl).to receive(:match?).and_return(true)
-        allow(@short_acl).to receive(:match?).and_return(true)
-
-        expect(@long_acl).to receive(:allowed?).and_return(:dunno)
-        expect(@short_acl).to receive(:allowed?).and_return(true)
-
-        expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
-      end
-
-      it "should not select an ACL that doesn't match" do
-        @right.newright("/path/to/there", 0)
-        @right.newright("/path/to", 0)
-
-        allow(@long_acl).to receive(:match?).and_return(false)
-        allow(@short_acl).to receive(:match?).and_return(true)
-
-        expect(@long_acl).not_to receive(:allowed?)
-        expect(@short_acl).to receive(:allowed?).and_return(true)
-
-        expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
-      end
-
-      it "should not raise an AuthorizationError if allowed" do
-        @right.newright("/path/to/there", 0)
-
-        allow(@long_acl).to receive(:match?).and_return(true)
-        allow(@long_acl).to receive(:allowed?).and_return(true)
-
-        expect(@right.is_forbidden_and_why?("/path/to/there/and/there", {})).to eq(nil)
-      end
-
-      it "should raise an AuthorizationError if the match is denied" do
-        @right.newright("/path/to/there", 0, nil)
-
-        allow(@long_acl).to receive(:match?).and_return(true)
-        allow(@long_acl).to receive(:allowed?).and_return(false)
-
-        expect(@right.is_forbidden_and_why?("/path/to/there", {})).to be_instance_of(Puppet::Network::AuthorizationError)
-      end
-
-      it "should raise an AuthorizationError if no path match" do
-        expect(@right.is_forbidden_and_why?("/nomatch", {})).to be_instance_of(Puppet::Network::AuthorizationError)
-      end
-    end
-
-    describe "with regex acls" do
-      before :each do
-        @regex_acl1 = double('regex_acl1', :name => "/files/(.*)/myfile", :line => 0, :file => 'dummy')
-        allow(Puppet::Network::Rights::Right).to receive(:new).with("~ /files/(.*)/myfile", 0, nil).and_return(@regex_acl1)
-
-        @regex_acl2 = double('regex_acl2', :name => "/files/(.*)/myfile/", :line => 0, :file => 'dummy')
-        allow(Puppet::Network::Rights::Right).to receive(:new).with("~ /files/(.*)/myfile/", 0, nil).and_return(@regex_acl2)
-
-        allow(@regex_acl1).to receive(:"<=>").with(@regex_acl2).and_return(0)
-        allow(@regex_acl2).to receive(:"<=>").with(@regex_acl1).and_return(0)
-      end
-
-      it "should select the first match" do
-        @right.newright("~ /files/(.*)/myfile", 0)
-        @right.newright("~ /files/(.*)/myfile/", 0)
-
-        allow(@regex_acl1).to receive(:match?).and_return(true)
-        allow(@regex_acl2).to receive(:match?).and_return(true)
-
-        expect(@regex_acl1).to receive(:allowed?).and_return(true)
-        expect(@regex_acl2).not_to receive(:allowed?)
-
-        expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
-      end
-
-      it "should select the first match that doesn't return :dunno" do
-        @right.newright("~ /files/(.*)/myfile", 0)
-        @right.newright("~ /files/(.*)/myfile/", 0)
-
-        allow(@regex_acl1).to receive(:match?).and_return(true)
-        allow(@regex_acl2).to receive(:match?).and_return(true)
-
-        expect(@regex_acl1).to receive(:allowed?).and_return(:dunno)
-        expect(@regex_acl2).to receive(:allowed?).and_return(true)
-
-        expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
-      end
-
-      it "should not select an ACL that doesn't match" do
-        @right.newright("~ /files/(.*)/myfile", 0)
-        @right.newright("~ /files/(.*)/myfile/", 0)
-
-        allow(@regex_acl1).to receive(:match?).and_return(false)
-        allow(@regex_acl2).to receive(:match?).and_return(true)
-
-        expect(@regex_acl1).not_to receive(:allowed?)
-        expect(@regex_acl2).to receive(:allowed?).and_return(true)
-
-        expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
-      end
-
-      it "should not raise an AuthorizationError if allowed" do
-        @right.newright("~ /files/(.*)/myfile", 0)
-
-        allow(@regex_acl1).to receive(:match?).and_return(true)
-        allow(@regex_acl1).to receive(:allowed?).and_return(true)
-
-        expect(@right.is_forbidden_and_why?("/files/repository/myfile/other", {})).to eq(nil)
-      end
-
-      it "should raise an error if no regex acl match" do
-        expect(@right.is_forbidden_and_why?("/path", {})).to be_instance_of(Puppet::Network::AuthorizationError)
-      end
-
-      it "should raise an AuthorizedError on deny" do
-        expect(@right.is_forbidden_and_why?("/path", {})).to be_instance_of(Puppet::Network::AuthorizationError)
-      end
-
-    end
-  end
-
-  describe Puppet::Network::Rights::Right do
-    before :each do
-      @acl = Puppet::Network::Rights::Right.new("/path",0, nil)
-    end
-
-    describe "with path" do
-      it "should match up to its path length" do
-        expect(@acl.match?("/path/that/works")).not_to be_nil
-      end
-
-      it "should match up to its path length" do
-        expect(@acl.match?("/paththatalsoworks")).not_to be_nil
-      end
-
-      it "should return nil if no match" do
-        expect(@acl.match?("/notpath")).to be_nil
-      end
-    end
-
-    describe "with regex" do
-      before :each do
-        @acl = Puppet::Network::Rights::Right.new("~ .rb$",0, nil)
-      end
-
-      it "should match as a regex" do
-        expect(@acl.match?("this should work.rb")).not_to be_nil
-      end
-
-      it "should return nil if no match" do
-        expect(@acl.match?("do not match")).to be_nil
-      end
-    end
-
-    it "should allow all rest methods by default" do
-      expect(@acl.methods).to eq(Puppet::Network::Rights::Right::ALL)
-    end
-
-    it "should allow only authenticated request by default" do
-      expect(@acl.authentication).to be_truthy
-    end
-
-    it "should allow modification of the methods filters" do
-      @acl.restrict_method(:save)
-
-      expect(@acl.methods).to eq([:save])
-    end
-
-    it "should stack methods filters" do
-      @acl.restrict_method(:save)
-      @acl.restrict_method(:destroy)
-
-      expect(@acl.methods).to eq([:save, :destroy])
-    end
-
-    it "should raise an error if the method is already filtered" do
-      @acl.restrict_method(:save)
-
-      expect { @acl.restrict_method(:save) }.to raise_error(ArgumentError, /'save' is already in the '\/path'/)
-    end
-
-    it "should allow setting an environment filters" do
-      env = Puppet::Node::Environment.create(:acltest, [])
-      Puppet.override(:environments => Puppet::Environments::Static.new(env)) do
-        @acl.restrict_environment(:acltest)
-
-        expect(@acl.environment).to eq([env])
-      end
-    end
-
-    ["on", "yes", "true", true].each do |auth|
-      it "should allow filtering on authenticated requests with '#{auth}'" do
-        @acl.restrict_authenticated(auth)
-
-        expect(@acl.authentication).to be_truthy
-      end
-    end
-
-    ["off", "no", "false", false, "all", "any", :all, :any].each do |auth|
-      it "should allow filtering on authenticated or unauthenticated requests with '#{auth}'" do
-        @acl.restrict_authenticated(auth)
-        expect(@acl.authentication).to be_falsey
-      end
-    end
-
-    describe "when checking right authorization" do
-      it "should return :dunno if this right is not restricted to the given method" do
-        @acl.restrict_method(:destroy)
-
-        expect(@acl.allowed?("me","127.0.0.1", { :method => :save } )).to eq(:dunno)
-      end
-
-      it "should return true if this right is restricted to the given method" do
-        @acl.restrict_method(:save)
-        @acl.allow("me")
-
-        expect(@acl.allowed?("me","127.0.0.1", { :method => :save, :authenticated => true })).to eq true
-      end
-
-      it "should return :dunno if this right is not restricted to the given environment" do
-        prod = Puppet::Node::Environment.create(:production, [])
-        dev = Puppet::Node::Environment.create(:development, [])
-        Puppet.override(:environments => Puppet::Environments::Static.new(prod, dev)) do
-          @acl.restrict_environment(:production)
-
-          expect(@acl.allowed?("me","127.0.0.1", { :method => :save, :environment => dev })).to eq(:dunno)
-        end
-      end
-
-      it "returns true if the request is permitted for this environment" do
-        @acl.allow("me")
-        prod = Puppet::Node::Environment.create(:production, [])
-        Puppet.override(:environments => Puppet::Environments::Static.new(prod)) do
-          @acl.restrict_environment(:production)
-          expect(@acl.allowed?("me", "127.0.0.1", { :method => :save, :authenticated => true, :environment => prod })).to eq true
-        end
-      end
-
-      it "should return :dunno if this right is not restricted to the given request authentication state" do
-        @acl.restrict_authenticated(true)
-
-        expect(@acl.allowed?("me","127.0.0.1", { :method => :save, :authenticated => false })).to eq(:dunno)
-      end
-
-      it "returns true if this right is restricted to the given request authentication state" do
-        @acl.restrict_authenticated(false)
-        @acl.allow("me")
-
-        expect(@acl.allowed?("me","127.0.0.1", {:method => :save, :authenticated => false })).to eq true
-      end
-
-      it "should interpolate allow/deny patterns with the given match" do
-        expect(@acl).to receive(:interpolate).with(:match)
-
-        @acl.allowed?("me","127.0.0.1", { :method => :save, :match => :match, :authenticated => true })
-      end
-
-      it "should reset interpolation after the match" do
-        expect(@acl).to receive(:reset_interpolation)
-
-        @acl.allowed?("me","127.0.0.1", { :method => :save, :match => :match, :authenticated => true })
-      end
-    end
-  end
-end

data/spec/unit/parser/environment_compiler_spec.rb

@@ -1,730 +0,0 @@
-require 'spec_helper'
-require 'puppet_spec/compiler'
-require 'puppet/parser/environment_compiler'
-
-describe "Application instantiation" do
-  include PuppetSpec::Compiler
-
-  let(:env) { Puppet::Node::Environment.create(:testing, []) }
-  let(:node) { Puppet::Node.new('test', :environment => env) }
-  let(:loaders) { Puppet::Pops::Loaders.new(env) }
-  let(:logs) { [] }
-  let(:notices) { logs.select { |log| log.level == :notice }.map { |log| log.message } }
-  let(:warnings) { logs.select { |log| log.level == :warning }.map { |log| log.message } }
-
-  def compile_collect_log(string)
-    Puppet::Util::Log.with_destination(Puppet::Test::LogCollector.new(logs)) do
-      compile_to_catalog(string, Puppet::Node.new('other', :environment => env))
-    end
-  end
-
-  def compile_to_env_catalog(string, code_id=nil)
-    Puppet[:code] = string
-    Puppet::Parser::EnvironmentCompiler.compile(env, code_id).filter { |r| r.virtual? }
-  end
-
-  before(:each) do
-    allow_any_instance_of(Puppet::Parser::Compiler).to receive(:loaders).and_return(loaders)
-    allow_any_instance_of(Puppet::Parser::EnvironmentCompiler).to receive(:loaders).and_return(loaders)
-    Puppet.push_context({:loaders => loaders, :current_environment => env})
-    Puppet::Type.newtype :cap, :is_capability => true do
-      newparam :name
-      newparam :host
-    end
-  end
-
-  after(:each) do
-    Puppet::Type.rmtype(:cap)
-    Puppet.pop_context()
-  end
-
-  MANIFEST = <<-EOS
-      define prod($host) {
-        notify { "host ${host}":}
-      }
-
-      Prod produces Cap { }
-
-      define cons($host) {
-        notify { "host ${host}": }
-      }
-
-      Cons consumes Cap { }
-
-      application app {
-        prod { one: host => ahost, export => Cap[cap] }
-        cons { two: host => ahost, consume => Cap[cap] }
-        cons { three: consume => Cap[cap] }
-      }
-
-      site {
-        app { anapp:
-          nodes => {
-            Node[first] => Prod[one],
-            Node[second] => Cons[two]
-          }
-        }
-      }
-EOS
-
-MANIFEST_WO_EXPORT = <<-EOS
-    define prod($host) {
-      notify { "host ${host}":}
-    }
-
-    Prod produces Cap { }
-
-    define cons($host) {
-      notify { "host ${host}": }
-    }
-
-    Cons consumes Cap { }
-
-    application app {
-      cons { two: host => ahost, consume => Cap[cap] }
-    }
-
-    site {
-      app { anapp:
-        nodes => {
-          Node[first] => Prod[one],
-          Node[second] => Cons[two]
-        }
-      }
-    }
-EOS
-
-MANIFEST_WO_NODE = <<-EOS
-    define prod($host) {
-      notify { "host ${host}":}
-    }
-
-    Prod produces Cap { }
-
-    define cons($host) {
-      notify { "host ${host}": }
-    }
-
-    Cons consumes Cap { }
-
-    application app {
-      prod { one: host => ahost, export => Cap[cap] }
-      cons { two: host => ahost, consume => Cap[cap] }
-    }
-
-    site {
-      app { anapp:
-      }
-    }
-EOS
-
-MANIFEST_WITH_STRING_NODES = <<-EOS
-    application app {
-    }
-
-    site {
-      app { anapp:
-        nodes => "foobar",
-      }
-    }
-EOS
-
-MANIFEST_WITH_FALSE_NODES = <<-EOS
-    application app {
-    }
-
-    site {
-      app { anapp:
-        nodes => false,
-      }
-    }
-EOS
-
-MANIFEST_REQ_WO_EXPORT = <<-EOS
-    define prod($host) {
-      notify { "host ${host}":}
-    }
-
-    Prod produces Cap { }
-
-    define cons($host) {
-      notify { "host ${host}": }
-    }
-
-    Cons consumes Cap { }
-
-    application app {
-      cons { two: host => ahost, require => Cap[cap] }
-    }
-
-    site {
-      app { anapp:
-        nodes => {
-          Node[first] => Prod[one],
-          Node[second] => Cons[two]
-        }
-      }
-    }
-EOS
-
-MANIFEST_WITH_DOUBLE_EXPORT = <<-EOS
-    define prod($host) {
-      notify { "host ${host}":}
-    }
-
-    Prod produces Cap { }
-
-    define cons($host) {
-      notify { "host ${host}": }
-    }
-
-    Cons consumes Cap { }
-
-    application app {
-      prod { one: host => ahost, export => Cap[cap] }
-      prod { two: host => anotherhost, export => Cap[cap] }
-      cons { two: host => ahost, consume => Cap[cap] }
-    }
-
-    site {
-      app { anapp:
-        nodes => {
-          Node[first] => Prod[one],
-          Node[second] => Cons[two]
-        }
-      }
-    }
-EOS
-
-FAULTY_MANIFEST = <<-EOS
-    define prod($host) {
-      notify { "host ${host}":}
-    }
-
-    Prod produces Cap { }
-
-    define cons($host) {
-      notify { "host ${host}": }
-    }
-
-    Cons consumes Cap { }
-
-    application app {
-      prod { one: host => ahost, export => Cap[cap] }
-      cons { two: host => ahost, consume => Cap[cap] }
-    }
-
-    # app is not in site => error
-    app { anapp:
-      nodes => {
-        Node[first] => Prod[one],
-        Node[second] => Cons[two]
-      }
-    }
-EOS
-
-MANIFEST_WITH_SITE = <<-EOS
-    define prod($host) {
-      notify { "host ${host}":}
-    }
-
-    Prod produces Cap { }
-
-    define cons($host) {
-      notify { "host ${host}": }
-    }
-
-    Cons consumes Cap { }
-
-    application app {
-      prod { one: host => ahost, export => Cap[cap] }
-      cons { two: host => ahost, consume => Cap[cap] }
-    }
-
-    $one = not_the_value_one
-    $two = two
-
-    node default {
-      notify { "on a node": }
-    }
-
-    notify { 'ignore me': }
-
-    site {
-      $one = one
-      app { anapp:
-        nodes => {
-          Node[first] => Prod[$one],
-          Node[second] => Cons[$two]
-        }
-      }
-    }
-EOS
-
-MANIFEST_WITH_ILLEGAL_RESOURCE = <<-EOS
-    define prod($host) {
-      notify { "host ${host}":}
-    }
-
-    Prod produces Cap { }
-
-    define cons($host) {
-      notify { "host ${host}": }
-    }
-
-    Cons consumes Cap { }
-
-    application app {
-      prod { one: host => ahost, export => Cap[cap] }
-      cons { two: consume => Cap[cap] }
-    }
-
-    site {
-      # The rouge expression is here
-      notify { 'fail me': }
-      $one = one
-      app { anapp:
-        nodes => {
-          Node[first] => Prod[one],
-          Node[second] => Cons[two]
-        }
-      }
-    }
-EOS
-
-MANIFEST_WITH_CLASS = <<-EOS
-    define test($host) {
-      notify { "c $host": }
-    }
-
-    class prod($host) {
-      notify { "p $host": }
-    }
-
-    class cons($host) {
-      test { c: host => $host }
-    }
-
-    Class[prod] produces Cap {}
-
-    Class[cons] consumes Cap {}
-
-    application app {
-      class { prod: host => 'ahost', export => Cap[cap]}
-      class { cons: consume => Cap[cap]}
-    }
-
-    site {
-      app { anapp:
-        nodes => {
-          Node[first] => Class[prod],
-          Node[second] => Class[cons]
-        }
-      }
-    }
-EOS
-
-
-  context 'a node catalog' do
-    it "is unaffected for a non-participating node" do
-      catalog = compile_to_catalog(MANIFEST, Puppet::Node.new('other', :environment => env))
-      types = catalog.resource_keys.map { |type, _| type }.uniq.sort
-      expect(types).to eq(["Class", "Stage"])
-    end
-
-    it "an application instance must be contained in a site" do
-      expect { compile_to_catalog(FAULTY_MANIFEST, Puppet::Node.new('first', :environment => env))
-      }.to raise_error(/Application instances .* can only be contained within a Site/)
-    end
-
-    it "does not raise an error when node mappings are not provided" do
-      expect { compile_to_catalog(MANIFEST_WO_NODE, node) }.to_not raise_error
-    end
-
-    it "raises an error if node mapping is a string" do
-      expect { compile_to_catalog(MANIFEST_WITH_STRING_NODES, node)
-      }.to raise_error(/Invalid node mapping in .*: Mapping must be a hash/)
-    end
-
-    it "raises an error if node mapping is false" do
-      expect { compile_to_catalog(MANIFEST_WITH_FALSE_NODES, node)
-      }.to raise_error(/Invalid node mapping in .*: Mapping must be a hash/)
-    end
-
-    it "detects that consumed capability is never exported" do
-      expect { compile_to_env_catalog(MANIFEST_WO_EXPORT)
-      }.to raise_error(/Capability 'Cap\[cap\]' referenced by 'consume' is never exported/)
-    end
-
-    it "detects that required capability is never exported" do
-      expect { compile_to_env_catalog(MANIFEST_REQ_WO_EXPORT)
-      }.to raise_error(/Capability 'Cap\[cap\]' referenced by 'require' is never exported/)
-    end
-
-    it "detects that a capability is exported more than once" do
-      expect { compile_to_env_catalog(MANIFEST_WITH_DOUBLE_EXPORT)
-      }.to raise_error(/'Cap\[cap\]' is exported by both 'Prod\[one\]' and 'Prod\[two\]'/)
-    end
-
-    it "issues deprecation warnings" do
-      expect {compile_collect_log(MANIFEST_WO_NODE)}.not_to raise_error
-      expect(warnings).to include(/Capability Mapping is deprecated/) # there are two of these
-      expect(warnings).to include(/Application is deprecated/)
-      expect(warnings).to include(/Site Definition is deprecated/)
-    end
-
-    context "for producing node" do
-      let(:compiled_node) { Puppet::Node.new('first', :environment => env) }
-      let(:compiled_catalog) { compile_to_catalog(MANIFEST, compiled_node)}
-
-      { "App[anapp]"         => 'application instance',
-        "Cap[cap]"           => 'capability resource',
-        "Prod[one]"          => 'component',
-        "Notify[host ahost]" => 'node resource'
-      }.each do |k,v|
-        it "contains the #{v} (#{k})" do
-            expect(compiled_catalog.resource(k)).not_to be_nil
-        end
-      end
-
-      it "does not contain the consumed resource (Cons[two])" do
-        expect(compiled_catalog.resource("Cons[two]")).to be_nil
-      end
-    end
-
-    context "for consuming node" do
-      let(:compiled_node) { Puppet::Node.new('second', :environment => env) }
-      let(:compiled_catalog) { compile_to_catalog(MANIFEST, compiled_node)}
-      let(:cap) {
-        the_cap = Puppet::Resource.new("Cap", "cap")
-        the_cap["host"] = "ahost"
-        the_cap
-      }
-
-      { "App[anapp]"         => 'application instance',
-        "Cap[cap]"           => 'capability resource',
-        "Cons[two]"          => 'component',
-        "Notify[host ahost]" => 'node resource'
-      }.each do |k,v|
-        it "contains the #{v} (#{k})" do
-            # Mock the connection to Puppet DB
-            expect(Puppet::Resource::CapabilityFinder).to receive(:find).and_return(cap)
-            expect(compiled_catalog.resource(k)).not_to be_nil
-        end
-      end
-
-      it "does not contain the produced resource (Prod[one])" do
-        # Mock the connection to Puppet DB
-        expect(Puppet::Resource::CapabilityFinder).to receive(:find).and_return(cap)
-        expect(compiled_catalog.resource("Prod[one]")).to be_nil
-      end
-    end
-
-    context "for node with class producer" do
-      let(:compiled_node) { Puppet::Node.new('first', :environment => env) }
-      let(:compiled_catalog) { compile_to_catalog(MANIFEST_WITH_CLASS, compiled_node)}
-
-      { "App[anapp]"      => 'application instance',
-        "Cap[cap]"        => 'capability resource',
-        "Class[prod]"     => 'class',
-        "Notify[p ahost]" => 'node resource'
-      }.each do |k,v|
-        it "contains the #{v} (#{k})" do
-          cat = compiled_catalog
-          expect(cat.resource(k)).not_to be_nil
-        end
-      end
-
-      it "does not contain the consumed resource (Class[cons])" do
-        expect(compiled_catalog.resource("Class[cons]")).to be_nil
-      end
-    end
-
-    context "for node with class consumer" do
-      let(:compiled_node) { Puppet::Node.new('second', :environment => env) }
-      let(:compiled_catalog) { compile_to_catalog(MANIFEST_WITH_CLASS, compiled_node)}
-      let(:cap) {
-        the_cap = Puppet::Resource.new("Cap", "cap")
-        the_cap["host"] = "ahost"
-        the_cap
-      }
-
-      { "App[anapp]"      => 'application instance',
-        "Cap[cap]"        => 'capability resource',
-        "Class[cons]"     => 'class',
-        "Notify[c ahost]" => 'node resource'
-      }.each do |k,v|
-        it "contains the #{v} (#{k})" do
-          # Mock the connection to Puppet DB
-          expect(Puppet::Resource::CapabilityFinder).to receive(:find).and_return(cap)
-          expect(compiled_catalog.resource(k)).not_to be_nil
-        end
-      end
-
-      it "does not contain the produced resource (Class[prod])" do
-        # Mock the connection to Puppet DB
-        expect(Puppet::Resource::CapabilityFinder).to receive(:find).and_return(cap)
-        expect(compiled_catalog.resource("Class[prod]")).to be_nil
-      end
-    end
-
-    context "when using a site expression" do
-      # The site expression must be evaluated in a node catalog compilation because
-      # the application instantiations inside it may contain other logic (local variables)
-      # that are used to instantiate an application. The application instances are needed.
-      #
-      it "the node expressions is evaluated" do
-        catalog = compile_to_catalog(MANIFEST_WITH_SITE, Puppet::Node.new('other', :environment => env))
-        types = catalog.resource_keys.map { |type, _| type }.uniq.sort
-        expect(types).to eq(["Class", "Node", "Notify", "Stage"])
-        expect(catalog.resource("Notify[on a node]")).to_not be_nil
-        expect(catalog.resource("Notify[on the site]")).to be_nil
-      end
-
-    end
-
-    context "when using a site expression" do
-      it "the site expression is not evaluated in a node compilation" do
-        catalog = compile_to_catalog(MANIFEST_WITH_SITE, Puppet::Node.new('other', :environment => env))
-        types = catalog.resource_keys.map { |type, _| type }.uniq.sort
-        expect(types).to eq(["Class", "Node", "Notify", "Stage"])
-        expect(catalog.resource("Notify[on a node]")).to_not be_nil
-        expect(catalog.resource("Notify[on the site]")).to be_nil
-      end
-
-    end
-  end
-
-  describe "in the environment catalog" do
-    it "does not fail if there is no site expression" do
-      expect {
-        compile_to_env_catalog(<<-EOC).to_resource
-          notify { 'ignore me':}
-        EOC
-      }.to_not raise_error()
-    end
-
-    it "ignores usage of hiera_include() at topscope for classification" do
-      expect(Puppet).to receive(:debug).with(/Ignoring hiera_include/)
-
-      expect {
-        compile_to_env_catalog(<<-EOC).to_resource
-          hiera_include('classes')
-          site { }
-        EOC
-      }.to_not raise_error()
-
-    end
-
-    it 'removes overriden functions after compile' do
-      expect {
-        compile_to_env_catalog(<<-EOC)
-          hiera_include('classes')
-          site { }
-        EOC
-      }.to_not raise_error()
-      func = Puppet::Pops::Loaders.loaders.puppet_system_loader.load(:function, 'hiera_include')
-      expect(func).to be_a(Puppet::Functions::Function)
-    end
-
-    it "includes components and capability resources" do
-      catalog = compile_to_env_catalog(MANIFEST).to_resource
-      apps = catalog.resources.select do |res|
-        res.resource_type && res.resource_type.application?
-      end
-      expect(apps.size).to eq(1)
-      app = apps.first
-      expect(app["nodes"]).not_to be_nil
-      comps = catalog.direct_dependents_of(app).map(&:ref).sort
-      expect(comps).to eq(["Cons[three]", "Cons[two]", "Prod[one]"])
-
-      prod = catalog.resource("Prod[one]")
-      expect(prod).not_to be_nil
-      expect(prod.export.map(&:ref)).to eq(["Cap[cap]"])
-
-      cons = catalog.resource("Cons[two]")
-      expect(cons).not_to be_nil
-      expect(cons[:consume].ref).to eq("Cap[cap]")
-    end
-
-    it "includes class components" do
-      catalog = compile_to_env_catalog(MANIFEST_WITH_CLASS).to_resource
-      classes = catalog.resources.select do |res|
-        res.type == 'Class' && (res.title == 'Prod' || res.title == 'Cons')
-      end
-      expect(classes.size).to eq(2)
-      expect(classes.map(&:ref).sort).to eq(["Class[Cons]", "Class[Prod]"])
-
-      prod = catalog.resource("Class[prod]")
-      expect(prod).not_to be_nil
-      expect(prod.export.map(&:ref)).to eq(["Cap[cap]"])
-
-      cons = catalog.resource("Class[cons]")
-      expect(cons).not_to be_nil
-      expect(cons[:consume].ref).to eq("Cap[cap]")
-    end
-
-    it "an application instance must be contained in a site" do
-      expect { compile_to_env_catalog(FAULTY_MANIFEST)
-      }.to raise_error(/Application instances .* can only be contained within a Site/)
-    end
-
-    context "when using a site expression" do
-      it "includes components and capability resources" do
-        catalog = compile_to_env_catalog(MANIFEST_WITH_SITE).to_resource
-        apps = catalog.resources.select do |res|
-          res.resource_type && res.resource_type.application?
-        end
-        expect(apps.size).to eq(1)
-        app = apps.first
-        expect(app["nodes"]).not_to be_nil
-        comps = catalog.direct_dependents_of(app).map(&:ref).sort
-        expect(comps).to eq(["Cons[two]", "Prod[one]"])
-
-        prod = catalog.resource("Prod[one]")
-        expect(prod).not_to be_nil
-        expect(prod.export.map(&:ref)).to eq(["Cap[cap]"])
-
-        cons = catalog.resource("Cons[two]")
-        expect(cons).not_to be_nil
-        expect(cons[:consume].ref).to eq("Cap[cap]")
-      end
-
-      it "the site expression is evaluated in an environment compilation" do
-        catalog = compile_to_env_catalog(MANIFEST_WITH_SITE).to_resource
-        types = catalog.resource_keys.map { |type, _| type }.uniq.sort
-        expect(types).to eq(["App", "Class", "Cons", "Prod", "Site", "Stage"])
-        expect(catalog.resource("Notify[on a node]")).to be_nil
-        apps = catalog.resources.select do |res|
-          res.resource_type && res.resource_type.application?
-        end
-        expect(apps.size).to eq(1)
-        app = apps.first
-        comps = catalog.direct_dependents_of(app).map(&:ref).sort
-        expect(comps).to eq(["Cons[two]", "Prod[one]"])
-      end
-
-      it "fails if there are non component resources in the site" do
-        expect {
-          compile_to_env_catalog(MANIFEST_WITH_ILLEGAL_RESOURCE).to_resource
-        }.to raise_error(/Only application components can appear inside a site - Notify\[fail me\] is not allowed \(line: 20\)/)
-      end
-    end
-
-    it "includes code_id if specified" do
-      catalog = compile_to_env_catalog(MANIFEST_WITH_SITE, "12345")
-      expect(catalog.code_id).to eq("12345")
-    end
-
-    it "omits code_id if unspecified" do
-      catalog = compile_to_env_catalog(MANIFEST_WITH_SITE)
-      expect(catalog.code_id).to be_nil
-    end
-  end
-
-
-  describe "when validation of nodes" do
-    it 'validates that the key of a node mapping is a Node' do
-      expect { compile_to_catalog(<<-EOS, Puppet::Node.new('other', :environment => env))
-        application app {
-        }
-
-        site {
-          app { anapp:
-            nodes => {
-              'hello' => Node[other],
-            }
-          }
-        }
-        EOS
-      }.to raise_error(Puppet::Error, /hello is not a Node/)
-    end
-
-    it 'validates that the value of a node mapping is a resource' do
-      expect { compile_to_catalog(<<-EOS, Puppet::Node.new('other', :environment => env))
-        application app {
-        }
-
-        site {
-          app { anapp:
-            nodes => {
-              Node[other] => 'hello'
-            }
-          }
-        }
-      EOS
-      }.to raise_error(Puppet::Error, /hello is not a resource/)
-    end
-
-    it 'validates that the value can be an array or resources' do
-      expect { compile_to_catalog(<<-EOS, Puppet::Node.new('other', :environment => env))
-        define p {
-          notify {$title:}
-        }
-
-        application app {
-          p{one:}
-          p{two:}
-        }
-
-        site {
-          app { anapp:
-            nodes => {
-              Node[other] => [P[one],P[two]]
-            }
-          }
-        }
-      EOS
-      }.not_to raise_error
-    end
-
-    it 'validates that the is bound to exactly one node' do
-      expect { compile_to_catalog(<<-EOS, Puppet::Node.new('first', :environment => env))
-        define p {
-          notify {$title:}
-        }
-
-        application app {
-          p{one:}
-        }
-
-        site {
-          app { anapp:
-            nodes => {
-              Node[first] => P[one],
-              Node[second] => P[one],
-            }
-          }
-        }
-      EOS
-      }.to raise_error(Puppet::Error, /maps component P\[one\] to multiple nodes/)
-    end
-  end
-
-  describe "site containing a resource named 'plan'" do
-    it 'finds an application named plan' do
-      expect {compile_collect_log(<<-PUPPET)}.not_to raise_error
-        define plan::node_file() {
-          file { "/tmp/plans/${name}.txt":
-            content => "this is ${name}.txt",
-          }
-        }
-        Plan::Node_file produces Node_file {}
-        application plan() {
-          plan::node_file { "node_file_${name}":
-            export => Node_file["node_file_${name}"]
-          }
-        }
-        site {
-          plan { "test":
-            nodes       => {
-              Node["test.example.com"] => Plan::Node_file["node_file_plan_test"],
-            }
-          }
-        }
-        PUPPET
-
-      expect(warnings).to include(/Use of future reserved word: 'plan'/)
-    end
-  end
-end