puppet 6.29.0 → 7.0.0

data/spec/unit/indirector/store_configs_spec.rb

@@ -0,0 +1,7 @@
+require 'spec_helper'
+
+require 'puppet/indirector/store_configs'
+
+describe Puppet::Indirector::StoreConfigs do
+  pending "REVISIT: creating an instance requires ludicrous amounts of stubbing, and there is relatively little to actually test here.  What to do?  Shared behaviours allow us to push down a lot of the testing into the implementation class tests anyhow..."
+end

data/spec/unit/indirector_spec.rb

@@ -112,8 +112,8 @@ describe Puppet::Indirector, "when registering an indirection" do
   end
 
   it "should pass any provided options to the indirection during initialization" do
-    expect(Puppet::Indirector::Indirection).to receive(:new).with(@thingie, :first, {:doc => 'some docs', :indirected_class => 'Thingie'})
-    @indirection = @thingie.indirects :first, :doc => 'some docs'
+    expect(Puppet::Indirector::Indirection).to receive(:new).with(@thingie, :first, {:some => :options, :indirected_class => 'Thingie'})
+    @indirection = @thingie.indirects :first, :some => :options
   end
 
   it "should extend the class to handle serialization" do

data/spec/unit/interface/action_spec.rb

@@ -537,6 +537,15 @@ describe Puppet::Interface::Action do
     end
   end
 
+  context "#when_rendering" do
+    it "should fail if no type is given when_rendering"
+    it "should accept a when_rendering block"
+    it "should accept multiple when_rendering blocks"
+    it "should fail if when_rendering gets a non-symbol identifier"
+    it "should fail if a second block is given for the same type"
+    it "should return the block if asked"
+  end
+
   context "#validate_and_clean" do
     subject do
       Puppet::Interface.new(:validate_args, '1.0.0') do

data/spec/unit/module_spec.rb

@@ -478,7 +478,7 @@ describe Puppet::Module do
     end
   end
 
-  [:plugins, :pluginfacts, :templates, :files, :manifests, :scripts].each do |filetype|
+  [:plugins, :pluginfacts, :templates, :files, :manifests].each do |filetype|
     case filetype
       when :plugins
         dirname = "lib"
@@ -567,20 +567,6 @@ describe Puppet::Module do
       expect(mod.task_file(task_exe)).to eq("#{mod.path}/tasks/#{task_exe}")
     end
 
-    it "should list files from the scripts directory if required by the task" do
-      mod         = 'loads_scripts'
-      task_dep    = 'myscript.sh'
-      script_ref  = "#{mod}/scripts/#{task_dep}"
-      task_json   = JSON.generate({'files' => [script_ref]})
-      task        = [['task', { name: 'task.json', content: task_json }]]
-      mod         = PuppetSpec::Modules.create(mod, @modpath, {:environment => env,
-                                                       :scripts     => [task_dep],
-                                                       :tasks       => task})
-
-      expect(mod.tasks.first.files).to include({'name' => script_ref,
-                                                'path' => /#{script_ref}/})
-    end
-
     it "should return nil when asked for an individual task file if it does not exist" do
       mod = PuppetSpec::Modules.create('task_file_neg', @modpath, {:environment => env,
                                                                    :tasks => []})

data/spec/unit/module_tool/applications/installer_spec.rb

@@ -66,18 +66,6 @@ describe Puppet::ModuleTool::Applications::Installer, :unless => RUBY_PLATFORM =
       graph_should_include 'pmtacceptance-stdlib', nil => v('4.1.0')
     end
 
-    it 'reports a meaningful error if the name is invalid' do
-      app = installer('ntp', install_dir, options)
-      results = app.run
-      expect(results).to include :result => :failure
-      expect(results[:error][:oneline]).to eq("Could not install 'ntp', did you mean 'puppetlabs-ntp'?")
-      expect(results[:error][:multiline]).to eq(<<~END.chomp)
-        Could not install module 'ntp'
-          The name 'ntp' is invalid
-            Did you mean `puppet module install puppetlabs-ntp`?
-      END
-    end
-
     context 'with a tarball file' do
       let(:module) { fixtures('stdlib.tgz') }
 
@@ -259,21 +247,6 @@ describe Puppet::ModuleTool::Applications::Installer, :unless => RUBY_PLATFORM =
           expect(subject).to include :result => :success
           graph_should_include 'pmtacceptance-mysql', nil => v('0.8.0')
         end
-
-        context 'with an already installed dependency' do
-          before { preinstall('pmtacceptance-stdlib', '2.6.0') }
-
-          def options
-            super.merge(:version => '0.7.0')
-          end
-
-          it 'installs given version without errors and does not change version of dependency' do
-            expect(subject).to include :result => :success
-            graph_should_include 'pmtacceptance-mysql', nil => v('0.7.0')
-            expect(subject[:error]).to be_nil
-            graph_should_include 'pmtacceptance-stdlib', v('2.6.0') => v('2.6.0')
-          end
-        end
       end
 
       context 'with a --version that cannot satisfy' do
@@ -285,47 +258,6 @@ describe Puppet::ModuleTool::Applications::Installer, :unless => RUBY_PLATFORM =
           expect(subject).to include :result => :failure
         end
 
-        context 'with unsatisfiable dependencies' do
-          let(:graph) { double(SemanticPuppet::Dependency::Graph, :modules => ['pmtacceptance-mysql']) }
-          let(:exception) { SemanticPuppet::Dependency::UnsatisfiableGraph.new(graph, constraint) }
-
-          before do
-            allow(SemanticPuppet::Dependency).to receive(:resolve).and_raise(exception)
-          end
-
-          context 'with known constraint' do
-            let(:constraint) { 'pmtacceptance-mysql' }
-
-            it 'prints a detailed error containing the modules that would not be satisfied' do
-              expect(subject[:error]).to include(:multiline)
-              expect(subject[:error][:multiline]).to include("Could not install module 'pmtacceptance-mysql' (> 1.0.0)")
-              expect(subject[:error][:multiline]).to include("The requested version cannot satisfy one or more of the following installed modules:")
-              expect(subject[:error][:multiline]).to include("pmtacceptance-keystone, expects 'pmtacceptance-mysql': >=0.6.1 <1.0.0")
-              expect(subject[:error][:multiline]).to include("Use `puppet module install 'pmtacceptance-mysql' --ignore-dependencies` to install only this module")
-            end
-          end
-
-          context 'with missing constraint' do
-            let(:constraint) { nil }
-
-            it 'prints the generic error message' do
-              expect(subject[:error]).to include(:multiline)
-              expect(subject[:error][:multiline]).to include("Could not install module 'pmtacceptance-mysql' (> 1.0.0)")
-              expect(subject[:error][:multiline]).to include("The requested version cannot satisfy all dependencies")
-            end
-          end
-
-          context 'with unknown constraint' do
-            let(:constraint) { 'another' }
-
-            it 'prints the generic error message' do
-              expect(subject[:error]).to include(:multiline)
-              expect(subject[:error][:multiline]).to include("Could not install module 'pmtacceptance-mysql' (> 1.0.0)")
-              expect(subject[:error][:multiline]).to include("The requested version cannot satisfy all dependencies")
-            end
-          end
-        end
-
         context 'with --ignore-dependencies' do
           def options
             super.merge(:ignore_dependencies => true)
@@ -346,43 +278,6 @@ describe Puppet::ModuleTool::Applications::Installer, :unless => RUBY_PLATFORM =
             graph_should_include 'pmtacceptance-mysql', nil => v('2.1.0')
           end
         end
-
-        context 'with an already installed dependency' do
-          let(:graph) {
-            double(SemanticPuppet::Dependency::Graph,
-              :dependencies => {
-                'pmtacceptance-mysql' => {
-                  :version => '2.1.0'
-                }
-              },
-              :modules => ['pmtacceptance-mysql'],
-              :unsatisfied => 'pmtacceptance-stdlib'
-            )
-          }
-
-          let(:unsatisfiable_graph_exception) { SemanticPuppet::Dependency::UnsatisfiableGraph.new(graph) }
-
-          before do
-            allow(SemanticPuppet::Dependency).to receive(:resolve).and_raise(unsatisfiable_graph_exception)
-            allow(unsatisfiable_graph_exception).to receive(:respond_to?).and_return(true)
-            allow(unsatisfiable_graph_exception).to receive(:unsatisfied).and_return(graph.unsatisfied)
-
-            preinstall('pmtacceptance-stdlib', '2.6.0')
-          end
-
-          def options
-            super.merge(:version => '2.1.0')
-          end
-
-          it 'fails to install and outputs a multiline error containing the versions, expectations and workaround' do
-            expect(subject).to include :result => :failure
-            expect(subject[:error]).to include(:multiline)
-            expect(subject[:error][:multiline]).to include("Could not install module 'pmtacceptance-mysql' (v2.1.0)")
-            expect(subject[:error][:multiline]).to include("The requested version cannot satisfy one or more of the following installed modules:")
-            expect(subject[:error][:multiline]).to include("pmtacceptance-stdlib, installed: 2.6.0, expected: >= 2.2.1")
-            expect(subject[:error][:multiline]).to include("Use `puppet module install 'pmtacceptance-mysql' --ignore-dependencies` to install only this module")
-          end
-        end
       end
     end
 

data/spec/unit/network/authconfig_spec.rb

@@ -1,135 +1,8 @@
 require 'spec_helper'
-
 require 'puppet/network/authconfig'
 
-describe Puppet::Network::DefaultAuthProvider do
-  before :each do
-    allow(Puppet::FileSystem).to receive(:stat).and_return(double('stat', :ctime => :now))
-    allow(Time).to receive(:now).and_return(Time.now)
-  end
-
-  describe "when initializing" do
-    it "inserts default ACLs after setting initial rights" do
-      expect_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:insert_default_acl)
-      Puppet::Network::DefaultAuthProvider.new
-    end
-  end
-
-  describe "when defining an acl with mk_acl" do
-    before :each do
-      allow_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:insert_default_acl)
-      @authprovider = Puppet::Network::DefaultAuthProvider.new
-    end
-
-    it "should create a new right for each default acl" do
-      @authprovider.mk_acl(:acl => '/')
-      expect(@authprovider.rights['/']).to be
-    end
-
-    it "allows everyone for each default right" do
-      @authprovider.mk_acl(:acl => '/')
-      expect(@authprovider.rights['/']).to be_globalallow
-    end
-
-    it "accepts an argument to restrict the method" do
-      @authprovider.mk_acl(:acl => '/', :method => :find)
-      expect(@authprovider.rights['/'].methods).to eq([:find])
-    end
-
-    it "creates rights with authentication set to true by default" do
-      @authprovider.mk_acl(:acl => '/')
-      expect(@authprovider.rights['/'].authentication).to be_truthy
-    end
-
-    it "accepts an argument to set the authentication requirement" do
-      @authprovider.mk_acl(:acl => '/', :authenticated => :any)
-      expect(@authprovider.rights['/'].authentication).to be_falsey
-    end
-  end
-
-  describe "when adding default ACLs" do
-    before :each do
-      allow_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:insert_default_acl)
-      @authprovider = Puppet::Network::DefaultAuthProvider.new
-      allow_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:insert_default_acl).and_call_original
-    end
-
-    Puppet::Network::DefaultAuthProvider::default_acl.each do |acl|
-      it "should create a default right for #{acl[:acl]}" do
-        allow(@authprovider).to receive(:mk_acl)
-        expect(@authprovider).to receive(:mk_acl).with(acl)
-        @authprovider.insert_default_acl
-      end
-    end
-
-    it "should log at info loglevel" do
-      expect(Puppet).to receive(:info).at_least(:once)
-      @authprovider.insert_default_acl
-    end
-
-    it "creates an empty catch-all rule for '/' for any authentication request state" do
-      allow(@authprovider).to receive(:mk_acl)
-
-      @authprovider.insert_default_acl
-      expect(@authprovider.rights['/']).to be_empty
-      expect(@authprovider.rights['/'].authentication).to be_falsey
-    end
-
-    it '(CVE-2013-2275) allows report submission only for the node matching the certname by default' do
-      acl = {
-        :acl => "~ ^#{Puppet::Network::HTTP::MASTER_URL_PREFIX}\/v3\/report\/([^\/]+)$",
-        :method => :save,
-        :allow => '$1',
-        :authenticated => true
-      }
-      allow(@authprovider).to receive(:mk_acl)
-      expect(@authprovider).to receive(:mk_acl).with(acl)
-      @authprovider.insert_default_acl
-    end
-  end
-
-  describe "when checking authorization" do
-    it "should ask for authorization to the ACL subsystem" do
-      params = {
-        :ip => "127.0.0.1",
-        :node => "me",
-        :environment => :env,
-        :authenticated => true
-      }
-
-      expect_any_instance_of(Puppet::Network::Rights).to receive(:is_request_forbidden_and_why?).with(:save, "/path/to/resource", params)
-
-      described_class.new.check_authorization(:save, "/path/to/resource", params)
-    end
-  end
-end
-
 describe Puppet::Network::AuthConfig do
-  after :each do
-    Puppet::Network::AuthConfig.authprovider_class = nil
-  end
-
-  class TestAuthProvider
-    def initialize(rights=nil); end
-    def check_authorization(method, path, params); end
-  end
-
-  it "instantiates authprovider_class with rights" do
-    Puppet::Network::AuthConfig.authprovider_class = TestAuthProvider
-    rights = Puppet::Network::Rights.new
-    expect(TestAuthProvider).to receive(:new).with(rights)
-    described_class.new(rights)
-  end
-
-  it "delegates authorization check to authprovider_class" do
-    Puppet::Network::AuthConfig.authprovider_class = TestAuthProvider
-    expect_any_instance_of(TestAuthProvider).to receive(:check_authorization).with(:save, '/path/to/resource', {})
-    described_class.new.check_authorization(:save, '/path/to/resource', {})
-  end
-
-  it "uses DefaultAuthProvider by default" do
-    Puppet::Network::AuthConfig.authprovider_class = nil
-    expect_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:check_authorization).with(:save, '/path/to/resource', {})
-    described_class.new.check_authorization(:save, '/path/to/resource', {})
+  it "accepts an auth provider class" do
+    Puppet::Network::AuthConfig.authprovider_class = Object
   end
 end

data/spec/unit/network/authorization_spec.rb

@@ -1,61 +1,8 @@
 require 'spec_helper'
-require 'puppet/network/http'
-require 'puppet/network/http/api/indirected_routes'
 require 'puppet/network/authorization'
 
 describe Puppet::Network::Authorization do
-  class AuthTest
-    include Puppet::Network::Authorization
-  end
-
-  subject { AuthTest.new }
-
-  context "when creating an authconfig object" do
-    before :each do
-      # Other tests may have created an authconfig, so we have to undo that.
-      @orig_auth_config = Puppet::Network::AuthConfigLoader.instance_variable_get(:@auth_config)
-      @orig_auth_config_file = Puppet::Network::AuthConfigLoader.instance_variable_get(:@auth_config_file)
-
-      Puppet::Network::AuthConfigLoader.instance_variable_set(:@auth_config, nil)
-      Puppet::Network::AuthConfigLoader.instance_variable_set(:@auth_config_file, nil)
-    end
-
-    after :each do
-      Puppet::Network::AuthConfigLoader.instance_variable_set(:@auth_config, @orig_auth_config)
-      Puppet::Network::AuthConfigLoader.instance_variable_set(:@auth_config_file, @orig_auth_config_file)
-    end
-
-    it "creates default ACL entries if no file has been read" do
-      expect(Puppet::Network::AuthConfigParser).to receive(:new_from_file).and_raise(Errno::ENOENT)
-      expect_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:insert_default_acl)
-
-      subject.authconfig
-    end
-  end
-
-  class TestAuthConfig
-    def check_authorization(method, path, params); end
-  end
-
-  class TestAuthConfigLoader
-    def self.authconfig
-      TestAuthConfig.new
-    end
-  end
-
-  context "when checking authorization" do
-    after :each do
-      Puppet::Network::Authorization.authconfigloader_class = nil
-    end
-
-    it "delegates to the authconfig object" do
-      Puppet::Network::Authorization.authconfigloader_class =
-          TestAuthConfigLoader
-      expect_any_instance_of(TestAuthConfig).to receive(:check_authorization).with(
-          :save, '/mypath', {:param1 => "value1"}).and_return("yay, it worked!")
-      expect(subject.check_authorization(
-                 :save, '/mypath',
-                 {:param1 => "value1"})).to eq("yay, it worked!")
-    end
+  it "accepts an auth config loader class" do
+    Puppet::Network::Authorization.authconfigloader_class = Object
   end
 end

data/spec/unit/network/formats_spec.rb

@@ -161,19 +161,19 @@ describe "Puppet Network Format" do
     end
 
     it 'raises when interning an instance of an unacceptable indirected type' do
-      obj = Puppet::SSL::Key.new('foo')
+      obj = :something
 
       expect {
         yaml.intern(obj.class, YAML.dump(obj))
-      }.to raise_error(Puppet::Network::FormatHandler::FormatError, /Tried to load unspecified class: Puppet::SSL::Key/)
+      }.to raise_error(Puppet::Network::FormatHandler::FormatError, /Tried to load unspecified class: Symbol/)
     end
 
     it 'raises when interning multple instances of an unacceptable indirected type' do
-      obj = Puppet::SSL::Key.new('foo')
+      obj = :something
 
       expect {
         yaml.intern_multiple(obj.class, YAML.dump([obj]))
-      }.to raise_error(Puppet::Network::FormatHandler::FormatError, /Tried to load unspecified class: Puppet::SSL::Key/)
+      }.to raise_error(Puppet::Network::FormatHandler::FormatError, /Tried to load unspecified class: Symbol/)
     end
   end
 
@@ -368,12 +368,6 @@ describe "Puppet Network Format" do
       expect(json.render_multiple(instances)).to eq([{"string" => "foo"}].to_json)
     end
 
-    it "should render multiple instances as a JSON array of hashes when multi_json is not present" do
-      hide_const("MultiJson") if defined?(MultiJson)
-      instances = [FormatsTest.new("foo")]
-      expect(json.render_multiple(instances)).to eq([{"string" => "foo"}].to_json)
-    end
-
     it "should intern an instance from a JSON hash" do
       text = Puppet::Util::Json.dump({"string" => "parsed_json"})
       instance = json.intern(FormatsTest, text)
@@ -540,45 +534,4 @@ EOT
       end
     end
   end
-
-  describe ":flat format" do
-    let(:flat) { Puppet::Network::FormatHandler.format(:flat) }
-
-    it "should include a flat format" do
-      expect(flat).to be_an_instance_of Puppet::Network::Format
-    end
-
-    [:intern, :intern_multiple].each do |method|
-      it "should not implement #{method}" do
-        expect { flat.send(method, String, 'blah') }.to raise_error NotImplementedError
-      end
-    end
-
-    context "when rendering arrays" do
-      {
-          []                           => "",
-          [1, 2]                       => "0=1\n1=2\n",
-          ["one"]                      => "0=one\n",
-          [{"one" => 1}, {"two" => 2}] => "0.one=1\n1.two=2\n",
-          [['something', 'for'], ['the', 'test']]  => "0=[\"something\", \"for\"]\n1=[\"the\", \"test\"]\n"
-      }.each_pair do |input, output|
-        it "should render #{input.inspect} as one item per line" do
-          expect(flat.render(input)).to eq(output)
-        end
-      end
-    end
-
-    context "when rendering hashes" do
-      {
-          {}                                   => "",
-          {1 => 2}                             => "1=2\n",
-          {"one" => "two"}                     => "one=two\n",
-          {[1,2] => 3, [2,3] => 5, [3,4] => 7} => "[1, 2]=3\n[2, 3]=5\n[3, 4]=7\n",
-      }.each_pair do |input, output|
-        it "should render #{input.inspect}" do
-          expect(flat.render(input)).to eq(output)
-        end
-      end
-    end
-  end
 end

data/spec/unit/network/http/api/indirected_routes_spec.rb

@@ -24,6 +24,10 @@ describe Puppet::Network::HTTP::API::IndirectedRoutes do
     let(:env_loaders) { Puppet::Environments::Static.new(environment) }
     let(:params) { { :environment => "env" } }
 
+    before do
+      allow(handler).to receive(:handler).and_return("foo")
+    end
+
     around do |example|
       Puppet.override(:environments => env_loaders) do
         example.run
@@ -58,7 +62,7 @@ describe Puppet::Network::HTTP::API::IndirectedRoutes do
       }.to raise_error(bad_request_error)
     end
 
-    it "should not pass a buck_path parameter through (See Bugs #13553, #13518, #13511)" do
+    it "should not pass a bucket_path parameter through (See Bugs #13553, #13518, #13511)" do
       expect(handler.uri2indirection("GET", "#{master_url_prefix}/node/bar",
                               { :environment => "env",
                                 :bucket_path => "/malicious/path" })[3]).not_to include({ :bucket_path => "/malicious/path" })
@@ -118,10 +122,6 @@ describe Puppet::Network::HTTP::API::IndirectedRoutes do
       expect(handler.uri2indirection("PUT", "#{master_url_prefix}/facts/puppet.node.test", params)[0].name).to eq(:facts)
     end
 
-    it "should change indirection name to 'status' if the http method is a GET and the indirection name is statuses" do
-      expect(handler.uri2indirection("GET", "#{master_url_prefix}/statuses/bar", params)[0].name).to eq(:status)
-    end
-
     it "should change indirection name to 'node' if the http method is a GET and the indirection name is nodes" do
       expect(handler.uri2indirection("GET", "#{master_url_prefix}/nodes/bar", params)[0].name).to eq(:node)
     end
@@ -145,96 +145,9 @@ describe Puppet::Network::HTTP::API::IndirectedRoutes do
       _, _, key, _ = handler.uri2indirection("GET", "#{master_url_prefix}/node/#{escaped}", params)
       expect(key).to eq(escaped)
     end
-
-    it "should not unescape the URI passed through in a call to check_authorization" do
-      key_escaped = Puppet::Util.uri_encode("foo bar")
-      uri_escaped = "#{master_url_prefix}/node/#{key_escaped}"
-      expect(handler).to receive(:check_authorization).with(anything, uri_escaped, anything)
-      handler.uri2indirection("GET", uri_escaped, params)
-    end
-
-    it "when the environment is unknown should remove :environment from params passed to check_authorization and therefore fail" do
-      expect(handler).to receive(:check_authorization).with(anything,
-                                                            anything,
-                                                            excluding(:environment))
-      expect { handler.uri2indirection("GET",
-                                       "#{master_url_prefix}/node/bar",
-                                       {:environment => 'bogus'})
-      }.to raise_error(not_found_error)
-    end
-
-    it "should not URI unescape the indirection key as passed through to a call to check_authorization" do
-      expect(handler).to receive(:check_authorization).with(anything, anything, hash_including(environment: be_a(Puppet::Node::Environment).and(have_attributes(name: :env))))
-
-      handler.uri2indirection("GET", "#{master_url_prefix}/node/bar", params)
-    end
-
-  end
-
-  describe "when converting a request into a URI" do
-    let(:environment) { Puppet::Node::Environment.create(:myenv, []) }
-    let(:request) { Puppet::Indirector::Request.new(:foo, :find, "with spaces", nil, :foo => :bar, :environment => environment) }
-
-    it "should include the environment in the query string of the URI" do
-      expect(handler.class.request_to_uri(request)).to eq("#{master_url_prefix}/foo/with%20spaces?environment=myenv&foo=bar")
-    end
-
-    it "should include the correct url prefix if it is a ca request" do
-      allow(request).to receive(:indirection_name).and_return("certificate")
-      expect(handler.class.request_to_uri(request)).to eq("#{ca_url_prefix}/certificate/with%20spaces?environment=myenv&foo=bar")
-    end
-
-    it "should pluralize the indirection name if the method is 'search'" do
-      allow(request).to receive(:method).and_return(:search)
-      expect(handler.class.request_to_uri(request).split("/")[3]).to eq("foos")
-    end
-
-    it "should add the query string to the URI" do
-      expect(request).to receive(:query_string).and_return("query")
-      expect(handler.class.request_to_uri(request)).to match(/\&query$/)
-    end
-  end
-
-  describe "when converting a request into a URI with body" do
-    let(:environment) { Puppet::Node::Environment.create(:myenv, []) }
-    let(:request) { Puppet::Indirector::Request.new(:foo, :find, "with spaces", nil, :foo => :bar, :environment => environment) }
-
-    it "should use the indirection as the first field of the URI" do
-      expect(handler.class.request_to_uri_and_body(request).first.split("/")[3]).to eq("foo")
-    end
-
-    it "should use the escaped key as the remainder of the URI" do
-      escaped = Puppet::Util.uri_encode("with spaces")
-      expect(handler.class.request_to_uri_and_body(request).first.split("/")[4].sub(/\?.+/, '')).to eq(escaped)
-    end
-
-    it "should include the correct url prefix if it is a master request" do
-      expect(handler.class.request_to_uri_and_body(request).first).to eq("#{master_url_prefix}/foo/with%20spaces")
-    end
-
-    it "should include the correct url prefix if it is a ca request" do
-      allow(request).to receive(:indirection_name).and_return("certificate")
-      expect(handler.class.request_to_uri_and_body(request).first).to eq("#{ca_url_prefix}/certificate/with%20spaces")
-    end
-
-    it "should return the URI and body separately" do
-      expect(handler.class.request_to_uri_and_body(request)).to eq(["#{master_url_prefix}/foo/with%20spaces", "environment=myenv&foo=bar"])
-    end
   end
 
   describe "when processing a request" do
-    it "should raise not_authorized_error when authorization fails" do
-      data = Puppet::IndirectorTesting.new("my data")
-      indirection.save(data, "my data")
-      request = a_request_that_heads(data)
-
-      expect(handler).to receive(:check_authorization).and_raise(Puppet::Network::AuthorizationError.new("forbidden"))
-
-      expect {
-        handler.call(request, response)
-      }.to raise_error(not_authorized_error)
-    end
-
     it "should raise not_found_error if the indirection does not support remote requests" do
       request = a_request_that_heads(Puppet::IndirectorTesting.new("my data"))
 

data/spec/unit/network/http/api/master/v3_spec.rb

@@ -15,15 +15,18 @@ describe Puppet::Network::HTTP::API::Master::V3 do
         chain(Puppet::Network::HTTP::API::Master::V3.routes)
   }
 
-  it "mounts the environments endpoint" do
-    request = Puppet::Network::HTTP::Request.from_hash(:path => "#{master_url_prefix}/environments")
-    master_routes.process(request, response)
-
-    expect(response.code).to eq(200)
+  # simulate puppetserver registering its authconfigloader class
+  around :each do |example|
+    Puppet::Network::Authorization.authconfigloader_class = Object
+    begin
+      example.run
+    ensure
+      Puppet::Network::Authorization.authconfigloader_class = nil
+    end
   end
 
-  it "mounts the environment endpoint" do
-    request = Puppet::Network::HTTP::Request.from_hash(:path => "#{master_url_prefix}/environment/production")
+  it "mounts the environments endpoint" do
+    request = Puppet::Network::HTTP::Request.from_hash(:path => "#{master_url_prefix}/environments")
     master_routes.process(request, response)
 
     expect(response.code).to eq(200)
@@ -54,4 +57,22 @@ describe Puppet::Network::HTTP::API::Master::V3 do
       master_routes.process(request, response)
     }.to raise_error(not_found_error)
   end
+
+  it "checks authorization for indirected routes" do
+    Puppet::Network::Authorization.authconfigloader_class = nil
+
+    request = Puppet::Network::HTTP::Request.from_hash(:path => "#{master_url_prefix}/catalog/foo")
+    expect {
+      master_routes.process(request, response)
+    }.to raise_error(Puppet::Network::HTTP::Error::HTTPNotAuthorizedError, %r{Not Authorized: Forbidden request: /puppet/v3/catalog/foo \(method GET\)})
+  end
+
+  it "checks authorization for environments" do
+    Puppet::Network::Authorization.authconfigloader_class = nil
+
+    request = Puppet::Network::HTTP::Request.from_hash(:path => "#{master_url_prefix}/environments")
+    expect {
+      master_routes.process(request, response)
+    }.to raise_error(Puppet::Network::HTTP::Error::HTTPNotAuthorizedError, %r{Not Authorized: Forbidden request: /puppet/v3/environments \(method GET\)})
+  end
 end