puppet 7.14.0-universal-darwin → 7.17.0-universal-darwin

data/spec/integration/application/lookup_spec.rb

@@ -7,7 +7,7 @@ describe 'lookup' do
   include PuppetSpec::Files
 
   context 'with an environment' do
-    let(:fqdn) { Puppet.runtime[:facter].value(:fqdn) }
+    let(:fqdn) { Puppet[:certname] }
     let(:env_name) { 'spec' }
     let(:env_dir) { tmpdir('environments') }
     let(:environment_files) do
@@ -43,12 +43,10 @@ describe 'lookup' do
     end
 
     let(:app) { Puppet::Application[:lookup] }
-    let(:env) { Puppet::Node::Environment.create(env_name.to_sym, [File.join(populated_env_dir, env_name, 'modules')]) }
-    let(:environments) { Puppet::Environments::Directories.new(populated_env_dir, []) }
     let(:facts) { Puppet::Node::Facts.new("facts", {'my_fact' => 'my_fact_value'}) }
     let(:cert) { pem_content('oid.pem') }
 
-    let(:node) { Puppet::Node.new('testnode', :facts => facts, :environment => env) }
+    let(:node) { Puppet::Node.new('testnode', :facts => facts) }
     let(:populated_env_dir) do
       dir_contained_in(env_dir, environment_files)
       env_dir
@@ -57,75 +55,72 @@ describe 'lookup' do
     before do
       stub_request(:get, "https://puppet:8140/puppet-ca/v1/certificate/#{fqdn}").to_return(body: cert)
       allow(Puppet::Node::Facts.indirection).to receive(:find).and_return(facts)
-    end
 
-    def lookup(key, options = {}, explain = false)
-      key = [key] unless key.is_a?(Array)
-      allow(app.command_line).to receive(:args).and_return(key)
-      if explain
-        app.options[:explain] = true
-        app.options[:render_as] = :s
-      else
-        app.options[:render_as] = :json
-      end
-      options.each_pair { |k, v| app.options[k] = v }
-      capture = StringIO.new
-      saved_stdout = $stdout
-      begin
-        $stdout = capture
-        expect { app.run_command }.to exit_with(0)
-      ensure
-        $stdout = saved_stdout
-      end
-      out = capture.string.strip
-      if explain
-        out
-      else
-        out.empty? ? nil : JSON.parse("[#{out}]")[0]
-      end
-    end
+      Puppet[:environment] = env_name
+      Puppet[:environmentpath] = populated_env_dir
 
-    def explain(key, options = {})
-      lookup(key, options, true)
+      http = Puppet::HTTP::Client.new(ssl_context: Puppet::SSL::SSLProvider.new.create_insecure_context)
+      Puppet.runtime[:http] = http
     end
 
-    around(:each) do |example|
-      Puppet.override(:environments => environments, :current_environment => env) do
-        example.run
-      end
+    def expect_lookup_with_output(exitcode, out)
+      expect { app.run }.to exit_with(exitcode).and output(out).to_stdout
     end
 
     it 'finds data in the environment' do
-      expect(lookup('a')).to eql('value a')
+      app.command_line.args << 'a'
+      expect_lookup_with_output(0, /value a/)
     end
 
-    it 'loads trusted information from the node certificate' do
-      allow(Puppet).to receive(:override).and_call_original
-      expect(Puppet).to receive(:override).with(trusted_information: an_object_having_attributes(
-        certname: fqdn,
-        extensions: { "1.3.6.1.4.1.34380.1.2.1.1" => "somevalue" }))
+    it "resolves hiera data using a top-level node parameter" do
+      File.write(File.join(env_dir, env_name, 'hiera.yaml'), <<~YAML)
+        ---
+        version: 5
+        hierarchy:
+          - name: "Per Node"
+            data_hash: yaml_data
+            path: "%{my_fact}.yaml"
+      YAML
+
+      File.write(File.join(env_dir, env_name, 'data', "my_fact_value.yaml"), <<~YAML)
+        ---
+        a: value from per node data
+      YAML
+
+      app.command_line.args << 'a'
+      expect_lookup_with_output(0, /--- value from per node data/)
+    end
 
+    it 'loads trusted information from the node certificate' do
       Puppet.settings[:node_terminus] = 'exec'
-      expect_any_instance_of(Puppet::Node::Exec).to receive(:find).and_return(node)
-      lookup('a', :compile => true)
+      expect_any_instance_of(Puppet::Node::Exec).to receive(:find) do |args|
+        info = Puppet.lookup(:trusted_information)
+        expect(info.certname).to eq(fqdn)
+        expect(info.extensions).to eq({ "1.3.6.1.4.1.34380.1.2.1.1" => "somevalue" })
+      end.and_return(node)
+
+      app.command_line.args << 'a' << '--compile'
+      expect_lookup_with_output(0, /--- value a/)
     end
 
     it 'loads external facts when running without --node' do
       expect(Puppet::Util).not_to receive(:skip_external_facts)
       expect(Facter).not_to receive(:load_external)
-      lookup('a')
+
+      app.command_line.args << 'a'
+      expect_lookup_with_output(0, /--- value a/)
     end
 
     describe 'when using --node' do
       let(:fqdn) { 'random_node' }
 
       it 'skips loading of external facts' do
-        app.options[:node] = fqdn
+        app.command_line.args << 'a' << '--node' << fqdn
 
         expect(Puppet::Node::Facts.indirection).to receive(:find).and_return(facts)
-        expect(Facter).to receive(:load_external).once.with(false)
-        expect(Facter).to receive(:load_external).once.with(true)
-        lookup('a')
+        expect(Facter).to receive(:load_external).twice.with(false)
+        expect(Facter).to receive(:load_external).twice.with(true)
+        expect_lookup_with_output(0, /--- value a/)
       end
     end
 
@@ -133,29 +128,32 @@ describe 'lookup' do
       require 'puppet/indirector/node/exec'
       require 'puppet/indirector/node/plain'
 
-      let(:node) { Puppet::Node.new('testnode', :facts => facts, :environment => env) }
+      let(:node) { Puppet::Node.new('testnode', :facts => facts) }
 
       it ':plain without --compile' do
         Puppet.settings[:node_terminus] = 'exec'
         expect_any_instance_of(Puppet::Node::Plain).to receive(:find).and_return(node)
         expect_any_instance_of(Puppet::Node::Exec).not_to receive(:find)
-        expect(lookup('a')).to eql('value a')
+
+        app.command_line.args << 'a'
+        expect_lookup_with_output(0, /--- value a/)
       end
 
       it 'configured in Puppet settings with --compile' do
         Puppet.settings[:node_terminus] = 'exec'
         expect_any_instance_of(Puppet::Node::Plain).not_to receive(:find)
         expect_any_instance_of(Puppet::Node::Exec).to receive(:find).and_return(node)
-        expect(lookup('a', :compile => true)).to eql('value a')
+
+        app.command_line.args << 'a' << '--compile'
+        expect_lookup_with_output(0, /--- value a/)
       end
     end
 
     context 'configured with the wrong environment' do
-      let(:env) { Puppet::Node::Environment.create(env_name.to_sym, [File.join(populated_env_dir, env_name, 'modules')]) }
       it 'does not find data in non-existing environment' do
-        Puppet.override(:environments => environments, :current_environment => 'someother') do
-          expect(lookup('a', {}, true)).to match(/did not find a value for the name 'a'/)
-        end
+        Puppet[:environment] = 'doesntexist'
+        app.command_line.args << 'a'
+        expect { app.run }.to raise_error(Puppet::Environments::EnvironmentNotFound, /Could not find a directory environment named 'doesntexist'/)
       end
     end
 
@@ -200,15 +198,22 @@ describe 'lookup' do
       end
 
       it 'finds data in the module' do
-        expect(lookup('mod_a::b')).to eql('value mod_a::b (from mod_a)')
+        app.command_line.args << 'mod_a::b'
+        expect_lookup_with_output(0, /value mod_a::b \(from mod_a\)/)
       end
 
       it 'finds quoted keys in the module' do
-        expect(lookup('"mod_a::a.quoted.key"')).to eql('value mod_a::a.quoted.key (from mod_a)')
+        app.command_line.args << "'mod_a::a.quoted.key'"
+        expect_lookup_with_output(0, /value mod_a::a.quoted.key \(from mod_a\)/)
       end
 
       it 'merges hashes from environment and module when merge strategy hash is used' do
-        expect(lookup('mod_a::hash_a', :merge => 'hash')).to eql({'a' => 'value mod_a::hash_a.a (from environment)', 'b' => 'value mod_a::hash_a.b (from mod_a)'})
+        app.command_line.args << 'mod_a::hash_a' << '--merge' << 'hash'
+        expect_lookup_with_output(0, <<~END)
+          ---
+          a: value mod_a::hash_a.a (from environment)
+          b: value mod_a::hash_a.b (from mod_a)
+        END
       end
     end
   end

data/spec/integration/application/resource_spec.rb

@@ -28,14 +28,18 @@ describe "puppet resource", unless: Puppet::Util::Platform.jruby? do
     end
 
     it 'lists types from the default environment' do
+      begin
       modulepath = File.join(Puppet[:codedir], 'modules', 'test', 'lib', 'puppet', 'type')
       FileUtils.mkdir_p(modulepath)
-      File.write(File.join(modulepath, 'test.rb'), 'Puppet::Type.newtype(:test)')
+      File.write(File.join(modulepath, 'test_resource_spec.rb'), 'Puppet::Type.newtype(:test_resource_spec)')
       resource.command_line.args = ['--types']
 
       expect {
         resource.run
-      }.to exit_with(0).and output(/test/).to_stdout
+      }.to exit_with(0).and output(/test_resource_spec/).to_stdout
+      ensure
+        Puppet::Type.rmtype(:test_resource_spec)
+      end
     end
   end
 

data/spec/integration/http/client_spec.rb

@@ -77,7 +77,13 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
       }
     }
 
-    it "mutually authenticates the connection" do
+    let(:cert_file) do
+      res = tmpfile('cert_file')
+      File.write(res, https_server.ca_cert)
+      res
+    end
+
+    it "mutually authenticates the connection using an explicit context" do
       client_context = ssl_provider.create_context(
         cacerts: [https_server.ca_cert], crls: [https_server.ca_crl],
         client_cert: https_server.server_cert, private_key: https_server.server_key
@@ -88,6 +94,47 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
         expect(res).to be_success
       end
     end
+
+    it "mutually authenticates the connection when the client and server certs are issued from different CAs" do
+      # this is the client cert's CA, key and cert
+      Puppet[:localcacert] = fixtures('ssl/unknown-ca.pem')
+      Puppet[:hostprivkey] = fixtures('ssl/unknown-127.0.0.1-key.pem')
+      Puppet[:hostcert] = fixtures('ssl/unknown-127.0.0.1.pem')
+
+      # this is the server cert's CA that the client needs in order to authenticate the server
+      Puppet[:ssl_trust_store] = fixtures('ssl/ca.pem')
+
+      # need to pass both the client and server CAs. The former is needed so the server can authenticate our client cert
+      https_server = PuppetSpec::HTTPSServer.new(ca_cert: [cert_fixture('ca.pem'), cert_fixture('unknown-ca.pem')])
+      https_server.start_server(ctx_proc: ctx_proc) do |port|
+        res = client.get(URI("https://127.0.0.1:#{port}"), options: {include_system_store: true})
+        expect(res).to be_success
+      end
+    end
+
+    it "connects when the server's CA is in the system store and the connection is mutually authenticated using create_context" do
+      Puppet::Util.withenv("SSL_CERT_FILE" => cert_file) do
+        client_context = ssl_provider.create_context(
+          cacerts: [], crls: [],
+          client_cert: https_server.server_cert, private_key: https_server.server_key,
+          revocation: false, include_system_store: true
+        )
+        https_server.start_server(ctx_proc: ctx_proc) do |port|
+          res = client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: client_context})
+          expect(res).to be_success
+        end
+      end
+    end
+
+    it "connects when the server's CA is in the system store and the connection is mutually authenticated using load_context" do
+      Puppet::Util.withenv("SSL_CERT_FILE" => cert_file) do
+        client_context = ssl_provider.load_context(revocation: false, include_system_store: true)
+        https_server.start_server(ctx_proc: ctx_proc) do |port|
+          res = client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: client_context})
+          expect(res).to be_success
+        end
+      end
+    end
   end
 
   context "with a system trust store" do
@@ -102,12 +149,12 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
 
     it "connects when the server's CA is in the system store" do
       # create a temp cacert bundle
-      ssl_file = tmpfile('systemstore')
-      File.write(ssl_file, https_server.ca_cert)
+      cert_file = tmpfile('cert_file')
+      File.write(cert_file, https_server.ca_cert)
 
       # override path to system cacert bundle, this must be done before
       # the SSLContext is created and the call to X509::Store.set_default_paths
-      Puppet::Util.withenv("SSL_CERT_FILE" => ssl_file) do
+      Puppet::Util.withenv("SSL_CERT_FILE" => cert_file) do
         system_context = ssl_provider.create_system_context(cacerts: [])
         https_server.start_server do |port|
           res = client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: system_context})

data/spec/lib/puppet_spec/https.rb

@@ -40,7 +40,7 @@ class PuppetSpec::HTTPSServer
 
     IO.pipe {|stop_pipe_r, stop_pipe_w|
       store = OpenSSL::X509::Store.new
-      store.add_cert(@ca_cert)
+      Array(@ca_cert).each { |c| store.add_cert(c) }
       store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
       ctx = OpenSSL::SSL::SSLContext.new
       ctx.cert_store = store

data/spec/lib/puppet_spec/puppetserver.rb

@@ -72,6 +72,40 @@ class PuppetSpec::Puppetserver
     end
   end
 
+  class CertificateServlet < WEBrick::HTTPServlet::AbstractServlet
+    def initialize(server, ca_cert)
+      super(server)
+      @ca_cert = ca_cert
+    end
+
+    def do_GET request, response
+      if request.path =~ %r{/puppet-ca/v1/certificate/ca$}
+        response['Content-Type'] = 'text/plain'
+        response.body = @ca_cert.to_pem
+      else
+        response.status = 404
+      end
+    end
+  end
+
+  class CertificateRevocationListServlet < WEBrick::HTTPServlet::AbstractServlet
+    def initialize(server, crl)
+      super(server)
+      @crl = crl
+    end
+
+    def do_GET request, response
+      response['Content-Type'] = 'text/plain'
+      response.body = @crl.to_pem
+    end
+  end
+
+  class CertificateRequestServlet < WEBrick::HTTPServlet::AbstractServlet
+    def do_PUT request, response
+      response.status = 404
+    end
+  end
+
   def initialize
     @ca_cert = cert_fixture('ca.pem')
     @ca_crl = crl_fixture('crl.pem')
@@ -125,15 +159,18 @@ class PuppetSpec::Puppetserver
     register_mount('/puppet/v3/static_file_content', mounts[:static_file_content], StaticFileContentServlet)
     register_mount('/puppet/v3/report', mounts[:report], ReportServlet)
     register_mount('/puppet/v3/file_bucket_file', mounts[:filebucket], FilebucketServlet)
+    register_mount('/puppet-ca/v1/certificate', mounts[:certificate], CertificateServlet, @ca_cert)
+    register_mount('/puppet-ca/v1/certificate_revocation_list', mounts[:certificate_revocation_list], CertificateRevocationListServlet, @ca_crl)
+    register_mount('/puppet-ca/v1/certificate_request', mounts[:certificate_request], CertificateRequestServlet)
   end
 
-  def register_mount(path, user_proc, default_servlet)
+  def register_mount(path, user_proc, default_servlet, *args)
     handler = if user_proc
                 WEBrick::HTTPServlet::ProcHandler.new(user_proc)
               else
                 default_servlet
               end
-    @https.mount(path, handler)
+    @https.mount(path, handler, *args)
   end
 
   def upload_directory

data/spec/unit/agent_spec.rb

@@ -36,6 +36,10 @@ describe Puppet::Agent do
         end
       end
     end
+
+    ssl_context = Puppet::SSL::SSLContext.new
+    machine = instance_double("Puppet::SSL::StateMachine", ensure_client_certificate: ssl_context)
+    allow(Puppet::SSL::StateMachine).to receive(:new).and_return(machine)
   end
 
   after do
@@ -195,7 +199,7 @@ describe Puppet::Agent do
         @agent.run
       end
 
-      it "should inform that a run is already in progres and try to run every X seconds if waitforlock is used" do
+      it "should inform that a run is already in progress and try to run every X seconds if waitforlock is used" do
         # so the locked file exists
         allow(File).to receive(:file?).and_return(true)
         # so we don't have to wait again for the run to exit (default maxwaitforcert is 60)
@@ -224,7 +228,7 @@ describe Puppet::Agent do
         @agent.run
       end
     end
-    
+
     describe "when should_fork is true", :if => Puppet.features.posix? && RUBY_PLATFORM != 'java' do
       before do
         @agent = Puppet::Agent.new(AgentTestClient, true)

data/spec/unit/application/agent_spec.rb

@@ -4,6 +4,11 @@ require 'puppet/agent'
 require 'puppet/application/agent'
 require 'puppet/daemon'
 
+class TestAgentClientClass
+  def initialize(transaction_uuid = nil, job_id = nil); end
+  def run(options = {}); end
+end
+
 describe Puppet::Application::Agent do
   include PuppetSpec::Files
 
@@ -12,13 +17,20 @@ describe Puppet::Application::Agent do
   before :each do
     @puppetd = Puppet::Application[:agent]
 
-    @agent = double('agent')
+    @client = TestAgentClientClass.new
+    allow(TestAgentClientClass).to receive(:new).and_return(@client)
+
+    @agent = Puppet::Agent.new(TestAgentClientClass, false)
     allow(Puppet::Agent).to receive(:new).and_return(@agent)
 
-    @daemon = Puppet::Daemon.new(@agent, nil)
+    Puppet[:pidfile] = tmpfile('pidfile')
+    @daemon = Puppet::Daemon.new(@agent, Puppet::Util::Pidlock.new(Puppet[:pidfile]))
     allow(@daemon).to receive(:daemonize)
-    allow(@daemon).to receive(:start)
     allow(@daemon).to receive(:stop)
+    # simulate one run so we don't infinite looptwo runs of the agent, then return so we don't infinite loop
+    allow(@daemon).to receive(:run_event_loop) do
+      @agent.run(splay: false)
+    end
     allow(Puppet::Daemon).to receive(:new).and_return(@daemon)
     Puppet[:daemonize] = false
 
@@ -92,10 +104,6 @@ describe Puppet::Application::Agent do
   end
 
   describe "when handling options" do
-    before do
-      allow(@puppetd.command_line).to receive(:args).and_return([])
-    end
-
     [:enable, :debug, :fqdn, :test, :verbose, :digest].each do |option|
       it "should declare handle_#{option} method" do
         expect(@puppetd).to respond_to("handle_#{option}".to_sym)
@@ -127,32 +135,34 @@ describe Puppet::Application::Agent do
     end
 
     it "should set waitforcert to 0 with --onetime and if --waitforcert wasn't given" do
-      allow(@agent).to receive(:run).and_return(2)
+      allow(@client).to receive(:run).and_return(2)
       Puppet[:onetime] = true
 
-      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 0).and_return(machine)
+      expect(Puppet::SSL::StateMachine).to receive(:new).with(hash_including(waitforcert: 0)).and_return(machine)
 
       expect { execute_agent }.to exit_with 0
     end
 
     it "should use supplied waitforcert when --onetime is specified" do
-      allow(@agent).to receive(:run).and_return(2)
+      allow(@client).to receive(:run).and_return(2)
       Puppet[:onetime] = true
       @puppetd.handle_waitforcert(60)
 
-      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 60).and_return(machine)
+      expect(Puppet::SSL::StateMachine).to receive(:new).with(hash_including(waitforcert: 60)).and_return(machine)
 
       expect { execute_agent }.to exit_with 0
     end
 
     it "should use a default value for waitforcert when --onetime and --waitforcert are not specified" do
-      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 120).and_return(machine)
+      allow(@client).to receive(:run).and_return(2)
+
+      expect(Puppet::SSL::StateMachine).to receive(:new).with(hash_including(waitforcert: 120)).and_return(machine)
 
       execute_agent
     end
 
     it "should register ssl OIDs" do
-      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 120).and_return(double(ensure_client_certificate: nil))
+      expect(Puppet::SSL::StateMachine).to receive(:new).with(hash_including(waitforcert: 120)).and_return(machine)
       expect(Puppet::SSL::Oids).to receive(:register_puppet_oids)
 
       execute_agent
@@ -161,7 +171,7 @@ describe Puppet::Application::Agent do
     it "should use the waitforcert setting when checking for a signed certificate" do
       Puppet[:waitforcert] = 10
 
-      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 10).and_return(machine)
+      expect(Puppet::SSL::StateMachine).to receive(:new).with(hash_including(waitforcert: 10)).and_return(machine)
 
       execute_agent
     end
@@ -413,9 +423,9 @@ describe Puppet::Application::Agent do
     end
 
     it "should wait for a certificate" do
-      @puppetd.options[:waitforcert] = 123
+      Puppet[:waitforcert] = 123
 
-      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 123).and_return(machine)
+      expect(Puppet::SSL::StateMachine).to receive(:new).with(hash_including(waitforcert: 123)).and_return(machine)
 
       execute_agent
     end

data/spec/unit/configurer_spec.rb

@@ -9,9 +9,6 @@ describe Puppet::Configurer do
     Puppet[:report] = true
 
     catalog.add_resource(resource)
-    allow_any_instance_of(described_class).to(
-      receive(:valid_server_environment?).and_return(true)
-    )
 
     Puppet[:lastrunfile] = file_containing('last_run_summary.yaml', <<~SUMMARY)
     ---
@@ -78,10 +75,44 @@ describe Puppet::Configurer do
     end
   end
 
+  describe "when executing a catalog run without stubbing valid_server_environment?" do
+    before do
+      Puppet::Resource::Catalog.indirection.terminus_class = :rest
+      allow(Puppet::Resource::Catalog.indirection).to receive(:find).and_return(catalog)
+    end
+
+    it 'skips initial plugin sync if environment is not found and no strict_environment_mode' do
+      body = "{\"message\":\"Not Found: Could not find environment 'fasdfad'\",\"issue_kind\":\"RUNTIME_ERROR\"}"
+      stub_request(:get, %r{/puppet/v3/file_metadatas/plugins?}).to_return(
+        status: 404, body: body, headers: {'Content-Type' => 'application/json'}
+      )
+
+      configurer.run(:pluginsync => true)
+
+      expect(@logs).to include(an_object_having_attributes(level: :notice, message: %r{Environment 'production' not found on server, skipping initial pluginsync.}))
+      expect(@logs).to include(an_object_having_attributes(level: :notice, message: /Applied catalog in .* seconds/))
+    end
+
+    it 'if strict_environment_mode is set and environment is not found, aborts the puppet run' do
+      Puppet[:strict_environment_mode] = true
+      body = "{\"message\":\"Not Found: Could not find environment 'fasdfad'\",\"issue_kind\":\"RUNTIME_ERROR\"}"
+      stub_request(:get, %r{/puppet/v3/file_metadatas/plugins?}).to_return(
+        status: 404, body: body, headers: {'Content-Type' => 'application/json'}
+      )
+
+      configurer.run(:pluginsync => true)
+
+      expect(@logs).to include(an_object_having_attributes(level: :err, message: %r{Failed to apply catalog: Environment 'production' not found on server, aborting run.}))
+    end
+  end
+
   describe "when executing a catalog run" do
     before do
       Puppet::Resource::Catalog.indirection.terminus_class = :rest
       allow(Puppet::Resource::Catalog.indirection).to receive(:find).and_return(catalog)
+      allow_any_instance_of(described_class).to(
+        receive(:valid_server_environment?).and_return(true)
+      )
     end
 
     it "downloads plugins when told" do

data/spec/unit/confiner_spec.rb

@@ -3,6 +3,8 @@ require 'spec_helper'
 require 'puppet/confiner'
 
 describe Puppet::Confiner do
+  let(:coll) { Puppet::ConfineCollection.new('') }
+
   before do
     @object = Object.new
     @object.extend(Puppet::Confiner)
@@ -21,7 +23,6 @@ describe Puppet::Confiner do
   end
 
   it "should delegate its confine method to its confine collection" do
-    coll = double('collection')
     allow(@object).to receive(:confine_collection).and_return(coll)
     expect(coll).to receive(:confine).with(:foo => :bar, :bee => :baz)
     @object.confine(:foo => :bar, :bee => :baz)
@@ -39,22 +40,21 @@ describe Puppet::Confiner do
 
   describe "when testing suitability" do
     before do
-      @coll = double('collection')
-      allow(@object).to receive(:confine_collection).and_return(@coll)
+      allow(@object).to receive(:confine_collection).and_return(coll)
     end
 
     it "should return true if the confine collection is valid" do
-      expect(@coll).to receive(:valid?).and_return(true)
+      expect(coll).to receive(:valid?).and_return(true)
       expect(@object).to be_suitable
     end
 
     it "should return false if the confine collection is invalid" do
-      expect(@coll).to receive(:valid?).and_return(false)
+      expect(coll).to receive(:valid?).and_return(false)
       expect(@object).not_to be_suitable
     end
 
     it "should return the summary of the confine collection if a long result is asked for" do
-      expect(@coll).to receive(:summary).and_return("myresult")
+      expect(coll).to receive(:summary).and_return("myresult")
       expect(@object.suitable?(false)).to eq("myresult")
     end
   end

data/spec/unit/daemon_spec.rb

@@ -1,6 +1,7 @@
 require 'spec_helper'
 require 'puppet/daemon'
 require 'puppet/agent'
+require 'puppet/configurer'
 
 def without_warnings
   flag = $VERBOSE
@@ -9,12 +10,6 @@ def without_warnings
   $VERBOSE = flag
 end
 
-class TestClient
-  def lockfile_path
-    "/dev/null"
-  end
-end
-
 describe Puppet::Daemon, :unless => Puppet::Util::Platform.windows? do
   include PuppetSpec::Files
 
@@ -26,7 +21,7 @@ describe Puppet::Daemon, :unless => Puppet::Util::Platform.windows? do
     end
   end
 
-  let(:agent) { Puppet::Agent.new(TestClient.new, false) }
+  let(:agent) { Puppet::Agent.new(Puppet::Configurer, false) }
   let(:server) { double("Server", :start => nil, :wait_for_shutdown => nil) }
 
   let(:pidfile) { double("PidFile", :lock => true, :unlock => true, :file_path => 'fake.pid') }
@@ -131,10 +126,6 @@ describe Puppet::Daemon, :unless => Puppet::Util::Platform.windows? do
   end
 
   describe "when reloading" do
-    it "should do nothing if no agent is configured" do
-      daemon.reload
-    end
-
     it "should do nothing if the agent is running" do
       expect(agent).to receive(:run).with({:splay => false}).and_raise(Puppet::LockError, 'Failed to aquire lock')
       expect(Puppet).to receive(:notice).with('Not triggering already-running agent')