Adding clarity to query string handling in REST calls

We previously only handled simple strings as values,
but we know handle true and false as booleans, we URI-escape
all strings, and we can yaml-encode and then escape arrays of
strings.

This could get abused a bit, in that we're just yaml-dumping anything
that's an array, but it should be pretty safe.  Mmmm, should.

Signed-off-by: Luke Kanies <luke@madstop.com>

1 files changed, 13 insertions, 3 deletions

diff --git a/lib/puppet/indirector/rest.rb b/lib/puppet/indirector/rest.rb
index 5ac25f02d..2d0799286 100644
--- a/lib/puppet/indirector/rest.rb
+++ b/lib/puppet/indirector/rest.rb
@@ -87,11 +87,21 @@ class Puppet::Indirector::REST < Puppet::Indirector::Terminus
         deserialize network(request).put("/#{indirection.name}/", request.instance.render, headers)
     end
 
-    private
-
     # Create the query string, if options are present.
     def query_string(request)
         return "" unless request.options and ! request.options.empty?
-        "?" + request.options.collect { |key, value| "%s=%s" % [key, value] }.join("&")
+        "?" + request.options.collect do |key, value|
+            case value
+            when nil; next
+            when true, false; value = value.to_s
+            when String; value = URI.escape(value)
+            when Symbol; value = URI.escape(value.to_s)
+            when Array; value = URI.escape(YAML.dump(value))
+            else
+                raise ArgumentError, "HTTP REST queries cannot handle values of type '%s'" % value.class
+            end
+
+            "%s=%s" % [key, value]
+        end.join("&")
     end
 end