puppet 6.21.1-universal-darwin → 6.22.1-universal-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ee93175cca7e18018a8607fc1663272ecdf80b7283c69932e2fbc0bbd9a0218
-  data.tar.gz: 97b734453ce4e59a3a5aabab929c58c8939002f2801a40cf1024c1d45744c72a
+  metadata.gz: 5f6df2839f6418cacbd0b1efbe293838b2e454e6eada1da7214bd64f85c2ab0b
+  data.tar.gz: b3377b7ebc62ef72c380d7419c63bed98cf1195368d6bfb8cdf973da2f1ab84d
 SHA512:
-  metadata.gz: a2323af5df043cdb154a4ca9b7b3fbcc4c3bc7b581efd6f884de2471ce9b3a2f69f1fda18f348c316ff272e6b111b460543c73a1d5bf18729aadaff826c2cdb8
-  data.tar.gz: 892b5609e917a10aa4ca0ca980106fa2ead648a39319b4c6277b76dbb42f432a5dbcd8f7af4db2155adc3131ef12aa50d009d7bac73a820df73490c22b9f9431
+  metadata.gz: 86fb2036780d5e04bcc9f8279415ffd77e37fe1e9b5d10f0521c63ec6229ad9e08d5b1186e158142c1d6aa1934ba108c6de75ce59bd94256b371f18950cc9017
+  data.tar.gz: 97f58ebbeb1b32fd437b9b7108bccc50b879adb120708a80080f109161f171bd7ba6fd8acec9c0c5879e210f297d13b24bea0e3759c957f29dedda2fe2dc609f

data/Gemfile

@@ -56,7 +56,7 @@ group(:development, optional: true) do
   gem 'memory_profiler', require: false, platforms: [:mri]
   gem 'pry', require: false, platforms: [:ruby]
   gem "racc", "1.4.9", require: false, platforms: [:ruby]
-  if RUBY_PLATFORM != 'java'
+  if RUBY_PLATFORM != 'java' && RUBY_VERSION.to_f >= 2.5
     gem 'ruby-prof', '>= 0.16.0', require: false
   end
 end

data/Gemfile.lock

@@ -1,7 +1,18 @@
+GIT
+  remote: git://github.com/ciprianbadescu/packaging
+  revision: 5f8d2bda941abfeeb8fb1731c9b1dd4d108f5d33
+  branch: maint/windows-signing
+  specs:
+    packaging (0.99.49.171.g5f8d2bd)
+      artifactory (~> 2)
+      csv (= 3.1.5)
+      rake (>= 12.3)
+      release-metrics
+
 PATH
   remote: .
   specs:
-    puppet (6.21.1)
+    puppet (6.22.1)
       CFPropertyList (~> 2.2)
       concurrent-ruby (~> 1.0)
       deep_merge (~> 1.0)
@@ -29,11 +40,11 @@ GEM
     deep_merge (1.2.1)
     diff-lcs (1.4.4)
     docopt (0.6.1)
-    facter (4.0.51)
+    facter (4.1.1)
       hocon (~> 1.3)
       thor (>= 1.0.1, < 2.0)
     fast_gettext (1.1.2)
-    ffi (1.14.2)
+    ffi (1.15.0)
     gettext (3.2.9)
       locale (>= 2.0.5)
       text (>= 1.3.0)
@@ -42,11 +53,11 @@ GEM
       gettext (>= 3.0.2, < 3.3.0)
       locale
     hashdiff (1.0.1)
-    hiera (3.6.0)
-    hiera-eyaml (3.2.0)
-      highline (~> 1.6.19)
+    hiera (3.7.0)
+    hiera-eyaml (3.2.1)
+      highline
       optimist
-    highline (1.6.21)
+    highline (2.0.3)
     hocon (1.3.1)
     hpricot (0.8.6)
     httpclient (2.8.3)
@@ -60,22 +71,17 @@ GEM
     multi_json (1.15.0)
     mustache (1.1.1)
     optimist (3.0.1)
-    packaging (0.99.75)
-      artifactory (~> 2)
-      csv (= 3.1.5)
-      rake (>= 12.3)
-      release-metrics
     parallel (1.20.1)
     parser (2.7.2.0)
       ast (~> 2.4.1)
     powerpack (0.1.3)
-    pry (0.14.0)
+    pry (0.14.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
     public_suffix (4.0.6)
     puppet-resource_api (1.8.13)
       hocon (>= 1.0)
-    puppetserver-ca (1.9.1)
+    puppetserver-ca (1.9.4)
       facter (>= 2.0.1, < 5)
     racc (1.4.9)
     rainbow (2.2.2)
@@ -86,7 +92,7 @@ GEM
     release-metrics (1.1.0)
       csv
       docopt
-    rexml (3.2.4)
+    rexml (3.2.5)
     ronn (0.7.3)
       hpricot (>= 0.8.2)
       mustache (>= 0.7.0)
@@ -116,14 +122,14 @@ GEM
       unicode-display_width (~> 1.0, >= 1.0.1)
     rubocop-i18n (1.2.0)
       rubocop (~> 0.49.0)
-    ruby-prof (1.4.2)
+    ruby-prof (1.4.3)
     ruby-progressbar (1.11.0)
     semantic_puppet (1.0.3)
     text (1.3.1)
     thor (1.1.0)
     unicode-display_width (1.7.0)
     vcr (5.1.0)
-    webmock (3.11.2)
+    webmock (3.12.2)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -142,7 +148,7 @@ DEPENDENCIES
   memory_profiler
   minitar (~> 0.9)
   msgpack (~> 1.2)
-  packaging (~> 0.99)
+  packaging!
   pry
   puppet!
   puppet-resource_api (~> 1.5)

data/ext/project_data.yaml

@@ -41,7 +41,7 @@ gem_platform_dependencies:
     gem_runtime_dependencies:
       ffi: ['> 1.9.24', '< 2']
       # win32-xxxx gems are pinned due to PUP-6445
-      win32-dir: '= 0.4.9'
+      win32-dir: ['>= 0.4.9', '<= 0.7.2']
       win32-process: '= 0.7.5'
       # Use of win32-security is deprecated
       win32-security: '= 0.2.5'
@@ -51,7 +51,7 @@ gem_platform_dependencies:
     gem_runtime_dependencies:
       ffi: ['> 1.9.24', '< 2']
       # win32-xxxx gems are pinned due to PUP-6445
-      win32-dir: '= 0.4.9'
+      win32-dir: ['>= 0.4.9', '<= 0.7.2']
       win32-process: '= 0.7.5'
       # Use of win32-security is deprecated
       win32-security: '= 0.2.5'

data/lib/puppet/application/ssl.rb

@@ -74,6 +74,9 @@ ACTIONS
   `--localca` is specified, then also remove this host's local copy of the
   CA certificate(s) and CRL bundle. if `--target CERTNAME` is specified, then
   remove the files for the specified device on this host instead of this host.
+
+ * show:
+  Print the full-text version of this host's certificate.
 HELP
   end
 
@@ -142,11 +145,19 @@ HELP
       end
       @machine.ensure_client_certificate
       Puppet.notice(_("Completed SSL initialization"))
+    when 'show'
+      show(certname)
     else
       raise Puppet::Error, _("Unknown action '%{action}'") % { action: action }
     end
   end
 
+  def show(certname)
+    password = @cert_provider.load_private_key_password
+    ssl_context = @ssl_provider.load_context(certname: certname, password: password)
+    puts ssl_context.client_cert.to_text
+  end
+
   def submit_request(ssl_context)
     key = @cert_provider.load_private_key(Puppet[:certname])
     unless key

data/lib/puppet/defaults.rb

@@ -58,6 +58,18 @@ module Puppet
     end
   end
 
+  def self.default_cadir
+    return "" if Puppet::Util::Platform.windows?
+    old_ca_dir = "#{Puppet[:ssldir]}/ca"
+    new_ca_dir = '/etc/puppetlabs/puppetserver/ca'
+
+    if File.exist?("#{new_ca_dir}/ca_crt.pem")
+      new_ca_dir
+    else
+      old_ca_dir
+    end
+  end
+
   ############################################################################################
   # NOTE: For information about the available values for the ":type" property of settings,
   #   see the docs for Settings.define_settings
@@ -1085,6 +1097,14 @@ EOT
           certificate revocation checking and does not attempt to download the CRL.
         EOT
     },
+    :ciphers => {
+      :default => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256',
+      :type => :string,
+      :desc => "The list of ciphersuites for TLS connections initiated by puppet. The
+                default value is chosen to support TLS 1.0 and up, but can be made
+                more restrictive if needed. The ciphersuites must be specified in OpenSSL
+                format, not IANA."
+    },
     :key_type => {
       :default => 'rsa',
       :type    => :enum,
@@ -1142,7 +1162,7 @@ EOT
       :desc    => "The name to use the Certificate Authority certificate.",
     },
     :cadir => {
-      :default => "$ssldir/ca",
+      :default => lambda { default_cadir },
       :type => :directory,
       :desc => "The root directory for the certificate authority.",
     },
@@ -1760,7 +1780,7 @@ EOT
     },
     :agent_disabled_lockfile => {
         :default    => "$statedir/agent_disabled.lock",
-        :type       => :file,
+        :type       => :string,
         :desc       => "A lock file to indicate that puppet agent runs have been administratively
           disabled.  File contains a JSON object with state information.",
     },

data/lib/puppet/environments.rb

@@ -225,6 +225,9 @@ module Puppet::Environments
     private
 
     def create_environment(name)
+      # interpolated modulepaths may be cached from prior environment instances
+      Puppet.settings.clear_environment_settings(name)
+
       env_symbol = name.intern
       setting_values = Puppet.settings.values(env_symbol, Puppet.settings.preferred_run_mode)
       env = Puppet::Node::Environment.create(
@@ -350,7 +353,19 @@ module Puppet::Environments
 
     # @!macro loader_list
     def list
-      @loader.list
+      # Evict all that have expired, in the same way as `get`
+      clear_all_expired
+
+      @loader.list.map do |env|
+        name = env.name
+        old_entry = @cache[name]
+        if old_entry
+          old_entry.value
+        else
+          add_entry(name, entry(env))
+          env
+        end
+      end
     end
 
     # @!macro loader_search_paths

data/lib/puppet/face/facts.rb

@@ -2,28 +2,20 @@ require 'puppet/indirector/face'
 require 'puppet/node/facts'
 require 'puppet/util/fact_dif'
 
-EXCLUDE_LIST = %w[facterversion
-  swapfree_mb swapsize_mb
-  load_averages\.*
-  memory\.swap\.available_bytes memory\.swap\.capacity memory\.swap\.total_bytes
-  memory\.swap\.used_bytes memory\.swap\.available
-  memory\.system\.available memory\.system\.available_bytes memory\.system\.capacity memory\.swap\.used
-  memory\.system\.total_bytes memory\.system\.used memory\.system\.used_bytes
-  memoryfree memoryfree_mb memorysize_mb
-  mountpoints\..* mtu_.* mountpoints\..*\.capacity
-  networking\.interfaces\..*\.mtu networking\.mtu partitions\..*\.filesystem
-  partitions\..*\.size_bytes partitions\..*\.mount partitions\..*\.uuid
-  disks\..*\.size_bytes
-  hypervisors\.lpar\.partition_number hypervisors\.xen\.privileged hypervisors\.zone\..* hypervisors\.ldom\..*
-  processors\.speed
-  ldom_.*
-  boardassettag dmi\.board\.asset_tag
-  blockdevice_.*_vendor blockdevice_.*_size
-  system_uptime\.days system_uptime\.hours system_uptime\.seconds system_uptime\.uptime
-  uptime_days uptime_hours uptime_seconds
-  system_profiler\.uptime
-  sp_uptime
-  uptime]
+EXCLUDE_LIST = %w[ ^facterversion$
+  ^load_averages\..*$
+  ^processors\.speed$
+  ^swapfree$ ^swapfree_mb$
+  ^memoryfree$ ^memoryfree_mb$
+  ^memory\.swap\.available_bytes$ ^memory\.swap\.used_bytes$
+  ^memory\.swap\.available$ ^memory\.swap\.capacity$ ^memory\.swap\.used$
+  ^memory\.system\.available_bytes$ ^memory\.system\.used_bytes$
+  ^memory\.system\.available$ ^memory\.system\.capacity$ ^memory\.system\.used$
+  ^mountpoints\..*\.available.*$ ^mountpoints\..*\.capacity$ ^mountpoints\..*\.used.*$
+  ^sp_uptime$ ^system_profiler\.uptime$
+  ^uptime$ ^uptime_days$ ^uptime_hours$ ^uptime_seconds$
+  ^system_uptime\.uptime$ ^system_uptime\.days$ ^system_uptime\.hours$ ^system_uptime\.seconds$
+]
 
 Puppet::Indirector::Face.define(:facts, '0.0.1') do
   copyright "Puppet Inc.", 2011
@@ -125,26 +117,132 @@ Puppet::Indirector::Face.define(:facts, '0.0.1') do
     $ puppet facts diff
     EOT
 
-    render_as :json
+    option("--structured") do
+      default_to { false }
+      summary _("Render the different facts as structured.")
+    end
+
+    option("--exclude " + _("<regex>")) do
+      summary _("Regex used to exclude specific facts from diff.")
+    end
 
     when_invoked do |*args|
+      options = args.pop
+
       Puppet.settings.preferred_run_mode = :agent
       Puppet::Node::Facts.indirection.terminus_class = :facter
 
       if Puppet::Util::Package.versioncmp(Facter.value('facterversion'), '4.0.0') < 0
-        facter3_result = Puppet::Node::Facts.indirection.find(Puppet.settings[:certname])
-        begin
-          require 'facter-ng'
-          facter4_result = Puppet::Node::Facts.indirection.find(Puppet.settings[:certname])
-        rescue LoadError
-          raise ArgumentError, 'facter-ng could not be loaded'
+        cmd_flags = '--render-as json --show-legacy'
+
+        # puppet/ruby are in PATH since it was updated in the wrapper script
+        puppet_show_cmd  = "puppet facts show"
+        if Puppet::Util::Platform.windows?
+          puppet_show_cmd = "ruby -S -- #{puppet_show_cmd}"
         end
-        fact_diff = FactDif.new(facter3_result.to_json, facter4_result.to_json, EXCLUDE_LIST)
+
+        facter_3_result = Puppet::Util::Execution.execute("#{puppet_show_cmd} --no-facterng #{cmd_flags}", combine: false)
+        facter_ng_result = Puppet::Util::Execution.execute("#{puppet_show_cmd} --facterng #{cmd_flags}", combine: false)
+
+        exclude_list = options[:exclude].nil? ? EXCLUDE_LIST : EXCLUDE_LIST + [ options[:exclude] ]
+        fact_diff = FactDif.new(facter_3_result, facter_ng_result, exclude_list, options[:structured])
         fact_diff.difs
       else
         Puppet.warning _("Already using Facter 4. To use `puppet facts diff` remove facterng from the .conf file or run `puppet config set facterng false`.")
         exit 0
       end
     end
+
+    when_rendering :console do |result|
+      case result
+      when Array, Hash
+        Puppet::Util::Json.dump(result, :pretty => true)
+      else
+        result
+      end
+    end
+  end
+
+  action(:show) do
+    summary _("Retrieve current node's facts.")
+    arguments _("[<facts>]")
+    description <<-'EOT'
+    Reads facts from the local system using `facter` terminus.
+    A query can be provided to retrieve just a specific fact or a set of facts.
+    EOT
+    returns "The output of facter with added puppet specific facts."
+    notes <<-'EOT'
+
+    EOT
+    examples <<-'EOT'
+    retrieve facts:
+
+    $ puppet facts show os
+    EOT
+
+    option("--config-file " + _("<path>")) do
+      default_to { nil }
+      summary _("The location of the config file for Facter.")
+    end
+
+    option("--custom-dir " + _("<path>")) do
+      default_to { nil }
+      summary _("The path to a directory that contains custom facts.")
+    end
+
+    option("--external-dir " + _("<path>")) do
+      default_to { nil }
+      summary _("The path to a directory that contains external facts.")
+    end
+
+    option("--no-block") do
+      summary _("Disable fact blocking mechanism.")
+    end
+
+    option("--no-cache") do
+      summary _("Disable fact caching mechanism.")
+    end
+
+    option("--show-legacy") do
+      summary _("Show legacy facts when querying all facts.")
+    end
+
+    option("--value-only") do
+      summary _("Show only the value when the action is called with a single query")
+    end
+
+    when_invoked do |*args|
+      options = args.pop
+
+      Puppet.settings.preferred_run_mode = :agent
+      Puppet::Node::Facts.indirection.terminus_class = :facter
+
+      if options[:value_only] && !args.count.eql?(1)
+        options[:value_only] = nil
+        Puppet.warning("Incorrect use of --value-only argument; it can only be used when querying for a single fact!")
+      end
+
+      options[:user_query] = args
+      options[:resolve_options] = true
+      result = Puppet::Node::Facts.indirection.find(Puppet.settings[:certname], options)
+
+      if options[:value_only]
+        result.values.values.first
+      else
+        result.values
+      end
+    end
+
+    when_rendering :console do |result|
+      # VALID_TYPES = [Integer, Float, TrueClass, FalseClass, NilClass, Symbol, String, Array, Hash].freeze
+      # from https://github.com/puppetlabs/facter/blob/4.0.49/lib/facter/custom_facts/util/normalization.rb#L8
+
+      case result
+      when Array, Hash
+        Puppet::Util::Json.dump(result, :pretty => true)
+      else # one of VALID_TYPES above
+        result
+      end
+    end
   end
 end

data/lib/puppet/file_system/memory_file.rb

@@ -7,6 +7,13 @@ class Puppet::FileSystem::MemoryFile
     new(path, :exist? => false, :executable? => false)
   end
 
+  def self.a_missing_directory(path)
+    new(path,
+        :exist? => false,
+        :executable? => false,
+        :directory? => true)
+  end
+
   def self.a_regular_file_containing(path, content)
     new(path, :exist? => true, :executable? => false, :content => content)
   end
@@ -18,7 +25,7 @@ class Puppet::FileSystem::MemoryFile
   def self.a_directory(path, children = [])
     new(path,
         :exist? => true,
-        :excutable? => true,
+        :executable? => true,
         :directory? => true,
         :children => children)
   end

data/lib/puppet/file_system/windows.rb

@@ -128,6 +128,8 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
     end
 
     current_sid = Puppet::Util::Windows::SID.name_to_sid(Puppet::Util::Windows::ADSI::User.current_user_name)
+    current_sid = Puppet::Util::Windows::SID.name_to_sid(Puppet::Util::Windows::ADSI::User.current_sam_compatible_user_name) unless current_sid
+
     dacl = case mode
            when 0644
              dacl = secure_dacl(current_sid)

data/lib/puppet/functions/partition.rb

@@ -5,13 +5,21 @@
 Puppet::Functions.create_function(:partition) do
   # @param collection A collection of things to partition.
   # @example Partition array of empty strings, results in e.g. [[''], [b, c]]
+  #   ```puppet
   #   ['', b, c].partition |$s| { $s.empty }
+  #   ```
   # @example Partition array of strings using index, results in e.g. [['', 'ab'], ['b']]
+  #   ```puppet
   #   ['', b, ab].partition |$i, $s| { $i == 2 or $s.empty }
+  #   ```
   # @example Partition hash of strings by key-value pair, results in e.g. [[['b', []]], [['a', [1, 2]]]]
+  #   ```puppet
   #   { a => [1, 2], b => [] }.partition |$kv| { $kv[1].empty }
+  #   ```
   # @example Partition hash of strings by key and value, results in e.g. [[['b', []]], [['a', [1, 2]]]]
+  #   ```puppet
   #   { a => [1, 2], b => [] }.partition |$k, $v| { $v.empty }
+  #   ```
   dispatch :partition_1 do
     required_param 'Collection', :collection
     block_param 'Callable[1,1]', :block

data/lib/puppet/indirector/facts/facter.rb

@@ -32,8 +32,14 @@ class Puppet::Node::Facts::Facter < Puppet::Indirector::Code
     # Initialize core Puppet facts, such as puppetversion
     Puppet.initialize_facts
 
-    result = Puppet::Node::Facts.new(request.key, Facter.to_hash)
-    result.add_local_facts
+    result = if request.options[:resolve_options]
+               raise(Puppet::Error, _("puppet facts show requires version 4.0.40 or greater of Facter.")) unless Facter.respond_to?(:resolve)
+               find_with_options(request)
+             else
+               Puppet::Node::Facts.new(request.key, Facter.to_hash)
+             end
+
+    result.add_local_facts unless request.options[:resolve_options]
     result.sanitize
     result
   end
@@ -61,7 +67,7 @@ class Puppet::Node::Facts::Facter < Puppet::Indirector::Code
 
       true
     end
-
+    dirs << request.options[:custom_dir] if request.options[:custom_dir]
     Facter.search(*dirs)
   end
 
@@ -83,6 +89,21 @@ class Puppet::Node::Facts::Facter < Puppet::Indirector::Code
       dirs << dir
     end
 
+    dirs << request.options[:external_dir] if request.options[:external_dir]
     Facter.search_external dirs
   end
+
+  private
+
+  def find_with_options(request)
+    options = request.options
+    options_for_facter = String.new
+    options_for_facter += options[:user_query].join(' ')
+    options_for_facter += " --config #{options[:config_file]}" if options[:config_file]
+    options_for_facter += " --show-legacy" if options[:show_legacy]
+    options_for_facter += " --no-block" if options[:no_block] == false
+    options_for_facter += " --no-cache" if options[:no_cache] == false
+
+    Puppet::Node::Facts.new(request.key, Facter.resolve(options_for_facter))
+  end
 end

data/lib/puppet/network/formats.rb

@@ -183,6 +183,73 @@ Puppet::Network::FormatHandler.create(:console,
   end
 end
 
+Puppet::Network::FormatHandler.create(:flat,
+                                      :mime   => 'text/x-flat-text',
+                                      :weight => 0) do
+
+  def flatten_hash(hash)
+    hash.each_with_object({}) do |(k, v), h|
+      if v.is_a? Hash
+        flatten_hash(v).map do |h_k, h_v|
+          h["#{k}.#{h_k}"] = h_v
+        end
+      elsif v.is_a? Array
+        v.each_with_index do |el, i|
+          if el.is_a? Hash
+            flatten_hash(el).map do |el_k, el_v|
+              h["#{k}.#{i}.#{el_k}"] = el_v
+            end
+          else
+            h["#{k}.#{i}"] = el
+          end
+        end
+      else
+        h[k] = v
+      end
+    end
+  end
+
+  def flatten_array(array)
+    a={}
+    array.each_with_index do |el, i|
+      if el.is_a? Hash
+        flatten_hash(el).map do |el_k, el_v|
+          a["#{i}.#{el_k}"] = el_v
+        end
+      else
+        a["#{i}"] = el
+      end
+    end
+    a
+  end
+
+  def construct_output(data)
+    output = ''
+    data.each do |key, value|
+      output << "#{key}=#{value}"
+      output << "\n"
+    end
+    output
+  end
+
+  def render(datum)
+    return datum if datum.is_a?(String) || datum.is_a?(Numeric)
+    # Simple hash
+    if datum.is_a?(Hash)
+      data = flatten_hash(datum)
+      return construct_output(data)
+    elsif datum.is_a?(Array)
+      data = flatten_array(datum)
+      return construct_output(data)
+    end
+    Puppet::Util::Json.dump(datum, :pretty => true, :quirks_mode => true)
+  end
+  def render_multiple(data)
+    data.collect(&:render).join("\n")
+  end
+end
+
+
 Puppet::Network::FormatHandler.create(:rich_data_json, mime: 'application/vnd.puppet.rich+json', charset: Encoding::UTF_8, weight: 30) do
   def intern(klass, text)
     Puppet.override({:rich_data => true}) do

data/lib/puppet/network/http/factory.rb

@@ -27,6 +27,10 @@ class Puppet::Network::HTTP::Factory
 
     http = Puppet::Util::HttpProxy.proxy(URI(site.addr))
     http.use_ssl = site.use_ssl?
+    if site.use_ssl?
+      http.min_version = OpenSSL::SSL::TLS1_VERSION if http.respond_to?(:min_version)
+      http.ciphers = Puppet[:ciphers]
+    end
     http.read_timeout = Puppet[:http_read_timeout]
     http.open_timeout = Puppet[:http_connect_timeout]
     http.keep_alive_timeout = KEEP_ALIVE_TIMEOUT if http.respond_to?(:keep_alive_timeout=)

data/lib/puppet/provider/package/dnfmodule.rb

@@ -93,7 +93,7 @@ Puppet::Type.type(:package).provide :dnfmodule, :parent => :dnf do
         # module has no default profile and no profile was requested, so just enable the stream
         # DNF versions prior to 4.2.8 do not need this workaround
         # see https://bugzilla.redhat.com/show_bug.cgi?id=1669527
-        if @resource[:flavor] == nil && e.message =~ /^missing groups or modules: #{Regexp.quote(@resource[:name])}$/
+        if @resource[:flavor] == nil && e.message =~ /^(?:missing|broken) groups or modules: #{Regexp.quote(@resource[:name])}$/
           enable(args)
         else
           raise

data/lib/puppet/provider/service/systemd.rb

@@ -30,7 +30,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
   def self.instances
     i = []
     output = systemctl('list-unit-files', '--type', 'service', '--full', '--all',  '--no-pager')
-    output.scan(/^(\S+)\s+(disabled|enabled|masked|indirect|bad|static)\s*$/i).each do |m|
+    output.scan(/^(\S+)\s+(disabled|enabled|masked|indirect|bad|static)\s*([^-]\S+)?\s*$/i).each do |m|
       Puppet.debug("#{m[0]} marked as bad by `systemctl`. It is recommended to be further checked.") if m[1] == "bad"
       i << new(:name => m[0])
     end

data/lib/puppet/provider/user/useradd.rb

@@ -135,7 +135,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
 
     Puppet::FileSystem.each_line(group_file) do |line|
       data = line.chomp.split(':')
-      if data.last.split(',').include?(user)
+      if !data.empty? && data.last.split(',').include?(user)
         @groups_of[user] << data.first
       end
     end

data/lib/puppet/settings/environment_conf.rb

@@ -29,6 +29,7 @@ class Puppet::Settings::EnvironmentConf
       section = config.sections[:main]
     rescue Errno::ENOENT
       # environment.conf is an optional file
+      Puppet.debug { "Path to #{path_to_env} does not exist, using default environment.conf" }
     end
 
     new(path_to_env, section, global_module_path)