puppet 6.21.1-universal-darwin → 6.22.1-universal-darwin

data/spec/unit/environments_spec.rb

@@ -1,13 +1,8 @@
 require 'spec_helper'
 require 'puppet/environments'
 require 'puppet/file_system'
-require 'matchers/include'
-require 'matchers/include_in_order'
 
-module PuppetEnvironments
 describe Puppet::Environments do
-  include Matchers::Include
-
   FS = Puppet::FileSystem
 
   before(:each) do
@@ -49,7 +44,7 @@ describe Puppet::Environments do
       loader_from(:filesystem => [directory_tree, global_path_1, global_path_2],
                   :directory => directory_tree.children.first,
                   :modulepath => [global_path_1_location, global_path_2_location]) do |loader|
-        expect(loader.list).to include_in_any_order(
+        expect(loader.list).to contain_exactly(
           environment(:an_environment).
             with_manifest("#{FS.path_string(directory_tree)}/envdir/an_environment/manifests").
             with_modulepath(["#{FS.path_string(directory_tree)}/envdir/an_environment/modules",
@@ -87,7 +82,7 @@ describe Puppet::Environments do
 
       loader_from(:filesystem => [envdir],
                   :directory => envdir) do |loader|
-        expect(loader.list).to include_in_any_order(environment(:env1), environment(:env2))
+        expect(loader.list).to contain_exactly(environment(:env1), environment(:env2))
       end
     end
 
@@ -406,33 +401,29 @@ config_version=$vardir/random/scripts
           ]),
         ])
 
-        FS.overlay(original_envdir) do
-          dir_loader = Puppet::Environments::Directories.new(original_envdir, [])
-          loader = Puppet::Environments::Cached.new(dir_loader)
-          Puppet.override(:environments => loader) do
-            original_env = loader.get("env3") # force the environment.conf to be read
-
-            changed_envdir = FS::MemoryFile.a_directory(base_dir, [
-              FS::MemoryFile.a_directory("env3", [
-                FS::MemoryFile.a_regular_file_containing("environment.conf", <<-EOF)
-                  manifest=/manifest_changed
-                  modulepath=/modules_changed
-                  environment_timeout=0
-                EOF
-              ]),
-            ])
+        cached_loader_from(:filesystem => [original_envdir], :directory => original_envdir) do |loader|
+          original_env = loader.get("env3") # force the environment.conf to be read
 
-            FS.overlay(changed_envdir) do
-              changed_env = loader.get("env3")
+          changed_envdir = FS::MemoryFile.a_directory(base_dir, [
+            FS::MemoryFile.a_directory("env3", [
+              FS::MemoryFile.a_regular_file_containing("environment.conf", <<-EOF)
+                manifest=/manifest_changed
+                modulepath=/modules_changed
+                environment_timeout=0
+              EOF
+            ]),
+          ])
 
-              expect(original_env).to environment(:env3).
-                with_manifest(File.expand_path("/manifest_orig")).
-                with_full_modulepath([File.expand_path("/modules_orig")])
+          FS.overlay(changed_envdir) do
+            changed_env = loader.get("env3")
 
-              expect(changed_env).to environment(:env3).
-                with_manifest(File.expand_path("/manifest_changed")).
-                with_full_modulepath([File.expand_path("/modules_changed")])
-            end
+            expect(original_env).to environment(:env3).
+              with_manifest(File.expand_path("/manifest_orig")).
+              with_full_modulepath([File.expand_path("/modules_orig")])
+
+            expect(changed_env).to environment(:env3).
+              with_manifest(File.expand_path("/manifest_changed")).
+              with_full_modulepath([File.expand_path("/modules_changed")])
           end
         end
       end
@@ -558,24 +549,49 @@ config_version=$vardir/random/scripts
 
   describe "cached loaders" do
     it "lists environments" do
-      loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
-        expect(Puppet::Environments::Cached.new(loader).list).to include_in_any_order(
+      cached_loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
+        expect(loader.list).to contain_exactly(
           environment(:an_environment),
           environment(:another_environment),
           environment(:symlinked_environment))
       end
     end
 
+    it "returns the same cached environment object for list and get methods" do
+      cached_loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
+        env = loader.list.find { |e| e.name == :an_environment }
+
+        expect(env).to equal(loader.get(:an_environment)) # same object
+      end
+    end
+
+    it "returns the same cached environment object for multiple list calls" do
+      cached_loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
+        expect(loader.list.first).to equal(loader.list.first) # same object
+      end
+    end
+
+    it "expires environments and returns a new environment object with the same value" do
+      Puppet[:environment_timeout] = "0"
+
+      cached_loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
+        a = loader.list.first
+        b = loader.list.first
+        expect(a).to eq(b)        # same value
+        expect(a).to_not equal(b) # not same object
+      end
+    end
+
     it "has search_paths" do
-      loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
-        expect(Puppet::Environments::Cached.new(loader).search_paths).to eq(["file://#{directory_tree.children.first}"])
+      cached_loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
+        expect(loader.search_paths).to eq(["file://#{directory_tree.children.first}"])
       end
     end
 
     context "#get" do
       it "gets an environment" do
-        loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
-          expect(Puppet::Environments::Cached.new(loader).get(:an_environment)).to environment(:an_environment)
+        cached_loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
+          expect(loader.get(:an_environment)).to environment(:an_environment)
         end
       end
 
@@ -592,16 +608,16 @@ config_version=$vardir/random/scripts
       end
 
       it "returns nil if env not found" do
-        loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
-          expect(Puppet::Environments::Cached.new(loader).get(:doesnotexist)).to be_nil
+        cached_loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
+          expect(loader.get(:doesnotexist)).to be_nil
         end
       end
     end
 
     context "#get!" do
       it "gets an environment" do
-        loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
-          expect(Puppet::Environments::Cached.new(loader).get!(:an_environment)).to environment(:an_environment)
+        cached_loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
+          expect(loader.get!(:an_environment)).to environment(:an_environment)
         end
       end
 
@@ -618,14 +634,41 @@ config_version=$vardir/random/scripts
       end
 
       it "raises error if environment is not found" do
-        loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
+        cached_loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
           expect do
-            Puppet::Environments::Cached.new(loader).get!(:doesnotexist)
+            loader.get!(:doesnotexist)
           end.to raise_error(Puppet::Environments::EnvironmentNotFound)
         end
       end
     end
 
+    context "#get_conf" do
+      it "loads environment.conf" do
+        cached_loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
+          expect(loader.get_conf(:an_environment)).to match_environment_conf(:an_environment).
+            with_env_path(directory_tree.children.first).
+            with_global_module_path([])
+        end
+      end
+
+      it "always reloads environment.conf" do
+        env = Puppet::Node::Environment.create(:cached, [])
+        mocked_loader = double('loader')
+        expect(mocked_loader).to receive(:get_conf).with(:cached).and_return(Puppet::Settings::EnvironmentConf.static_for(env, 20)).twice
+
+        cached = Puppet::Environments::Cached.new(mocked_loader)
+
+        cached.get_conf(:cached)
+        cached.get_conf(:cached)
+      end
+
+      it "returns nil if environment is not found" do
+        cached_loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
+          expect(loader.get_conf(:doesnotexist)).to be_nil
+        end
+      end
+    end
+
     context "expiration policies" do
       let(:service) { ReplayExpirationService.new }
 
@@ -647,8 +690,6 @@ config_version=$vardir/random/scripts
       end
 
       it "evicts an expired environment" do
-        service = ReplayExpirationService.new
-
         expect(service).to receive(:expired?).and_return(true)
 
         with_environment_loaded(service) do |cached|
@@ -703,13 +744,15 @@ config_version=$vardir/random/scripts
         expect(service.created_envs).to eq([:an_environment, :an_environment])
         expect(service.evicted_envs).to eq([:an_environment])
       end
-    end
 
-    it "gets an environment.conf" do
-      loader_from(:filesystem => [directory_tree], :directory => directory_tree.children.first) do |loader|
-        expect(Puppet::Environments::Cached.new(loader).get_conf(:an_environment)).to match_environment_conf(:an_environment).
-          with_env_path(directory_tree.children.first).
-          with_global_module_path([])
+      it "evicts expired environments when listing" do
+        expect(service).to receive(:expired?).with(:an_environment).and_return(true)
+
+        with_environment_loaded(service) do |cached|
+          cached.list
+        end
+
+        expect(service.evicted_envs).to eq([:an_environment])
       end
     end
 
@@ -727,6 +770,30 @@ config_version=$vardir/random/scripts
 
     context '#clear_all' do
       let(:service) { ReplayExpirationService.new }
+      let(:envdir) { File.expand_path("envdir") }
+      let(:default_dir) { File.join(envdir, "cached_env", "modules") }
+      let(:expected_dir) { File.join(envdir, "cached_env", "site") }
+
+      let(:base_dir) do
+        FS::MemoryFile.a_directory(envdir, [
+          FS::MemoryFile.a_directory("cached_env", [
+            FS::MemoryFile.a_missing_file("environment.conf")
+          ])
+        ])
+      end
+
+      let(:updated_dir) do
+        FS::MemoryFile.a_directory(envdir, [
+          FS::MemoryFile.a_directory("cached_env", [
+            FS::MemoryFile.a_directory("site"),
+            FS::MemoryFile.a_missing_directory("modules"),
+            FS::MemoryFile.a_regular_file_containing("environment.conf", <<-EOF)
+              modulepath=site
+              environment_timeout=unlimited
+            EOF
+          ])
+        ])
+      end
 
       it 'evicts all environments' do
         with_environment_loaded(service) do |cached|
@@ -738,48 +805,44 @@ config_version=$vardir/random/scripts
         end
       end
 
-      it 'clears cached environment settings' do
-        base_dir = File.expand_path("envdir")
-        original_envdir = FS::MemoryFile.a_directory(base_dir, [
-          FS::MemoryFile.a_directory("env3", [
-            FS::MemoryFile.a_regular_file_containing("environment.conf", <<-EOF)
-              manifest=/manifest_orig
-              modulepath=/modules_orig
-              environment_timeout=60
-            EOF
-          ]),
-        ])
+      it "recomputes modulepath if 'get' is called before 'clear_all'" do
+        cached_loader_from(:filesystem => [base_dir], :directory => base_dir) do |loader|
+          loader.get(:cached_env)
 
-        FS.overlay(original_envdir) do
-          dir_loader = Puppet::Environments::Directories.new(original_envdir, [])
-          loader = Puppet::Environments::Cached.new(dir_loader)
-          Puppet.override(:environments => loader) do
-            original_env = loader.get("env3") # force the environment.conf to be read
-
-            changed_envdir = FS::MemoryFile.a_directory(base_dir, [
-              FS::MemoryFile.a_directory("env3", [
-                FS::MemoryFile.a_regular_file_containing("environment.conf", <<-EOF)
-                  manifest=/manifest_changed
-                  modulepath=/modules_changed
-                  environment_timeout=60
-                EOF
-              ]),
-            ])
+          expect(Puppet.settings.value(:modulepath, :cached_env)).to eq(default_dir)
 
-            #Clear all cached environments
+          FS.overlay(updated_dir) do
             loader.clear_all
 
-            FS.overlay(changed_envdir) do
-              changed_env = loader.get("env3")
+            expect(loader.get(:cached_env).modulepath).to contain_exactly(expected_dir)
+          end
+        end
+      end
+
+      it "recomputes modulepath if 'list' is called before 'clear_all'"  do
+        cached_loader_from(:filesystem => [base_dir], :directory => base_dir) do |loader|
+          loader.list
 
-              expect(original_env).to environment(:env3).
-                with_manifest(File.expand_path("/manifest_orig")).
-                with_full_modulepath([File.expand_path("/modules_orig")])
+          expect(Puppet.settings.value(:modulepath, :cached_env)).to eq(default_dir)
 
-              expect(changed_env).to environment(:env3).
-                with_manifest(File.expand_path("/manifest_changed")).
-                with_full_modulepath([File.expand_path("/modules_changed")])
-            end
+          FS.overlay(updated_dir) do
+            loader.clear_all
+
+            expect(loader.get(:cached_env).modulepath).to contain_exactly(expected_dir)
+          end
+        end
+      end
+
+      it "recomputes modulepath if 'get_conf' is called before 'clear_all'" do
+        cached_loader_from(:filesystem => [base_dir], :directory => base_dir) do |loader|
+          loader.get_conf(:cached_env)
+
+          expect(Puppet.settings.value(:modulepath, :cached_env)).to eq(default_dir)
+
+          FS.overlay(updated_dir) do
+            loader.clear_all
+
+            expect(loader.get(:cached_env).modulepath).to contain_exactly(expected_dir)
           end
         end
       end
@@ -865,6 +928,20 @@ config_version=$vardir/random/scripts
     end
   end
 
+  def cached_loader_from(options, &block)
+    FS.overlay(*options[:filesystem]) do
+      environments = Puppet::Environments::Cached.new(
+        Puppet::Environments::Directories.new(
+          options[:directory],
+          options[:modulepath] || []
+        )
+      )
+      Puppet.override(:environments => environments) do
+        yield environments
+      end
+    end
+  end
+
   def loader_from(options, &block)
     FS.overlay(*options[:filesystem]) do
       environments = Puppet::Environments::Directories.new(
@@ -917,4 +994,3 @@ config_version=$vardir/random/scripts
     end
   end
 end
-end

data/spec/unit/face/facts_spec.rb

@@ -71,4 +71,8 @@ CONF
                                log.message =~ /Uploading facts for '.*' to 'puppet\.server\.test'/}
     end
   end
+
+  describe "#show" do
+    it { is_expected.to be_action :show }
+  end
 end

data/spec/unit/file_system_spec.rb

@@ -999,6 +999,15 @@ describe "Puppet::FileSystem" do
             Puppet::FileSystem.replace_file(dest, 0755) { |_| }
           }.to raise_error(ArgumentError, /Only modes 0644, 0640, 0660, and 0440 are allowed/)
         end
+
+        it 'falls back to fully qualified user name when sid retrieval fails' do
+          current_user_sid = Puppet::Util::Windows::SID.name_to_sid(Puppet::Util::Windows::ADSI::User.current_user_name)
+          allow(Puppet::Util::Windows::SID).to receive(:name_to_sid).with(Puppet::Util::Windows::ADSI::User.current_user_name).and_return(nil, current_user_sid)
+          allow(Puppet::Util::Windows::SID).to receive(:name_to_sid).with(Puppet::Util::Windows::ADSI::User.current_sam_compatible_user_name).and_call_original
+
+          Puppet::FileSystem.replace_file(dest, 0644) { |f| f.write(content) }
+          expects_public_file(dest)
+        end
       end
     end
 

data/spec/unit/indirector/facts/facter_spec.rb

@@ -28,6 +28,7 @@ describe Puppet::Node::Facts::Facter do
     @request = double('request', :key => @name)
     @environment = double('environment')
     allow(@request).to receive(:environment).and_return(@environment)
+    allow(@request).to receive(:options).and_return({})
     allow(@request.environment).to receive(:modules).and_return([])
     allow(@request.environment).to receive(:modulepath).and_return([])
   end
@@ -104,6 +105,7 @@ describe Puppet::Node::Facts::Facter do
       expect(FileTest).to receive(:directory?).with(factpath1).and_return(true)
       expect(FileTest).to receive(:directory?).with(factpath2).and_return(true)
       allow(@request.environment).to receive(:modulepath).and_return([modulepath])
+      allow(@request).to receive(:options).and_return({})
       expect(Dir).to receive(:glob).with("#{modulepath}/*/lib/facter").and_return([modulelibfacter])
       expect(Dir).to receive(:glob).with("#{modulepath}/*/plugins/facter").and_return([modulepluginsfacter])
 
@@ -149,4 +151,97 @@ describe Puppet::Node::Facts::Facter do
       Puppet::Node::Facts::Facter.setup_external_search_paths @request
     end
   end
+
+  describe 'when :resolve_options is true' do
+    let(:options) { { resolve_options: true, user_query: ["os", "timezone"], show_legacy: true } }
+    let(:facts) { Puppet::Node::Facts.new("foo") }
+
+    before :each do
+      allow(@request).to receive(:options).and_return(options)
+      allow(Puppet::Node::Facts).to receive(:new).and_return(facts)
+      allow(facts).to receive(:add_local_facts)
+    end
+
+    it 'should call Facter.resolve method' do
+      expect(Facter).to receive(:resolve).with("os timezone --show-legacy")
+      @facter.find(@request)
+    end
+
+    it 'should NOT add local facts' do
+      expect(facts).not_to receive(:add_local_facts)
+
+      @facter.find(@request)
+    end
+
+    describe 'when Facter version is lower than 4.0.40' do
+      before :each do
+        allow(Facter).to receive(:respond_to?).and_return(false)
+        allow(Facter).to receive(:respond_to?).with(:resolve).and_return(false)
+      end
+
+      it 'raises an error' do
+        expect { @facter.find(@request) }.to raise_error(Puppet::Error, "puppet facts show requires version 4.0.40 or greater of Facter.")
+      end
+    end
+
+    describe 'when setting up external search paths' do
+      let(:options) { { resolve_options: true, user_query: ["os", "timezone"], external_dir: 'some/dir' } }
+      let(:pluginfactdest) { File.expand_path 'plugin/dest' }
+      let(:modulepath) { File.expand_path 'module/foo' }
+      let(:modulefactsd) { File.expand_path 'module/foo/facts.d'  }
+
+      before :each do
+        expect(FileTest).to receive(:directory?).with(pluginfactdest).and_return(true)
+        mod = Puppet::Module.new('foo', modulepath, @request.environment)
+        allow(@request.environment).to receive(:modules).and_return([mod])
+        Puppet[:pluginfactdest] = pluginfactdest
+      end
+
+      it 'should skip files' do
+        expect(File).to receive(:directory?).with(modulefactsd).and_return(false)
+        expect(Facter).to receive(:search_external).with([pluginfactdest, options[:external_dir]])
+        Puppet::Node::Facts::Facter.setup_external_search_paths @request
+      end
+
+      it 'should add directories' do
+        expect(File).to receive(:directory?).with(modulefactsd).and_return(true)
+        expect(Facter).to receive(:search_external).with([modulefactsd, pluginfactdest, options[:external_dir]])
+        Puppet::Node::Facts::Facter.setup_external_search_paths @request
+      end
+    end
+
+    describe 'when setting up search paths' do
+      let(:factpath1) { File.expand_path 'one' }
+      let(:factpath2) { File.expand_path 'two' }
+      let(:factpath) { [factpath1, factpath2].join(File::PATH_SEPARATOR) }
+      let(:modulepath) { File.expand_path 'module/foo' }
+      let(:modulelibfacter) { File.expand_path 'module/foo/lib/facter' }
+      let(:modulepluginsfacter) { File.expand_path 'module/foo/plugins/facter' }
+      let(:options) { { resolve_options: true, custom_dir: 'some/dir' } }
+
+      before :each do
+        expect(FileTest).to receive(:directory?).with(factpath1).and_return(true)
+        expect(FileTest).to receive(:directory?).with(factpath2).and_return(true)
+        allow(@request.environment).to receive(:modulepath).and_return([modulepath])
+        expect(Dir).to receive(:glob).with("#{modulepath}/*/lib/facter").and_return([modulelibfacter])
+        expect(Dir).to receive(:glob).with("#{modulepath}/*/plugins/facter").and_return([modulepluginsfacter])
+
+        Puppet[:factpath] = factpath
+      end
+
+      it 'should skip files' do
+        expect(FileTest).to receive(:directory?).with(modulelibfacter).and_return(false)
+        expect(FileTest).to receive(:directory?).with(modulepluginsfacter).and_return(false)
+        expect(Facter).to receive(:search).with(factpath1, factpath2, options[:custom_dir])
+        Puppet::Node::Facts::Facter.setup_search_paths @request
+      end
+
+      it 'should add directories' do
+        expect(FileTest).to receive(:directory?).with(modulelibfacter).and_return(true)
+        expect(FileTest).to receive(:directory?).with(modulepluginsfacter).and_return(false)
+        expect(Facter).to receive(:search).with(modulelibfacter, factpath1, factpath2, options[:custom_dir])
+        Puppet::Node::Facts::Facter.setup_search_paths @request
+      end
+    end
+  end
 end

data/spec/unit/network/formats_spec.rb

@@ -534,4 +534,45 @@ EOT
       end
     end
   end
+
+  describe ":flat format" do
+    let(:flat) { Puppet::Network::FormatHandler.format(:flat) }
+
+    it "should include a flat format" do
+      expect(flat).to be_an_instance_of Puppet::Network::Format
+    end
+
+    [:intern, :intern_multiple].each do |method|
+      it "should not implement #{method}" do
+        expect { flat.send(method, String, 'blah') }.to raise_error NotImplementedError
+      end
+    end
+
+    context "when rendering arrays" do
+      {
+          []                           => "",
+          [1, 2]                       => "0=1\n1=2\n",
+          ["one"]                      => "0=one\n",
+          [{"one" => 1}, {"two" => 2}] => "0.one=1\n1.two=2\n",
+          [['something', 'for'], ['the', 'test']]  => "0=[\"something\", \"for\"]\n1=[\"the\", \"test\"]\n"
+      }.each_pair do |input, output|
+        it "should render #{input.inspect} as one item per line" do
+          expect(flat.render(input)).to eq(output)
+        end
+      end
+    end
+
+    context "when rendering hashes" do
+      {
+          {}                                   => "",
+          {1 => 2}                             => "1=2\n",
+          {"one" => "two"}                     => "one=two\n",
+          {[1,2] => 3, [2,3] => 5, [3,4] => 7} => "[1, 2]=3\n[2, 3]=5\n[3, 4]=7\n",
+      }.each_pair do |input, output|
+        it "should render #{input.inspect}" do
+          expect(flat.render(input)).to eq(output)
+        end
+      end
+    end
+  end
 end

data/spec/unit/network/http/factory_spec.rb

@@ -144,4 +144,23 @@ describe Puppet::Network::HTTP::Factory do
       expect(conn.local_host).to eq('127.0.0.1')
     end
   end
+
+  context 'tls' do
+    it "sets the minimum version to TLS 1.0", if: RUBY_VERSION.to_f >= 2.5 do
+      conn = create_connection(site)
+      expect(conn.min_version).to eq(OpenSSL::SSL::TLS1_VERSION)
+    end
+
+    it "defaults to ciphersuites providing 128 bits of security or greater" do
+      conn = create_connection(site)
+      expect(conn.ciphers).to eq("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256")
+    end
+
+    it "can be restricted to TLSv1.3 ciphers" do
+      tls13_ciphers = "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
+      Puppet[:ciphers] = tls13_ciphers
+      conn = create_connection(site)
+      expect(conn.ciphers).to eq(tls13_ciphers)
+    end
+  end
 end

data/spec/unit/provider/package/dnfmodule_spec.rb

@@ -123,7 +123,7 @@ describe Puppet::Type.type(:package).provider(:dnfmodule) do
         provider.install
       end
 
-      it "should just enable the module if it has no default profile" do
+      it "should just enable the module if it has no default profile(missing groups or modules)" do
         dnf_exception = Puppet::ExecutionFailure.new("Error: Problems in request:\nmissing groups or modules: #{resource[:name]}")
         allow(provider).to receive(:execute).with(array_including('install')).and_raise(dnf_exception)
         resource[:ensure] = :present
@@ -132,6 +132,15 @@ describe Puppet::Type.type(:package).provider(:dnfmodule) do
         provider.install
       end
 
+      it "should just enable the module if it has no default profile(broken groups or modules)" do
+        dnf_exception = Puppet::ExecutionFailure.new("Error: Problems in request:\nbroken groups or modules: #{resource[:name]}")
+        allow(provider).to receive(:execute).with(array_including('install')).and_raise(dnf_exception)
+        resource[:ensure] = :present
+        expect(provider).to receive(:execute).with(array_including('install')).ordered
+        expect(provider).to receive(:execute).with(array_including('enable')).ordered
+        provider.install
+      end
+
       it "should just enable the module if enable_only = true" do
         resource[:ensure] = :present
         resource[:enable_only] = true

data/spec/unit/provider/service/systemd_spec.rb

@@ -200,6 +200,17 @@ describe 'Puppet::Type::Service::Provider::Systemd',
       })
     end
 
+    it "correctly parses services when list-unit-files has an additional column" do
+      expect(provider_class).to receive(:systemctl).with('list-unit-files', '--type', 'service', '--full', '--all', '--no-pager').and_return(File.read(my_fixture('list_unit_files_services_vendor_preset')))
+      expect(provider_class.instances.map(&:name)).to match_array(%w{
+        arp-ethers.service
+        auditd.service
+        dbus.service
+        umountnfs.service
+        urandom.service
+      })
+    end
+
     it "should print a debug message when a service with the state `bad` is found" do
       expect(provider_class).to receive(:systemctl).with('list-unit-files', '--type', 'service', '--full', '--all', '--no-pager').and_return(File.read(my_fixture('list_unit_files_services')))
       expect(Puppet).to receive(:debug).with("apparmor.service marked as bad by `systemctl`. It is recommended to be further checked.")

data/spec/unit/provider/user/useradd_spec.rb

@@ -375,21 +375,36 @@ describe Puppet::Type.type(:user).provider(:useradd) do
     before { described_class.has_feature :manages_local_users_and_groups }
 
     let(:content) do
-      <<~EOF
+      StringIO.new(<<~EOF)
       group1:x:0:myuser
       group2:x:999:
       group3:x:998:myuser
       EOF
     end
 
+    let(:content_with_empty_line) do
+      StringIO.new(<<~EOF)
+      group1:x:0:myuser
+      group2:x:999:
+      group3:x:998:myuser
+
+      EOF
+    end
+
     it "should return the local groups string when forcelocal is true" do
       resource[:forcelocal] = true
-      group1, group2, group3 = content.split
       allow(Puppet::FileSystem).to receive(:exist?).with('/etc/group').and_return(true)
-      allow(Puppet::FileSystem).to receive(:each_line).with('/etc/group').and_yield(group1).and_yield(group2).and_yield(group3)
+      allow(File).to receive(:open).with(Pathname.new('/etc/group')).and_yield(content)
       expect(provider.groups).to eq(['group1', 'group3'])
     end
 
+    it "does not raise when parsing empty lines in /etc/group" do
+      resource[:forcelocal] = true
+      allow(Puppet::FileSystem).to receive(:exist?).with('/etc/group').and_return(true)
+      allow(File).to receive(:open).with(Pathname.new('/etc/group')).and_yield(content_with_empty_line)
+      expect { provider.groups }.not_to raise_error
+    end
+
     it "should fall back to nameservice groups when forcelocal is false" do
       resource[:forcelocal] = false
       allow(Puppet::Util::POSIX).to receive(:groups_of).with('myuser').and_return(['remote groups'])