puppet 7.10.0 → 7.13.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bb14045c978960e4e7b09aed6c3520ec4de726569117031ae3ba5bd96c2e077a
-  data.tar.gz: 47e721bc33f5564e98fc4b7bb6a4127e209b64efcb921cd5be3e5becd99ae76b
+  metadata.gz: 45045b95a6ecb2a310d7114e78c48e812cbaa18e396eba63a399b3f6221e947e
+  data.tar.gz: 9196874c694b632b984fd0fc7b2304a2a2b6551328cbb81d62f664c282bd0ba9
 SHA512:
-  metadata.gz: b655140a24ba14e21ab4ae9b4587d450058e147cad7bf3670fb3a518359b8a5d1457ffe1d5adc1e655ffff3d1a89a0b2687a4713f07844f3110b5114f6969b2a
-  data.tar.gz: '02850db07816869af5f43502f101f6fbcc7d395522721f3181f4a0b75c5729edbe75a880e324de5079e4a5ae38d221439e6557adda107d99b17c5a0870f64ca7'
+  metadata.gz: e318a7303b592cb3b2cd0dd26c5e7b8ea57ab410aa79bd77c06acf60509d6f2fb5a55bf4fbea9aeeb8e4f660dd3f3c2c65062b3f0a0a3ba806c713264140b24a
+  data.tar.gz: e23422e5834aa7eedbc7e25bcaaf04d9ca3a48604c94d2c84085348cc1c41aad33299e0de3a247f9769222ba7d67b55de0deeab96037245b3214ef903d8bbbaa

data/Gemfile

@@ -3,7 +3,7 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org"
 gemspec
 
 def location_for(place, fake_version = nil)
-  if place.is_a?(String) && place =~ /^(git[:@][^#]*)#(.*)/
+  if place.is_a?(String) && place =~ /^((?:git[:@]|https:)[^#]*)#(.*)/
     [fake_version, { git: $1, branch: $2, require: false }].compact
   elsif place.is_a?(String) && place =~ /^file:\/\/(.*)/
     ['>= 0', { path: File.expand_path($1), require: false }]
@@ -53,7 +53,7 @@ end
 group(:development, optional: true) do
   gem 'memory_profiler', require: false, platforms: [:mri]
   gem 'pry', require: false, platforms: [:ruby]
-  gem "racc", "1.4.9", require: false, platforms: [:ruby]
+  gem "racc", "1.5.2", require: false, platforms: [:ruby]
   if RUBY_PLATFORM != 'java'
     gem 'ruby-prof', '>= 0.16.0', require: false
   end
@@ -63,7 +63,7 @@ group(:packaging) do
   gem 'packaging', *location_for(ENV['PACKAGING_LOCATION'] || '~> 0.99')
 end
 
-group(:documentation) do
+group(:documentation, optional: true) do
   gem 'gettext-setup', '~> 0.28', require: false, platforms: [:ruby]
   gem 'ronn', '~> 0.7.3', require: false, platforms: [:ruby]
 end

data/Gemfile.lock

@@ -1,9 +1,10 @@
 GIT
-  remote: git://github.com/puppetlabs/packaging
-  revision: 804ad19a32455079917eaabd73fcec65078e8cee
+  remote: https://github.com/puppetlabs/packaging
+  revision: 98613aaebad419700b4c37163fe3bbc612f2239d
   branch: 1.0.x
   specs:
-    packaging (0.99.79.2.g804ad19)
+    packaging (0.104.0.4.g98613aa)
+      apt_stage_artifacts
       artifactory (~> 2)
       csv (= 3.1.5)
       rake (>= 12.3)
@@ -12,12 +13,12 @@ GIT
 PATH
   remote: .
   specs:
-    puppet (7.10.0)
+    puppet (7.13.1)
       CFPropertyList (~> 2.2)
       concurrent-ruby (~> 1.0)
       deep_merge (~> 1.0)
       facter (>= 2.4.0, < 5)
-      fast_gettext (~> 1.1)
+      fast_gettext (>= 1.1, < 3)
       hiera (>= 3.2.1, < 4)
       locale (~> 2.1)
       multi_json (~> 1.13)
@@ -30,6 +31,8 @@ GEM
     CFPropertyList (2.3.6)
     addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
+    apt_stage_artifacts (0.10.1)
+      docopt
     artifactory (2.8.2)
     ast (2.4.2)
     coderay (1.1.3)
@@ -40,11 +43,11 @@ GEM
     deep_merge (1.2.1)
     diff-lcs (1.4.4)
     docopt (0.6.1)
-    facter (4.2.2)
+    facter (4.2.5)
       hocon (~> 1.3)
       thor (>= 1.0.1, < 2.0)
     fast_gettext (1.1.2)
-    ffi (1.15.3)
+    ffi (1.15.4)
     gettext (3.2.9)
       locale (>= 2.0.5)
       text (>= 1.3.0)
@@ -70,7 +73,7 @@ GEM
     multi_json (1.15.0)
     mustache (1.1.1)
     optimist (3.0.1)
-    parallel (1.20.1)
+    parallel (1.21.0)
     parser (2.7.2.0)
       ast (~> 2.4.1)
     powerpack (0.1.3)
@@ -80,14 +83,14 @@ GEM
     public_suffix (4.0.6)
     puppet-resource_api (1.8.14)
       hocon (>= 1.0)
-    puppetserver-ca (2.3.1)
+    puppetserver-ca (2.3.5)
       facter (>= 2.0.1, < 5)
-    racc (1.4.9)
+    racc (1.5.2)
     rainbow (2.2.2)
       rake
     rake (13.0.6)
     rdiscount (2.2.0.2)
-    rdoc (6.3.2)
+    rdoc (6.3.3)
     release-metrics (1.1.0)
       csv
       docopt
@@ -111,7 +114,7 @@ GEM
     rspec-mocks (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
-    rspec-support (3.10.2)
+    rspec-support (3.10.3)
     rubocop (0.49.1)
       parallel (~> 1.10)
       parser (>= 2.3.3.1, < 3.0)
@@ -127,13 +130,15 @@ GEM
     semantic_puppet (1.0.4)
     text (1.3.1)
     thor (1.1.0)
-    unicode-display_width (1.7.0)
+    unicode-display_width (1.8.0)
     vcr (5.1.0)
     webmock (3.14.0)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    yard (0.9.26)
+    webrick (1.7.0)
+    yard (0.9.27)
+      webrick (~> 1.7.0)
 
 PLATFORMS
   ruby
@@ -153,7 +158,7 @@ DEPENDENCIES
   puppet!
   puppet-resource_api (~> 1.5)
   puppetserver-ca (~> 2.0)
-  racc (= 1.4.9)
+  racc (= 1.5.2)
   rake (~> 13.0)
   rdoc (~> 6.0)
   ronn (~> 0.7.3)

data/ext/project_data.yaml

@@ -21,7 +21,7 @@ gem_runtime_dependencies:
   facter: ['> 2.0.1', '< 5']
   hiera: ['>= 3.2.1', '< 4']
   semantic_puppet: '~> 1.0'
-  fast_gettext: '~> 1.1'
+  fast_gettext: ['>= 1.1', '< 3']
   locale: '~> 2.1'
   multi_json: '~> 1.10'
   puppet-resource_api: '~>1.5'

data/lib/puppet/application/agent.rb

@@ -334,6 +334,10 @@ generated by running puppet agent with '--genconfig'.
   specifying a time of 0.
   (This is a Puppet setting, and can go in puppet.conf.)
 
+* --write_catalog_summary
+  After compiling the catalog saves the resource list and classes list to the node
+  in the state directory named classes.txt and resources.txt
+  (This is a Puppet setting, and can go in puppet.conf.)
 
 EXAMPLE
 -------

data/lib/puppet/application/apply.rb

@@ -16,7 +16,9 @@ class Puppet::Application::Apply < Puppet::Application
   option("--use-nodes")
   option("--detailed-exitcodes")
 
-  option("--write-catalog-summary")
+  option("--write-catalog-summary") do |arg|
+    Puppet[:write_catalog_summary] = arg
+  end
 
   option("--catalog catalog",  "-c catalog") do |arg|
     options[:catalog] = arg
@@ -169,6 +171,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
   def app_defaults
     super.merge({
       :default_file_terminus => :file_server,
+      :write_catalog_summary => false
     })
   end
 
@@ -247,7 +250,22 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
 
         catalog.retrieval_duration = Time.now - starttime
 
-        if options[:write_catalog_summary]
+        # We accept either the global option `--write_catalog_summary`
+        # corresponding to the new setting, or the application option
+        # `--write-catalog-summary`. The latter is needed to maintain backwards
+        # compatibility.
+        #
+        # Puppet settings parse global options using PuppetOptionParser, but it
+        # only recognizes underscores, not dashes.
+        # The base application parses app specific options using ruby's builtin
+        # OptionParser. As of ruby 2.4, it will accept either underscores or
+        # dashes, but prefer dashes.
+        #
+        # So if underscores are used, the PuppetOptionParser will parse it and
+        # store that in Puppet[:write_catalog_summary]. If dashes are used,
+        # OptionParser will parse it, and set Puppet[:write_catalog_summary]. In
+        # either case, settings will contain the correct value.
+        if Puppet[:write_catalog_summary]
           catalog.write_class_file
           catalog.write_resource_file
         end

data/lib/puppet/application/lookup.rb

@@ -7,6 +7,7 @@ class Puppet::Application::Lookup < Puppet::Application
 
   RUN_HELP = _("Run 'puppet lookup --help' for more details").freeze
   DEEP_MERGE_OPTIONS = '--knock-out-prefix, --sort-merged-arrays, and --merge-hash-arrays'.freeze
+  TRUSTED_INFORMATION_FACTS = ["hostname", "domain", "fqdn", "clientcert"].freeze
 
   run_mode :server
 
@@ -54,11 +55,7 @@ class Puppet::Application::Lookup < Puppet::Application
   end
 
   option('--facts FACT_FILE') do |arg|
-    if %w{.yaml .yml .json}.include?(arg.match(/\.[^.]*$/)[0])
-      options[:fact_file] = arg
-    else
-      raise _("The --fact file only accepts yaml and json files.\n%{run_help}") % { run_help: RUN_HELP }
-    end
+    options[:fact_file] = arg
   end
 
   def app_defaults
@@ -137,7 +134,9 @@ DESCRIPTION
 The lookup command is a CLI for Puppet's 'lookup()' function. It searches your
 Hiera data and returns a value for the requested lookup key, so you can test and
 explore your data. It is a modern replacement for the 'hiera' command.
-
+Lookup uses the setting for global hiera.yaml from puppet's config,
+and the environment to find the environment level hiera.yaml as well as the
+resulting modulepath for the environment (for hiera.yaml files in modules).
 Hiera usually relies on a node's facts to locate the relevant data sources. By
 default, 'puppet lookup' uses facts from the node you run the command on, but
 you can get data for any other node with the '--node <NAME>' option. If
@@ -186,7 +185,8 @@ OPTIONS
 * --environment <ENV>
   Like with most Puppet commands, you can specify an environment on the command
   line. This is important for lookup because different environments can have
-  different Hiera data.
+  different Hiera data. This environment will be always be the one used regardless
+  of any other factors.
 
 * --merge first|unique|hash|deep:
   Specify the merge behavior, overriding any merge behavior from the data's
@@ -237,6 +237,13 @@ EXAMPLE
   To look up 'key_name' using the Puppet Server node's facts:
   $ puppet lookup key_name
 
+  To look up 'key_name' using the Puppet Server node's arbitrary variables from a manifest, and 
+  classify the node if applicable:
+  $ puppet lookup key_name --compile
+
+  To look up 'key_name' using the Puppet Server node's facts, overridden by facts given in a file:
+  $ puppet lookup key_name --facts fact_file.yaml
+
   To look up 'key_name' with agent.local's facts:
   $ puppet lookup --node agent.local key_name
 
@@ -341,31 +348,60 @@ Copyright (c) 2015 Puppet Inc., LLC Licensed under the Apache 2.0 License
       Puppet.settings[:facts_terminus] = 'facter'
     end
 
-    unless node.is_a?(Puppet::Node) # to allow unit tests to pass a node instance
-      ni = Puppet::Node.indirection
-      tc = ni.terminus_class
-      if tc == :plain || options[:compile]
-        node = ni.find(node)
-      else
-        ni.terminus_class = :plain
-        node = ni.find(node)
-        ni.terminus_class = tc
-      end
-    end
-
     fact_file = options[:fact_file]
 
     if fact_file
-      if fact_file.end_with?("json")
-        given_facts = Puppet::Util::Json.load(Puppet::FileSystem.read(fact_file, :encoding => 'utf-8'))
-      else
+      if fact_file.end_with?('.json')
+        given_facts = Puppet::Util::Json.load_file(fact_file)
+      elsif fact_file.end_with?('.yml', '.yaml')
         given_facts = Puppet::Util::Yaml.safe_load_file(fact_file)
+      else
+        given_facts = Puppet::Util::Json.load_file_if_valid(fact_file)
+        given_facts = Puppet::Util::Yaml.safe_load_file_if_valid(fact_file) unless given_facts
       end
 
       unless given_facts.instance_of?(Hash)
-        raise _("Incorrect formatted data in %{fact_file} given via the --facts flag") % { fact_file: fact_file }
+        raise _("Incorrectly formatted data in %{fact_file} given via the --facts flag (only accepts yaml and json files)") % { fact_file: fact_file }
+      end
+
+      if TRUSTED_INFORMATION_FACTS.any? { |key| given_facts.key? key }
+        unless TRUSTED_INFORMATION_FACTS.all? { |key| given_facts.key? key }
+          raise _("When overriding any of the %{trusted_facts_list} facts with %{fact_file} "\
+            "given via the --facts flag, they must all be overridden.") % { fact_file: fact_file ,trusted_facts_list: TRUSTED_INFORMATION_FACTS.join(',')}
+        end
       end
-      node.add_extra_facts(given_facts)
+    end
+
+    unless node.is_a?(Puppet::Node) # to allow unit tests to pass a node instance
+      facts = retrieve_node_facts(node, given_facts) 
+      if Puppet.settings.set_by_cli?('environment')
+        node = Puppet::Node.new(node, :classes => nil, :parameters => nil, :facts => facts, :environment => Puppet.settings.value('environment'))
+      else
+        ni = Puppet::Node.indirection
+        tc = ni.terminus_class
+
+        service = Puppet.runtime[:http]
+        session = service.create_session
+        cert = session.route_to(:ca)
+
+        _, x509 = cert.get_certificate(node)
+        cert = OpenSSL::X509::Certificate.new(x509)
+
+        Puppet::SSL::Oids.register_puppet_oids
+        trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
+
+        Puppet.override(trusted_information: trusted) do
+          if tc == :plain || options[:compile]
+            node = ni.find(node, facts: facts)
+          else
+            ni.terminus_class = :plain
+            node = ni.find(node, facts: facts)
+            ni.terminus_class = tc
+          end
+        end
+      end
+    else
+      node.add_extra_facts(given_facts) if given_facts
     end
 
     Puppet[:code] = 'undef' unless options[:compile]
@@ -378,4 +414,16 @@ Copyright (c) 2015 Puppet Inc., LLC Licensed under the Apache 2.0 License
       compiler.compile { |catalog| yield(compiler.topscope); catalog }
     end
   end
+
+  def retrieve_node_facts(node, given_facts)
+    facts = Puppet::Node::Facts.indirection.find(node, :environment => Puppet.lookup(:current_environment))
+
+    facts = Puppet::Node::Facts.new(node, {}) if facts.nil?
+    facts.add_extra_values(given_facts) if given_facts
+
+    if facts.values.empty?
+      raise _("No facts available for target node: %{node}") % { node: node}
+    end
+    facts
+  end
 end

data/lib/puppet/application/resource.rb

@@ -225,21 +225,23 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
   def find_or_save_resources(type, name, params)
     key = local_key(type, name)
 
-    if name
-      if params.empty?
-        [ Puppet::Resource.indirection.find( key ) ]
+    Puppet.override(stringify_rich: true) do
+      if name
+        if params.empty?
+          [ Puppet::Resource.indirection.find( key ) ]
+        else
+          resource = Puppet::Resource.new( type, name, :parameters => params )
+
+          # save returns [resource that was saved, transaction log from applying the resource]
+          save_result = Puppet::Resource.indirection.save(resource, key)
+          [ save_result.first ]
+        end
       else
-        resource = Puppet::Resource.new( type, name, :parameters => params )
-
-        # save returns [resource that was saved, transaction log from applying the resource]
-        save_result = Puppet::Resource.indirection.save(resource, key)
-        [ save_result.first ]
-      end
-    else
-      if type == "file"
-        raise _("Listing all file instances is not supported.  Please specify a file or directory, e.g. puppet resource file /etc")
+        if type == "file"
+          raise _("Listing all file instances is not supported.  Please specify a file or directory, e.g. puppet resource file /etc")
+        end
+        Puppet::Resource.indirection.search( key, {} )
       end
-      Puppet::Resource.indirection.search( key, {} )
     end
   end
 end

data/lib/puppet/concurrent/thread_local_singleton.rb

@@ -1,13 +1,16 @@
+# frozen_string_literal: true
 module Puppet
   module Concurrent
     module ThreadLocalSingleton
       def singleton
         key = (name + ".singleton").intern
         thread = Thread.current
-        unless thread.thread_variable?(key)
-          thread.thread_variable_set(key, new)
+        value = thread.thread_variable_get(key)
+        if value.nil?
+          value = new
+          thread.thread_variable_set(key, value)
         end
-        thread.thread_variable_get(key)
+        value
       end
     end
   end

data/lib/puppet/configurer.rb

@@ -118,8 +118,11 @@ class Puppet::Configurer
       catalog = result.to_ral
       catalog.finalize
       catalog.retrieval_duration = duration
-      catalog.write_class_file
-      catalog.write_resource_file
+
+      if Puppet[:write_catalog_summary]
+        catalog.write_class_file
+        catalog.write_resource_file
+      end
     end
     options[:report].add_times(:convert_catalog, catalog_conversion_time) if options[:report]
 
@@ -387,9 +390,18 @@ class Puppet::Configurer
       # We only need to find out the environment to run in if we don't already have a catalog
       unless (cached_catalog || options[:catalog] || Puppet.settings.set_by_cli?(:environment) || Puppet[:strict_environment_mode])
         Puppet.debug(_("Environment not passed via CLI and no catalog was given, attempting to find out the last server-specified environment"))
-        if last_server_specified_environment
-          @environment = last_server_specified_environment
-          report.environment = last_server_specified_environment
+        initial_environment, loaded_last_environment = last_server_specified_environment
+
+        unless loaded_last_environment
+          Puppet.debug(_("Requesting environment from the server"))
+          initial_environment = current_server_specified_environment(@environment, configured_environment, options)
+        end
+
+        if initial_environment
+          @environment = initial_environment
+          report.environment = initial_environment
+
+          push_current_environment_and_loaders
         else
           Puppet.debug(_("Could not find a usable environment in the lastrunfile. Either the file does not exist, does not have the required keys, or the values of 'initial_environment' and 'converged_environment' are identical."))
         end
@@ -400,14 +412,7 @@ class Puppet::Configurer
       # This is to maintain compatibility with anyone using this class
       # aside from agent, apply, device.
       unless Puppet.lookup(:loaders) { nil }
-        new_env = Puppet::Node::Environment.remote(@environment)
-        Puppet.push_context(
-          {
-            current_environment: new_env,
-            loaders: Puppet::Pops::Loaders.new(new_env, true)
-          },
-          "Local node environment #{@environment} for configurer transaction"
-        )
+        push_current_environment_and_loaders
       end
 
       temp_value = options[:pluginsync]
@@ -443,14 +448,7 @@ class Puppet::Configurer
         @environment = catalog.environment
         report.environment = @environment
 
-        new_env = Puppet::Node::Environment.remote(@environment)
-        Puppet.push_context(
-          {
-            :current_environment => new_env,
-            :loaders => Puppet::Pops::Loaders.new(new_env, true)
-          },
-          "Local node environment #{@environment} for configurer transaction"
-        )
+        push_current_environment_and_loaders
 
         query_options, facts = get_facts(options)
         query_options[:configured_environment] = configured_environment
@@ -560,28 +558,88 @@ class Puppet::Configurer
   end
   private :find_functional_server
 
+  #
+  # @api private
+  #
+  # Read the last server-specified environment from the lastrunfile. The
+  # environment is considered to be server-specified if the values of
+  # `initial_environment` and `converged_environment` are different.
+  #
+  # @return [String, Boolean] An array containing a string with the environment
+  #   read from the lastrunfile in case the server is authoritative, and a
+  #   boolean marking whether the last environment was correctly loaded.
   def last_server_specified_environment
-    return @last_server_specified_environment if @last_server_specified_environment
+    return @last_server_specified_environment, @loaded_last_environment if @last_server_specified_environment
+
     if Puppet::FileSystem.exist?(Puppet[:lastrunfile])
       summary = Puppet::Util::Yaml.safe_load_file(Puppet[:lastrunfile])
-      return unless summary.dig('application', 'run_mode') == 'agent'
-      initial_environment = summary.dig('application', 'initial_environment')
-      converged_environment = summary.dig('application', 'converged_environment')
+      return [nil, nil] unless summary['application']['run_mode'] == 'agent'
+      initial_environment = summary['application']['initial_environment']
+      converged_environment = summary['application']['converged_environment']
       @last_server_specified_environment = converged_environment if initial_environment != converged_environment
+      Puppet.debug(_("Successfully loaded last environment from the lastrunfile"))
+      @loaded_last_environment = true
     end
 
     Puppet.debug(_("Found last server-specified environment: %{environment}") % { environment: @last_server_specified_environment }) if @last_server_specified_environment
-    @last_server_specified_environment
+    [@last_server_specified_environment, @loaded_last_environment]
   rescue => detail
     Puppet.debug(_("Could not find last server-specified environment: %{detail}") % { detail: detail })
-    nil
+    [nil, nil]
   end
   private :last_server_specified_environment
 
+  def current_server_specified_environment(current_environment, configured_environment, options)
+    return @server_specified_environment if @server_specified_environment
+
+    begin
+      node_retr_time = thinmark do
+        node = Puppet::Node.indirection.find(Puppet[:node_name_value],
+                                             :environment => Puppet::Node::Environment.remote(current_environment),
+                                             :configured_environment => configured_environment,
+                                             :ignore_cache => true,
+                                             :transaction_uuid => @transaction_uuid,
+                                             :fail_on_404 => true)
+
+        # The :rest node terminus returns a node with an environment_name, but not an
+        # environment instance. Attempting to get the environment instance will load
+        # it from disk, which will likely fail. So create a remote environment.
+        #
+        # The :plain node terminus returns a node with an environment, but not an
+        # environment_name.
+        if !node.has_environment_instance? && node.environment_name
+          node.environment = Puppet::Node::Environment.remote(node.environment_name)
+        end
+
+        @server_specified_environment = node.environment.to_s
+
+        if @server_specified_environment != @environment
+          Puppet.notice _("Local environment: '%{local_env}' doesn't match server specified node environment '%{node_env}', switching agent to '%{node_env}'.") % { local_env: @environment, node_env: @server_specified_environment }
+        end
+      end
+
+      options[:report].add_times(:node_retrieval, node_retr_time)
+
+      @server_specified_environment
+    rescue => detail
+      Puppet.warning(_("Unable to fetch my node definition, but the agent run will continue:"))
+      Puppet.warning(detail)
+      nil
+    end
+  end
+  private :current_server_specified_environment
+
   def send_report(report)
     puts report.summary if Puppet[:summarize]
     save_last_run_summary(report)
-    Puppet::Transaction::Report.indirection.save(report, nil, :environment => Puppet::Node::Environment.remote(@environment)) if Puppet[:report]
+    if Puppet[:report]
+      remote = Puppet::Node::Environment.remote(@environment)
+      begin
+        Puppet::Transaction::Report.indirection.save(report, nil, ignore_cache: true, environment: remote)
+      ensure
+        Puppet::Transaction::Report.indirection.save(report, nil, ignore_terminus: true, environment: remote)
+      end
+    end
   rescue => detail
     Puppet.log_exception(detail, _("Could not send report: %{detail}") % { detail: detail })
   end
@@ -604,7 +662,7 @@ class Puppet::Configurer
   # @return [false] If an exception is raised during fact generation or
   #   submission.
   def resubmit_facts
-    ::Facter.clear
+    Puppet.runtime[:facter].clear
     facts = find_facts
 
     client = Puppet.runtime[:http]
@@ -639,6 +697,17 @@ class Puppet::Configurer
     end
   end
 
+  def push_current_environment_and_loaders
+    new_env = Puppet::Node::Environment.remote(@environment)
+    Puppet.push_context(
+      {
+        :current_environment => new_env,
+        :loaders => Puppet::Pops::Loaders.new(new_env, true)
+      },
+      "Local node environment #{@environment} for configurer transaction"
+    )
+  end
+
   def retrieve_catalog_from_cache(query_options)
     result = nil
     @duration = thinmark do

data/lib/puppet/confine/variable.rb

@@ -18,7 +18,7 @@ class Puppet::Confine::Variable < Puppet::Confine
 
   # Retrieve the value from facter
   def facter_value
-    @facter_value ||= ::Facter.value(name).to_s.downcase
+    @facter_value ||= Puppet.runtime[:facter].value(name).to_s.downcase
   end
 
   def initialize(values)