puppet 6.19.0 → 7.3.0

data/man/man8/puppet-filebucket.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FILEBUCKET" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FILEBUCKET" "8" "January 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-filebucket\fR \- Store and retrieve files in a filebucket
@@ -16,13 +16,13 @@ puppet filebucket \fImode\fR [\-h|\-\-help] [\-V|\-\-version] [\-d|\-\-debug] [\
 Puppet filebucket can operate in three modes, with only one mode per call:
 .
 .P
-backup: Send one or more files to the specified file bucket\. Each sent file is printed with its resulting md5 sum\.
+backup: Send one or more files to the specified file bucket\. Each sent file is printed with its resulting sha256 sum\.
 .
 .P
-get: Return the text associated with an md5 sum\. The text is printed to stdout, and only one file can be retrieved at a time\.
+get: Return the text associated with an sha256 sum\. The text is printed to stdout, and only one file can be retrieved at a time\.
 .
 .P
-restore: Given a file path and an md5 sum, store the content associated with the sum into the specified file path\. You can specify an entirely new path to this argument; you are not restricted to restoring the content to its original location\.
+restore: Given a file path and an sha256 sum, store the content associated with the sum into the specified file path\. You can specify an entirely new path to this argument; you are not restricted to restoring the content to its original location\.
 .
 .P
 diff: Print a diff in unified format between two checksums in the filebucket or between a checksum and its matching file\.
@@ -152,8 +152,8 @@ $ puppet filebucket \-b /tmp/TestBucket backup /tmp/TestFile2
 $ puppet filebucket \-b /tmp/TestBucket list
 d41d8cd98f00b204e9800998ecf8427e 2015\-05\-11 09:33:22 /tmp/TestFile2
 
-## From a Puppet master, list files in the master bucketdir
-$ puppet filebucket \-b $(puppet config print bucketdir \-\-section master) list
+## From a Puppet Server, list files in the server bucketdir
+$ puppet filebucket \-b $(puppet config print bucketdir \-\-section server) list
 d43a6ecaa892a1962398ac9170ea9bf2 2015\-05\-11 09:27:56 /tmp/TestFile
 7ae322f5791217e031dc60188f4521ef 2015\-05\-11 09:52:15 /tmp/TestFile
 .

data/man/man8/puppet-generate.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-GENERATE" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-GENERATE" "8" "January 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-generate\fR \- Generates Puppet code from Ruby definitions\.

data/man/man8/puppet-help.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-HELP" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-HELP" "8" "January 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-help\fR \- Display Puppet help\.

data/man/man8/puppet-lookup.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-LOOKUP" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-LOOKUP" "8" "January 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-lookup\fR \- Interactive Hiera lookup

data/man/man8/puppet-module.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MODULE" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MODULE" "8" "January 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.
@@ -53,19 +53,6 @@ Setting a global value for \fBmodulepath\fR in puppet\.conf is not allowed (but
 .SH "ACTIONS"
 .
 .TP
-\fBbuild\fR \- Build a module release package\.
-\fBSYNOPSIS\fR
-.
-.IP
-puppet module build
-.
-.IP
-\fBDESCRIPTION\fR
-.
-.IP
-This action has been replaced by Puppet Development Kit\. For more information visit https://puppet\.com/docs/pdk/latest/pdk\.html\.
-.
-.TP
 \fBchanges\fR \- Show modified files of an installed module\.
 \fBSYNOPSIS\fR
 .
@@ -85,19 +72,6 @@ Shows any files in a module that have been modified since it was installed\. Thi
 Array of strings representing paths of modified files\.
 .
 .TP
-\fBgenerate\fR \- Generate boilerplate for a new module\.
-\fBSYNOPSIS\fR
-.
-.IP
-puppet module generate
-.
-.IP
-\fBDESCRIPTION\fR
-.
-.IP
-This action has been replaced by Puppet Development Kit\. For more information visit https://puppet\.com/docs/pdk/latest/pdk\.html\.
-.
-.TP
 \fBinstall\fR \- Install a module from the Puppet Forge or a release archive\.
 \fBSYNOPSIS\fR
 .
@@ -160,28 +134,6 @@ The output of this action includes information from the module\'s metadata, incl
 hash of paths to module objects
 .
 .TP
-\fBsearch\fR \- Search the Puppet Forge for a module\.
-\fBSYNOPSIS\fR
-.
-.IP
-puppet module search \fIsearch_term\fR
-.
-.IP
-\fBDESCRIPTION\fR
-.
-.IP
-This action has been deprecated\. Please use the Puppet Forge to search for modules\.
-.
-.IP
-Searches a repository for modules whose names, descriptions, or keywords match the provided search term\.
-.
-.IP
-\fBRETURNS\fR
-.
-.IP
-Array of module metadata hashes
-.
-.TP
 \fBuninstall\fR \- Uninstall a puppet module\.
 \fBSYNOPSIS\fR
 .
@@ -322,15 +274,6 @@ List installed modules from a specified modulepath:
 $ puppet module list \-\-modulepath /opt/puppetlabs/puppet/modules /opt/puppetlabs/puppet/modules (no modules installed)
 .
 .P
-\fBsearch\fR
-.
-.P
-Search the Puppet Forge for a module:
-.
-.P
-$ puppet module search puppetlabs NAME DESCRIPTION AUTHOR KEYWORDS bacula This is a generic Apache module @puppetlabs backups
-.
-.P
 \fBuninstall\fR
 .
 .P

data/man/man8/puppet-node.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-NODE" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-NODE" "8" "January 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-node\fR \- View and manage node definitions\.
@@ -137,6 +137,9 @@ This subcommand is an indirector face, which exposes \fBfind\fR, \fBsearch\fR, \
 \fBexec\fR
 .
 .IP "\(bu" 4
+\fBjson\fR
+.
+.IP "\(bu" 4
 \fBmemory\fR
 .
 .IP "\(bu" 4

data/man/man8/puppet-parser.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PARSER" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PARSER" "8" "January 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-parser\fR \- Interact directly with the parser\.

data/man/man8/puppet-plugin.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PLUGIN" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PLUGIN" "8" "January 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.

data/man/man8/puppet-report.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-REPORT" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-REPORT" "8" "January 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-report\fR \- Create, display, and submit reports\.
@@ -107,6 +107,9 @@ API example:report = Puppet::Face[:catalog, \'0\.0\.1\']\.apply Puppet::Face[:re
 This subcommand is an indirector face, which exposes \fBfind\fR, \fBsearch\fR, \fBsave\fR, and \fBdestroy\fR actions for an indirected subsystem of Puppet\. Valid termini for this face include:
 .
 .IP "\(bu" 4
+\fBjson\fR
+.
+.IP "\(bu" 4
 \fBmsgpack\fR
 .
 .IP "\(bu" 4

data/man/man8/puppet-resource.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-RESOURCE" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-RESOURCE" "8" "January 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-resource\fR \- The resource abstraction layer shell

data/man/man8/puppet-script.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SCRIPT" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SCRIPT" "8" "January 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog
@@ -34,7 +34,7 @@ Print this help message
 .
 .TP
 \-\-logdest
-Where to send log messages\. Choose between \'syslog\' (the POSIX syslog service), \'eventlog\' (the Windows Event Log), \'console\', or the path to a log file\. Defaults to \'console\'\.
+Where to send log messages\. Choose between \'syslog\' (the POSIX syslog service), \'eventlog\' (the Windows Event Log), \'console\', or the path to a log file\. Defaults to \'console\'\. Multiple destinations can be set using a comma separated list (eg: \fB/path/file1,console,/path/file2\fR)"
 .
 .IP
 A path ending with \'\.json\' will receive structured output in JSON format\. The log file will not have an ending \']\' automatically written to it due to the appending nature of logging\. It must be appended manually to make the content valid JSON\.

data/man/man8/puppet-ssl.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SSL" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SSL" "8" "January 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients

data/man/man8/puppet.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET" "8" "January 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
 catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
 .
 .P
-See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.19\.0
+See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v7\.3\.0

data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json

@@ -0,0 +1,91 @@
+{
+  "tags": [
+    "settings"
+  ],
+  "name": "127.0.0.1",
+  "version": 1607629733,
+  "code_id": null,
+  "catalog_uuid": "afc8472a-306b-4b24-b060-e956dffb79b8",
+  "catalog_format": 1,
+  "environment": "production",
+  "resources": [
+    {
+      "type": "Stage",
+      "title": "main",
+      "tags": [
+        "stage"
+      ],
+      "exported": false,
+      "parameters": {
+        "name": "main"
+      }
+    },
+    {
+      "type": "Class",
+      "title": "Settings",
+      "tags": [
+        "class",
+        "settings"
+      ],
+      "exported": false
+    },
+    {
+      "type": "Class",
+      "title": "main",
+      "tags": [
+        "class"
+      ],
+      "exported": false,
+      "parameters": {
+        "name": "main"
+      }
+    },
+    {
+      "type": "Notify",
+      "title": "deferred",
+      "tags": [
+        "notify",
+        "deferred",
+        "class"
+      ],
+      "file": "",
+      "line": 1,
+      "exported": false,
+      "parameters": {
+        "message": {
+          "__ptype": "Deferred",
+          "name": "new",
+          "arguments": [
+            {
+              "__ptype": "Pcore::StringType"
+            },
+            {
+              "__ptype": "Deferred",
+              "name": "binary_file",
+              "arguments": [
+                "__SOURCE_PATH__"
+              ]
+            }
+          ]
+        }
+      }
+    }
+  ],
+  "edges": [
+    {
+      "source": "Stage[main]",
+      "target": "Class[Settings]"
+    },
+    {
+      "source": "Stage[main]",
+      "target": "Class[main]"
+    },
+    {
+      "source": "Class[main]",
+      "target": "Notify[deferred]"
+    }
+  ],
+  "classes": [
+    "settings"
+  ]
+}

data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out

@@ -6,6 +6,10 @@ test_aix_user:
 no_password_user:
         lastupdate = another_last_update
 
+tab_password_user:
+        password  =  some_password
+        lastupdate = another_last_update
+
 daemon:
         password = *
 

data/spec/integration/application/agent_spec.rb

@@ -25,7 +25,7 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
           agent.command_line.args << '--test'
           agent.run
         }.to exit_with(0)
-         .and output(%r{HTTP GET https://127.0.0.1:#{port}/status/v1/simple/master returned 200 OK}).to_stdout
+         .and output(%r{HTTP GET https://127.0.0.1:#{port}/status/v1/simple/server returned 200 OK}).to_stdout
       end
     end
 
@@ -39,10 +39,9 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
           agent.run
         }.to exit_with(0)
          .and output(%r{Notice: Applied catalog}).to_stdout
-         .and output(%r{Unable to connect to server from server_list setting: Request to https://puppet.example.com:#{port}/status/v1/simple/master failed}).to_stderr
+         .and output(%r{Unable to connect to server from server_list setting: Request to https://puppet.example.com:#{port}/status/v1/simple/server failed}).to_stderr
 
         report = Puppet::Transaction::Report.convert_from(:yaml, File.read(Puppet[:lastrunreport]))
-        expect(report.master_used).to eq("127.0.0.1:#{port}")
         expect(report.server_used).to eq("127.0.0.1:#{port}")
       end
     end
@@ -75,7 +74,6 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
       end
 
       report = Puppet::Transaction::Report.convert_from(:yaml, File.read(Puppet[:lastrunreport]))
-      expect(report.master_used).to be_nil
       expect(report.server_used).to be_nil
     end
 
@@ -93,17 +91,16 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
          .and output(%r{Debug: Resolved service 'puppet' to https://127.0.0.1:#{port}/puppet/v3}).to_stdout
 
         report = Puppet::Transaction::Report.convert_from(:yaml, File.read(Puppet[:lastrunreport]))
-        expect(report.master_used).to eq("127.0.0.1:#{port}")
         expect(report.server_used).to eq("127.0.0.1:#{port}")
       end
     end
   end
 
   context 'rich data' do
-    it "applies deferred values" do
+    it "calls a deferred 4x function" do
       catalog_handler = -> (req, res) {
         catalog = compile_to_catalog(<<-MANIFEST, node)
-          notify { 'deferred':
+          notify { 'deferred4x':
             message => Deferred('join', [[1,2,3], ':'])
           }
         MANIFEST
@@ -118,7 +115,66 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
           agent.command_line.args << '--test'
           agent.run
         }.to exit_with(2)
-         .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred\]/message: defined 'message' as '1:2:3'}).to_stdout
+         .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred4x\]/message: defined 'message' as '1:2:3'}).to_stdout
+      end
+    end
+
+    it "calls a deferred 3x function" do
+      catalog_handler = -> (req, res) {
+        catalog = compile_to_catalog(<<-MANIFEST, node)
+          notify { 'deferred3x':
+            message => Deferred('sprintf', ['%s', 'I am deferred'])
+          }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: {catalog: catalog_handler}) do |port|
+        Puppet[:serverport] = port
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(2)
+         .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred3x\]/message: defined 'message' as 'I am deferred'}).to_stdout
+      end
+    end
+
+    it "re-evaluates a deferred function in a cached catalog" do
+      Puppet[:report] = false
+      Puppet[:use_cached_catalog] = true
+      Puppet[:usecacheonfailure] = false
+
+      catalog_dir = File.join(Puppet[:client_datadir], 'catalog')
+      Puppet::FileSystem.mkpath(catalog_dir)
+      cached_catalog_path = "#{File.join(catalog_dir, Puppet[:certname])}.json"
+
+      # our catalog contains a deferred function that calls `binary_file`
+      # to read `source`. The function returns a Binary object, whose
+      # base64 value is printed to stdout
+      source = tmpfile('deferred_source')
+      catalog = File.read(my_fixture('cached_deferred_catalog.json'))
+      catalog.gsub!('__SOURCE_PATH__', source)
+      File.write(cached_catalog_path, catalog)
+
+      # verify we get a different result each time the deferred function
+      # is evaluated, and reads `source`.
+      {
+        '1234' => 'MTIzNA==',
+        '5678' => 'NTY3OA=='
+      }.each_pair do |content, base64|
+        File.write(source, content)
+
+        expect {
+          agent.command_line.args << '-t'
+          agent.run
+
+        }.to exit_with(2)
+         .and output(/Notice: #{base64}/).to_stdout
+
+        # reset state so we can run again
+        Puppet::Application.clear!
       end
     end
 
@@ -249,7 +305,7 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
           agent.command_line.args << '--test'
           agent.run
         }.to exit_with(2)
-         .and output(/content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}4cf49285ae567157ebfba72bd04ccf32'/).to_stdout
+         .and output(/content changed '{sha256}e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' to '{sha256}3bef83ad320b471d8e3a03c9b9f150749eea610fe266560395d3195cfbd8e6b8'/).to_stdout
 
         # verify puppet restored binary content
         expect(File.binread(path)).to eq(binary_content)
@@ -417,7 +473,7 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
       path = Puppet[:agent_catalog_run_lockfile]
 
       th = Thread.new {
-        %x{ruby -e "$0 = 'puppet'; File.write('#{path}', Process.pid); sleep(2)"}
+        %x{ruby -e "$0 = 'puppet'; File.write('#{path}', Process.pid); sleep(20)"}
       }
 
       until File.exists?(path) && File.size(path) > 0 do
@@ -434,12 +490,23 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
 
     it "waits for other agent run to finish before starting" do
       server.start_server do |port|
+        script = tmpfile('wait_for_log_entry')
+        logdest = tmpfile('agent_log')
         path = Puppet[:agent_catalog_run_lockfile]
         Puppet[:serverport] = port
         Puppet[:waitforlock] = 1
 
         th = Thread.new {
-          %x{ruby -e "$0 = 'puppet'; File.write('#{path}', Process.pid); sleep(2)"}
+          File.write(script, <<~SCRIPT)
+            $0 = 'puppet'
+            # lock pidfile
+            File.write('#{path}', Process.pid)
+            # wait for foreground agent to fail once
+            until File.exists?("#{logdest}") && File.readlines("#{logdest}").grep(/Will try again/).any? do
+              sleep 0.1
+            end
+          SCRIPT
+          %x{ruby '#{script}'}
         }
 
         until File.exists?(path) && File.size(path) > 0 do
@@ -447,9 +514,14 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
         end
 
         expect {
-          agent.command_line.args << '--test'
+          agent.command_line.args << '--test' << '--logdest' << logdest << '--logdest' << 'console'
           agent.run
-        }.to exit_with(0).and output(/Info: Will try again in #{Puppet[:waitforlock]} seconds./).to_stdout
+        }.to exit_with(0)
+         .and output(a_string_matching(
+          /Info: Will try again in #{Puppet[:waitforlock]} seconds/
+        ).and matching(
+          /Applied catalog/
+        )).to_stdout
 
         th.kill # kill thread so we don't wait too much
       end
@@ -461,7 +533,7 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
       Puppet[:maxwaitforlock] = 0
 
       th = Thread.new {
-        %x{ruby -e "$0 = 'puppet'; File.write('#{path}', Process.pid); sleep(2)"}
+        %x{ruby -e "$0 = 'puppet'; File.write('#{path}', Process.pid); sleep(20)"}
       }
 
       until File.exists?(path) && File.size(path) > 0 do
@@ -476,4 +548,69 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
       th.kill # kill thread so we don't wait too much
     end
   end
+
+  context 'cached catalogs' do
+    it 'falls back to a cached catalog' do
+      catalog_handler = -> (req, res) {
+        catalog = compile_to_catalog(<<-MANIFEST, node)
+          notify { 'a message': }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: {catalog: catalog_handler}) do |port|
+        Puppet[:serverport] = port
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(2)
+         .and output(%r{Caching catalog for #{Puppet[:certname]}}).to_stdout
+      end
+
+      # reset state so we can run again
+      Puppet::Application.clear!
+
+      # --test above turns off `usecacheonfailure` so re-enable here
+      Puppet[:usecacheonfailure] = true
+
+      # run agent without server
+      expect {
+        agent.command_line.args << '--no-daemonize' << '--onetime' << '--server' << '127.0.0.1'
+        agent.run
+      }.to exit_with(2)
+       .and output(a_string_matching(
+         /Using cached catalog from environment 'production'/
+       ).and matching(
+         /Notify\[a message\]\/message:/
+       )).to_stdout
+       .and output(/the agent run will continue/).to_stderr
+    end
+
+    it 'preserves the old cached catalog if validation fails with the old one' do
+      catalog_handler = -> (req, res) {
+        catalog = compile_to_catalog(<<-MANIFEST, node)
+          exec { 'unqualified_command': }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: {catalog: catalog_handler}) do |port|
+        Puppet[:serverport] = port
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(1)
+         .and output(/Using configured environment/).to_stdout
+         .and output(%r{Validation of Exec\[unqualified_command\] failed: 'unqualified_command' is not qualified and no path was specified}).to_stderr
+      end
+
+      # cached catalog should not be updated
+      cached_catalog = "#{File.join(Puppet[:client_datadir], 'catalog', Puppet[:certname])}.json"
+      expect(File).to_not be_exist(cached_catalog)
+    end
+  end
 end