puppet 6.25.1-x86-mingw32 → 6.28.0-x86-mingw32

data/man/man5/puppet.conf.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPETCONF" "5" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPETCONF" "5" "July 2022" "Puppet, Inc." "Puppet manual"
 \fBThis page is autogenerated; any changes will get overwritten\fR
 .
 .SH "Configuration settings"
@@ -945,7 +945,7 @@ The time to wait for data to be read from an HTTP connection\. If nothing is rea
 The HTTP User\-Agent string to send when making network requests\.
 .
 .IP "\(bu" 4
-\fIDefault\fR: \fBPuppet/6\.25\.1 Ruby/2\.5\.1\-p57 (x86_64\-linux)\fR
+\fIDefault\fR: \fBPuppet/6\.28\.0 Ruby/2\.7\.5\-p203 (x86_64\-linux)\fR
 .
 .IP "" 0
 .
@@ -1118,6 +1118,14 @@ From where to retrieve translation files\. The standard Puppet \fBfile\fR type i
 .
 .IP "" 0
 .
+.SS "location_trusted"
+This will allow sending the name + password and the cookie header to all hosts that puppet may redirect to\. This may or may not introduce a security breach if puppet redirects you to a site to which you\'ll send your authentication info and cookies\.
+.
+.IP "\(bu" 4
+\fIDefault\fR: \fBfalse\fR
+.
+.IP "" 0
+.
 .SS "log_level"
 Default logging level for messages from Puppet\. Allowed values are:
 .
@@ -2059,6 +2067,17 @@ Whether to only use the cached catalog rather than compiling a new catalog on ev
 .
 .IP "" 0
 .
+.SS "use_last_environment"
+Puppet saves both the initial and converged environment in the last_run_summary file\. If they differ, and this setting is set to true, we will use the last converged environment and skip the node request\.
+.
+.P
+When set to false, we will do the node request and ignore the environment data from the last_run_summary file\.
+.
+.IP "\(bu" 4
+\fIDefault\fR: \fBtrue\fR
+.
+.IP "" 0
+.
 .SS "use_srv_records"
 Whether the server will search for SRV records in DNS for the current domain\.
 .

data/man/man8/puppet-agent.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-AGENT" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-AGENT" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-agent\fR \- The puppet agent daemon

data/man/man8/puppet-apply.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-APPLY" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-APPLY" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-apply\fR \- Apply Puppet manifests locally

data/man/man8/puppet-catalog.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-CATALOG" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-CATALOG" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-catalog\fR \- Compile, save, view, and convert catalogs\.

data/man/man8/puppet-config.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-CONFIG" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-CONFIG" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-config\fR \- Interact with Puppet\'s settings\.

data/man/man8/puppet-describe.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DESCRIBE" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DESCRIBE" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-describe\fR \- Display help about resource types

data/man/man8/puppet-device.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DEVICE" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DEVICE" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-device\fR \- Manage remote network devices

data/man/man8/puppet-doc.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DOC" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DOC" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-doc\fR \- Generate Puppet references

data/man/man8/puppet-epp.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-EPP" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-EPP" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-epp\fR \- Interact directly with the EPP template parser/renderer\.

data/man/man8/puppet-facts.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FACTS" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FACTS" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-facts\fR \- Retrieve and store facts\.

data/man/man8/puppet-filebucket.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FILEBUCKET" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FILEBUCKET" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-filebucket\fR \- Store and retrieve files in a filebucket

data/man/man8/puppet-generate.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-GENERATE" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-GENERATE" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-generate\fR \- Generates Puppet code from Ruby definitions\.

data/man/man8/puppet-help.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-HELP" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-HELP" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-help\fR \- Display Puppet help\.

data/man/man8/puppet-key.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-KEY" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-KEY" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-key\fR \- Create, save, and remove certificate keys\.

data/man/man8/puppet-lookup.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-LOOKUP" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-LOOKUP" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-lookup\fR \- Interactive Hiera lookup
@@ -22,10 +22,7 @@ The most common version of this command is:
 puppet lookup [\-\-help] [\-\-type \fITYPESTRING\fR] [\-\-merge first|unique|hash|deep] [\-\-knock\-out\-prefix \fIPREFIX\-STRING\fR] [\-\-sort\-merged\-arrays] [\-\-merge\-hash\-arrays] [\-\-explain] [\-\-environment \fIENV\fR] [\-\-default \fIVALUE\fR] [\-\-node \fINODE\-NAME\fR] [\-\-facts \fIFILE\fR] [\-\-compile] [\-\-render\-as s|json|yaml|binary|msgpack] \fIkeys\fR
 .
 .SH "DESCRIPTION"
-The lookup command is a CLI for Puppet\'s \'lookup()\' function\. It searches your Hiera data and returns a value for the requested lookup key, so you can test and explore your data\. It is a modern replacement for the \'hiera\' command\.
-.
-.P
-Hiera usually relies on a node\'s facts to locate the relevant data sources\. By default, \'puppet lookup\' uses facts from the node you run the command on, but you can get data for any other node with the \'\-\-node \fINAME\fR\' option\. If possible, the lookup command will use the requested node\'s real stored facts from PuppetDB; if PuppetDB isn\'t configured or you want to provide arbitrary fact values, you can pass alternate facts as a JSON or YAML file with \'\-\-facts \fIFILE\fR\'\.
+The lookup command is a CLI for Puppet\'s \'lookup()\' function\. It searches your Hiera data and returns a value for the requested lookup key, so you can test and explore your data\. It is a modern replacement for the \'hiera\' command\. Lookup uses the setting for global hiera\.yaml from puppet\'s config, and the environment to find the environment level hiera\.yaml as well as the resulting modulepath for the environment (for hiera\.yaml files in modules)\. Hiera usually relies on a node\'s facts to locate the relevant data sources\. By default, \'puppet lookup\' uses facts from the node you run the command on, but you can get data for any other node with the \'\-\-node \fINAME\fR\' option\. If possible, the lookup command will use the requested node\'s real stored facts from PuppetDB; if PuppetDB isn\'t configured or you want to provide arbitrary fact values, you can pass alternate facts as a JSON or YAML file with \'\-\-facts \fIFILE\fR\'\.
 .
 .P
 If you\'re debugging your Hiera data and want to see where values are coming from, use the \'\-\-explain\' option\.
@@ -54,7 +51,7 @@ For more details about how Hiera works, see the Hiera documentation: https://pup
 \-\-facts \fIFILE\fR Specify a \.json or \.yaml file of key => value mappings to override the facts for this lookup\. Any facts not specified in this file maintain their original value\.
 .
 .IP "\(bu" 4
-\-\-environment \fIENV\fR Like with most Puppet commands, you can specify an environment on the command line\. This is important for lookup because different environments can have different Hiera data\.
+\-\-environment \fIENV\fR Like with most Puppet commands, you can specify an environment on the command line\. This is important for lookup because different environments can have different Hiera data\. This environment will be always be the one used regardless of any other factors\.
 .
 .IP "\(bu" 4
 \-\-merge first|unique|hash|deep: Specify the merge behavior, overriding any merge behavior from the data\'s lookup_options\. \'first\' returns the first value found\. \'unique\' appends everything to a merged, deduplicated array\. \'hash\' performs a simple hash merge by overwriting keys of lower lookup priority\. \'deep\' performs a deep merge on values of Array and Hash type\. There are additional options that can be used with \'deep\'\.
@@ -89,6 +86,12 @@ For more details about how Hiera works, see the Hiera documentation: https://pup
 To look up \'key_name\' using the Puppet Server node\'s facts: $ puppet lookup key_name
 .
 .P
+To look up \'key_name\' using the Puppet Server node\'s arbitrary variables from a manifest, and classify the node if applicable: $ puppet lookup key_name \-\-compile
+.
+.P
+To look up \'key_name\' using the Puppet Server node\'s facts, overridden by facts given in a file: $ puppet lookup key_name \-\-facts fact_file\.yaml
+.
+.P
 To look up \'key_name\' with agent\.local\'s facts: $ puppet lookup \-\-node agent\.local key_name
 .
 .P

data/man/man8/puppet-man.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MAN" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MAN" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-man\fR \- Display Puppet manual pages\.

data/man/man8/puppet-module.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MODULE" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MODULE" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.

data/man/man8/puppet-node.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-NODE" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-NODE" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-node\fR \- View and manage node definitions\.

data/man/man8/puppet-parser.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PARSER" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PARSER" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-parser\fR \- Interact directly with the parser\.

data/man/man8/puppet-plugin.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PLUGIN" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PLUGIN" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.

data/man/man8/puppet-report.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-REPORT" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-REPORT" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-report\fR \- Create, display, and submit reports\.

data/man/man8/puppet-resource.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-RESOURCE" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-RESOURCE" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-resource\fR \- The resource abstraction layer shell

data/man/man8/puppet-script.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SCRIPT" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SCRIPT" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog

data/man/man8/puppet-ssl.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SSL" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SSL" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients

data/man/man8/puppet-status.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-STATUS" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-STATUS" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-status\fR \- View puppet server status\.

data/man/man8/puppet.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET" "8" "October 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET" "8" "July 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
 catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
 .
 .P
-See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.25\.1
+See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.28\.0

data/spec/fixtures/unit/forge/bacula.json

@@ -37,7 +37,7 @@
           "license": "Apache 2.0",
           "checksums": { },
           "version": "0.0.2",
-          "source": "git://github.com/puppetlabs/puppetlabs-bacula.git",
+          "source": "https://github.com/puppetlabs/puppetlabs-bacula",
           "project_page": "https://github.com/puppetlabs/puppetlabs-bacula",
           "summary": "bacula",
           "dependencies": [ ],

data/spec/integration/application/agent_spec.rb

@@ -3,6 +3,7 @@ require 'puppet_spec/files'
 require 'puppet_spec/puppetserver'
 require 'puppet_spec/compiler'
 require 'puppet_spec/https'
+require 'puppet/application/agent'
 
 describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
   include PuppetSpec::Files
@@ -737,4 +738,111 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
       end
     end
   end
+
+  context "ssl" do
+    context "bootstrapping" do
+      before :each do
+        # reconfigure ssl to non-existent dir and files to force bootstrapping
+        dir = tmpdir('ssl')
+        Puppet[:ssldir] = dir
+        Puppet[:localcacert] = File.join(dir, 'ca.pem')
+        Puppet[:hostcrl] = File.join(dir, 'crl.pem')
+        Puppet[:hostprivkey] = File.join(dir, 'cert.pem')
+        Puppet[:hostcert] = File.join(dir, 'key.pem')
+
+        Puppet[:daemonize] = false
+        Puppet[:logdest] = 'console'
+        Puppet[:log_level] = 'info'
+      end
+
+      it "exits if the agent is not allowed to wait" do
+        Puppet[:waitforcert] = 0
+
+        server.start_server do |port|
+          Puppet[:serverport] = port
+          expect {
+            agent.run
+          }.to exit_with(1)
+           .and output(%r{Exiting now because the waitforcert setting is set to 0}).to_stdout
+           .and output(%r{Failed to submit the CSR, HTTP response was 404}).to_stderr
+        end
+      end
+
+      it "exits if the maxwaitforcert time is exceeded" do
+        Puppet[:waitforcert] = 1
+        Puppet[:maxwaitforcert] = 1
+
+        server.start_server do |port|
+          Puppet[:serverport] = port
+          expect {
+            agent.run
+          }.to exit_with(1)
+            .and output(%r{Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate \(127.0.0.1\). Exiting now because the maxwaitforcert timeout has been exceeded.}).to_stdout
+            .and output(%r{Failed to submit the CSR, HTTP response was 404}).to_stderr
+        end
+      end
+    end
+
+    def copy_fixtures(sources, dest)
+      ssldir = File.join(PuppetSpec::FIXTURE_DIR, 'ssl')
+      File.open(dest, 'w') do |f|
+        sources.each do |s|
+          f.write(File.read(File.join(ssldir, s)))
+        end
+      end
+    end
+
+    it "reloads the CRL between runs" do
+      Puppet[:localcacert] = ca = tmpfile('ca')
+      Puppet[:hostcrl] = crl = tmpfile('crl')
+      Puppet[:hostcert] = cert = tmpfile('cert')
+      Puppet[:hostprivkey] = key = tmpfile('key')
+
+      copy_fixtures(%w[ca.pem intermediate.pem], ca)
+      copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
+      copy_fixtures(%w[127.0.0.1.pem], cert)
+      copy_fixtures(%w[127.0.0.1-key.pem], key)
+
+      revoked = cert_fixture('revoked.pem')
+      revoked_key = key_fixture('revoked-key.pem')
+
+      mounts = {}
+      mounts[:catalog] = -> (req, res) {
+        catalog = compile_to_catalog(<<~MANIFEST, node)
+          file { '#{cert}':
+            ensure => file,
+            content => '#{revoked}'
+          }
+          file { '#{key}':
+            ensure => file,
+            content => '#{revoked_key}'
+          }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: mounts) do |port|
+        Puppet[:serverport] = port
+        Puppet[:daemonize] = false
+        Puppet[:runinterval] = 1
+        Puppet[:waitforcert] = 1
+        Puppet[:maxwaitforcert] = 1
+
+        # simulate two runs of the agent, then return so we don't infinite loop
+        allow_any_instance_of(Puppet::Daemon).to receive(:run_event_loop) do |instance|
+          instance.agent.run(splay: false)
+          instance.agent.run(splay: false)
+        end
+
+        agent.command_line.args << '--verbose'
+        expect {
+          agent.run
+        }.to exit_with(1)
+         .and output(%r{Exiting now because the maxwaitforcert timeout has been exceeded}).to_stdout
+         .and output(%r{Certificate 'CN=revoked' is revoked}).to_stderr
+      end
+    end
+  end
 end