Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
PUP 7.4.0, PUP 6.21.0
-
None
-
Night's Watch
-
NW - 2021-02-17
-
Needs Assessment
-
Bug Fix
-
Fix a regression where setting the `gid` parameter on a user resource with `forcelocal` on is not idempotent.
-
Needs Assessment
Description
Puppet Version: 7.4.0 and 6.21.0
Puppet Server Version: Masterless to demonstrate issue
OS Name/Version: CentOS 7
Defining a `forcelocal` user results in Puppet constantly wanting to change the GID for the user.
Desired Behavior:
Idempotent apply of forcelocal user.
Actual Behavior:
[root@23aff6d4a202 /]# cat user-group.pp
|
user { 'keycloak':
|
ensure => 'present',
|
name => 'keycloak',
|
forcelocal => true,
|
shell => '/sbin/nologin',
|
gid => 'keycloak',
|
uid => undef,
|
home => '/var/lib/keycloak',
|
managehome => true,
|
system => true,
|
}
|
group { 'keycloak':
|
ensure => 'present',
|
name => 'keycloak',
|
forcelocal => true,
|
gid => undef,
|
system => true,
|
}
|
[root@23aff6d4a202 /]# puppet apply user-group.pp
|
Notice: Compiled catalog for 23aff6d4a202 in environment production in 0.01 seconds
|
Notice: /Stage[main]/Main/Group[keycloak]/ensure: created
|
Notice: /Stage[main]/Main/User[keycloak]/ensure: created
|
Notice: Applied catalog in 0.04 seconds
|
[root@23aff6d4a202 /]# puppet apply user-group.pp
|
Notice: Compiled catalog for 23aff6d4a202 in environment production in 0.01 seconds
|
Notice: /Stage[main]/Main/User[keycloak]/gid: gid changed '13' to 'keycloak'
|
Notice: Applied catalog in 0.02 seconds
|
|
I am fairly certain the issue resides in this change: https://tickets.puppetlabs.com/browse/PUP-10857
