Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6542

Group resource emits misleading change notification with auth_membership => false

    XMLWordPrintable

Details

    • Platform OS
    • Platform OS Kanban
    • Normal
    • 2 - 5-25% of Customers
    • 3 - Serious
    • 5 - $$$$$$
    • Hide
      The output messages for this is pretty confusing. It appears as though it changes it to only the members specified, but it doesn't actually, which makes it behave like the user resource.

      It's unclear which behavior will be less confusing. Should the group resource manage the entire state of a group, or be additive in the way the user resource is?

      Windows is different in that groups can be members of other groups and having to respecify all members of a group may be frustrating.
      Show
      The output messages for this is pretty confusing. It appears as though it changes it to only the members specified, but it doesn't actually, which makes it behave like the user resource. It's unclear which behavior will be less confusing. Should the group resource manage the entire state of a group, or be additive in the way the user resource is? Windows is different in that groups can be members of other groups and having to respecify all members of a group may be frustrating.
    • Bug Fix
    • The members property in the group resource has now been fixed to report the right change notifications to Puppet.

    Description

      When Puppet is adding users to an existing group, its change report is misleading.

      Take the following manifest (from French Windows):

      group { 'Administrateurs': 
      	ensure => 'present', 
      	auth_membership => false, 
      	members => ['AUTORITE NT\\Utilisateurs authentifiés']
      		 
      }

      It emits the following message

      # $ bundle exec puppet apply utf8.pp
      		 
      # DL is deprecated, please use Fiddle
      		 
      # Notice: Compiled catalog for wbsk7zl860xwiqa.delivery.puppetlabs.net in environment production in 0.06 seconds
      		 
      # Notice: /Stage[main]/Main/Group[Administrateurs]/members: members changed 'WBSK7ZL860XWIQA\Administrateur,WBSK7ZL860XWIQA\tester,WBSK7ZL860XWIQA\Administrator,WBSK7ZL860XWIQA\cyg_server,WBSK7ZL860XWIQA\bla' to 'AUTORITE NT\Utilisateurs authentifiés'
      		 
      # Notice: Applied catalog in 0.11 seconds

      However, the message is incorrect, given the actual group membership:

      $ bundle exec puppet resource group Administrateurs
      		 
      DL is deprecated, please use Fiddle
      		 
      group { 'Administrateurs':
      		 
        ensure  => 'present',
      		 
        gid     => 'S-1-5-32-544',
      		 
        members => ['Administrateur', 'tester', 'Administrator', 'cyg_server', 'bla', 'Utilisateurs authentifiés'],
      		 
      }

      Expected behavior should be like what the user resource does:

      user { 'Invité': 
      	ensure => 'present', 
      	auth_membership => minimum, 
      	groups => ['BUILTIN\\Administrateurs']
      		 
      }

      Emits the following message:

      bundle exec puppet apply .\user.pp
      		 
      DL is deprecated, please use Fiddle
      		 
      Notice: Compiled catalog for wbsk7zl860xwiqa.delivery.puppetlabs.net in environment production in 0.08 seconds
      		 
      Notice: /Stage[main]/Main/User[Invité]/groups: groups changed 'BUILTIN\Invités' to ['BUILTIN\Administrateurs', 'BUILTIN\Invités']
      		 
      Notice: Applied catalog in 0.11 seconds

      For resource

      bundle exec puppet resource user
      		 
       
      		 
      <snip/>
      		 
       
      		 
      user { 'Invité':
      		 
        ensure  => 'present',
      		 
        comment => 'Compte d'utilisateur invité',
      		 
        groups  => ['BUILTIN\Invités', 'BUILTIN\Administrateurs'],
      		 
        uid     => 'S-1-5-21-441295449-3808246871-2843121223-501',
      		 
      }

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. PUP-7585 Windows group's "members changed" message is misleading

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. PUP-2628 Ability to add a member to a group, instead of specifying the complete list

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. PUP-3719 Group resource non-authoritative by default (Breaking change)

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DOCUMENT-356 confusing documentation of *_membership attributes of group resource

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed
          mentioned in

          Page Loading...

          Activity

            People

              enis.inan Enis Inan
              ethan Ethan Brown
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support