Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6542

Group resource emits misleading change notification with auth_membership => false

    Details

    • Template:
    • Epic Link:
    • Team:
      Platform OS
    • Sprint:
      Platform OS Kanban
    • CS Priority:
      Normal
    • CS Frequency:
      2 - 5-25% of Customers
    • CS Severity:
      3 - Serious
    • CS Business Value:
      5 - $$$$$$
    • CS Impact:
      Hide
      The output messages for this is pretty confusing. It appears as though it changes it to only the members specified, but it doesn't actually, which makes it behave like the user resource.

      It's unclear which behavior will be less confusing. Should the group resource manage the entire state of a group, or be additive in the way the user resource is?

      Windows is different in that groups can be members of other groups and having to respecify all members of a group may be frustrating.
      Show
      The output messages for this is pretty confusing. It appears as though it changes it to only the members specified, but it doesn't actually, which makes it behave like the user resource. It's unclear which behavior will be less confusing. Should the group resource manage the entire state of a group, or be additive in the way the user resource is? Windows is different in that groups can be members of other groups and having to respecify all members of a group may be frustrating.
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      The members property in the group resource has now been fixed to report the right change notifications to Puppet.

      Description

      When Puppet is adding users to an existing group, its change report is misleading.

      Take the following manifest (from French Windows):

      group { 'Administrateurs': 
      	ensure => 'present', 
      	auth_membership => false, 
      	members => ['AUTORITE NT\\Utilisateurs authentifiés']
      }
      

      It emits the following message

      # $ bundle exec puppet apply utf8.pp
      # DL is deprecated, please use Fiddle
      # Notice: Compiled catalog for wbsk7zl860xwiqa.delivery.puppetlabs.net in environment production in 0.06 seconds
      # Notice: /Stage[main]/Main/Group[Administrateurs]/members: members changed 'WBSK7ZL860XWIQA\Administrateur,WBSK7ZL860XWIQA\tester,WBSK7ZL860XWIQA\Administrator,WBSK7ZL860XWIQA\cyg_server,WBSK7ZL860XWIQA\bla' to 'AUTORITE NT\Utilisateurs authentifiés'
      # Notice: Applied catalog in 0.11 seconds
      

      However, the message is incorrect, given the actual group membership:

      $ bundle exec puppet resource group Administrateurs
      DL is deprecated, please use Fiddle
      group { 'Administrateurs':
        ensure  => 'present',
        gid     => 'S-1-5-32-544',
        members => ['Administrateur', 'tester', 'Administrator', 'cyg_server', 'bla', 'Utilisateurs authentifiés'],
      }
      

      Expected behavior should be like what the user resource does:

      user { 'Invité': 
      	ensure => 'present', 
      	auth_membership => minimum, 
      	groups => ['BUILTIN\\Administrateurs']
      }
      

      Emits the following message:

      bundle exec puppet apply .\user.pp
      DL is deprecated, please use Fiddle
      Notice: Compiled catalog for wbsk7zl860xwiqa.delivery.puppetlabs.net in environment production in 0.08 seconds
      Notice: /Stage[main]/Main/User[Invité]/groups: groups changed 'BUILTIN\Invités' to ['BUILTIN\Administrateurs', 'BUILTIN\Invités']
      Notice: Applied catalog in 0.11 seconds
      

      For resource

      bundle exec puppet resource user
       
      <snip/>
       
      user { 'Invité':
        ensure  => 'present',
        comment => 'Compte d'utilisateur invité',
        groups  => ['BUILTIN\Invités', 'BUILTIN\Administrateurs'],
        uid     => 'S-1-5-21-441295449-3808246871-2843121223-501',
      }
      

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  enis.inan Enis Inan
                  Reporter:
                  ethan Ethan Brown
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: