Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-8096

Filtering resources by tag interferes with corrective vs. intentional change determination

    XMLWordPrintable

Details

    • Security, Compliance, & Reporting
    • 5
    • SCR 2017-11-01, SCR 2017-11-15, SCR 2017-11-29
    • Bug Fix
    • Puppet will now correctly report corrective vs intentional change if a resource had been previously skipped based on tag filtering.
    • Needs Assessment

    Description

      Reproduction steps:
      • Add a new resource to site.pp
      • Run puppet agent -t on the node
      • Observe that the change is properly marked as intentional
      • Modify the resource on disk
      • Run puppet agent -t on the node
      • Observe that the change is properly marked as corrective
      • Modify the resource on disk
      • Run puppet agent -t --tags faketag on the node (this can be done before or after the previous step)
      • Observe that no change is made
      • Run puppet agent -t on the node
      • Observe that the change is wrongly marked as intentional

      The agent uses a transaction persistence file to store the previous desired state (or actual state? unclear) which it can compare to the current state on the next run. That file seems to only include resources that are actually managed on a given run, so any resource that is skipped due to tags is omitted. That causes the agent to think that every change is intentional the next time around.

      I expect this is also broken for resources which are skipped due to failed dependencies, though I haven't tested that.

      Attachments

        Activity

          People

            pieter.loubser Pieter Loubser
            nick Nick Lewis
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Zendesk Support