Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9562

User resource does not respect forcelocal for the comment parameter

    Details

    • Template:
      PUP Bug Template
    • Team:
      Night's Watch
    • Story Points:
      5
    • Sprint:
      NW - 2019-10-16, NW - 2019-10-30, NW - 2019-11-13
    • Method Found:
      Customer Feedback
    • Zendesk Ticket IDs:
      34145
    • Zendesk Ticket Count:
      1
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      Prior to this fix, a user resource configured with forcelocal would still try to sync the comment with the external directory services, meaning that subsequent Puppet runs would not be idempotent.

      To fix this, we compare the `in_sync` with the contents of the local `/etc/passwd` file.
      Show
      Prior to this fix, a user resource configured with forcelocal would still try to sync the comment with the external directory services, meaning that subsequent Puppet runs would not be idempotent. To fix this, we compare the `in_sync` with the contents of the local `/etc/passwd` file.

      Description

      A user resource configured with forcelocal will still try to sync the comment with the external directory services. It does use the `lusermod` to modify the local `/etc/passwd` to the comment specified in the user resource, but it compares the `in_sync` with the external directory services, meaning that it always updates the comment on catalog compilation.

      Reproduction:
      1. Configure an agent with LDAP
      2. Ensure nsswitch.conf has LDAP before `files` for `passwd`
      3. Add a user to LDAP with a comment. Below is an example user.

      testuser:*:510:10:test:/home/test:/bin/bash
      

      4. Apply the following manifest on the agent multiple times and observe that it tries to update the comment every time.

      user{'test':
        ensure => present,
        forcelocal => true,
        comment => 'local comment',
        uid => '510',
        gid => '10',
      }
      

      Expected Behavior:
      The agent should check the local passwd file for the comment as per https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/user/useradd.rb#L58-L72

        Attachments

          Activity

            People

            • Assignee:
              gabriel.nagy Gabriel Nagy
              Reporter:
              jarret.lavallee Jarret Lavallee
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support