[PUP-8096] Filtering resources by tag interferes with corrective vs. intentional change determination Created: 2017/03/08 Updated: 2018/02/06 Resolved: 2017/11/23
|Fix Version/s:||PUP 5.3.4, PUP 5.4.0|
|Reporter:||Nick Lewis||Assignee:||Pieter Loubser|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Template:||PUP Bug Template customfield_10700 179345|
|Epic Link:||SCR Platform Fixes|
|Team:||Security, Compliance, & Reporting|
|Sprint:||SCR 2017-11-01, SCR 2017-11-15, SCR 2017-11-29|
|Release Notes:||Bug Fix|
|Release Notes Summary:||Puppet will now correctly report corrective vs intentional change if a resource had been previously skipped based on tag filtering.|
|QA Risk Assessment:||Needs Assessment|
The agent uses a transaction persistence file to store the previous desired state (or actual state? unclear) which it can compare to the current state on the next run. That file seems to only include resources that are actually managed on a given run, so any resource that is skipped due to tags is omitted. That causes the agent to think that every change is intentional the next time around.
I expect this is also broken for resources which are skipped due to failed dependencies, though I haven't tested that.
|Comment by Scott Walker [ 2017/10/16 ]|
Here's the problem.
Imagine we have 5 resources and so some Puppet runs:
Today, the policy is: “record state for whatever resources we touched and infer the rest should be discarded because they have been deleted from the catalog".
It needs to be: “update state for whatever was touched, discard whatever is explicitly no longer in the catalog, leave the remaining resources alone".
The next step is to scope out how much work it would take to fix.
Thanks Pieter Loubser for the help.
|Comment by Scott Walker [ 2017/10/17 ]|
|Comment by Scott Walker [ 2017/10/26 ]|
Nick Lewis If you've time, would you mind taking a look at this one?
|Comment by Josh Cooper [ 2017/11/13 ]|
Merged to 5.3.x in 3f4e474d085f28d4cf18472ade92b1cdc1731691, master in fbab1ea728a703b540df0100cfab014b3ad27549
|Comment by Kenn Hussey [ 2018/01/02 ]|
Josh Cooper please provide release notes for this issue, if needed. Thanks!