[PUP-9562] User resource does not respect forcelocal for the comment parameter Created: 2019/03/14  Updated: 2019/11/18  Resolved: 2019/11/06

Status: Resolved
Project: Puppet
Component/s: Types and Providers
Affects Version/s: PUP 5.5.10
Fix Version/s: PUP 6.11.0

Type: Bug Priority: Minor
Reporter: Jarret Lavallee Assignee: Gabriel Nagy
Resolution: Fixed Votes: 0
Labels: resolved-issue-added
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Puppet 5.5.x with LDAP configured on EL 5.x


Template: PUP Bug Template
Team: Night's Watch
Story Points: 5
Sprint: NW - 2019-10-16, NW - 2019-10-30, NW - 2019-11-13
Method Found: Customer Feedback
Release Notes: Bug Fix
Release Notes Summary: Prior to this fix, a user resource configured with forcelocal would still try to sync the comment with the external directory services, meaning that subsequent Puppet runs would not be idempotent.

To fix this, we compare the `in_sync` with the contents of the local `/etc/passwd` file.

 Description   

A user resource configured with forcelocal will still try to sync the comment with the external directory services. It does use the `lusermod` to modify the local `/etc/passwd` to the comment specified in the user resource, but it compares the `in_sync` with the external directory services, meaning that it always updates the comment on catalog compilation.

Reproduction:
1. Configure an agent with LDAP
2. Ensure nsswitch.conf has LDAP before `files` for `passwd`
3. Add a user to LDAP with a comment. Below is an example user.

testuser:*:510:10:test:/home/test:/bin/bash

4. Apply the following manifest on the agent multiple times and observe that it tries to update the comment every time.

user{'test':
  ensure => present,
  forcelocal => true,
  comment => 'local comment',
  uid => '510',
  gid => '10',
}

Expected Behavior:
The agent should check the local passwd file for the comment as per https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/user/useradd.rb#L58-L72


Generated at Mon Dec 09 14:04:40 PST 2019 using JIRA 7.7.1#77002-sha1:e75ca93d5574d9409c0630b81c894d9065296414.