Issue #4633 has been updated by Paul Berry.
On further investigation, I found that Puppet's code for flattening arrays is
inconsistent:
1. The parser recursively flattens out any array whose first element is also an
array. So, for example, this:
<pre>
ssh_authorized_key { key1: options => [[[a, b], c], d]
</pre>
parses exactly the same as:
<pre>
ssh_authorized_key { key2: options => [a, b, c, d]
</pre>
2. The ASTArray#evaluate method flattens out any array that contains an array,
but it doesn't always flatten out more deeply-nested arrays. So this:
<pre>
[a, [b, [c, d]]]
</pre>
evaluates to this:
<pre>
[a, b, [c, d]]
</pre>
3. further flattening is performed by the ssh_authorized_key provider, in the
is_to_s() and should_to_s() methods. But these methods are called too late to
avoid the idempotence problem.
This is a fairly benign bug, but I am currently touching this code, and the
behavior is inconsistent enough that I would prefer to change it to the desired
behavior rather than try to preserve the existing inconsistent semantics.
Based on a conversation with Luke this morning, I think our best option is
probably to modify the ASTArray#evaluate method so that it completely flattens
out arrays of arrays, and remove the flattening logic from the parser.
----------------------------------------
Bug #4633: Array flattening breaks idempotence
http://projects.puppetlabs.com/issues/4633
Author: Paul Berry
Status: Accepted
Priority: Normal
Assignee: Paul Berry
Category:
Target version:
Affected version:
Keywords:
Branch:
Using this manifest:
<pre>
ssh_authorized_key { key1:
user => pberry,
target => '/tmp/authorized_keys',
type => ssh-rsa,
key => 0123456789,
options => [a, [b, [c, d]]]
}
</pre>
the first time I run "puppet apply init.pp" I get this output:
<pre>
notice: /Stage[main]//Ssh_authorized_key[key1]/ensure: created
</pre>
which is expected. If I look at the generated authorized_keys file I see that
the options array has been "flattened out" from [a, [b, [c, d]]] to "a,b,c,d":
<pre>
# HEADER: This file was autogenerated at Thu Aug 26 09:08:14 -0700 2010
# HEADER: by puppet. While it can still be managed manually, it
# HEADER: is definitely not recommended.
a,b,c,d ssh-rsa 0123456789 key1
</pre>
I'm not sure whether a naive user would have expected this, but it seems
reasonable given that ssh doesn't allow options to be arrays.
However, when I run the manifest again, I get this output:
<pre>
notice: /Stage[main]//Ssh_authorized_key[key1]/options: options changed
'a,b,c,d' to 'a,b,c,d'
</pre>
Because of the use of nested arrays, Puppet gets confused and thinks the
options have changed when they haven't, so it attempts to re-write the
authorized_keys file every time it is run.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
