Issue #5408 has been reported by Jeff McCune.
----------------------------------------
Bug #5408: Puppet should allow audited attributes to also be managed
https://projects.puppetlabs.com/issues/5408
Author: Jeff McCune
Status: Unreviewed
Priority: Normal
Assignee: Nigel Kersten
Category: auditing/compliance
Target version:
Affected Puppet version: 2.6.3
Keywords: ae8890f89d318e0c2716bb0d9ba4e90e
Branch:
Overview
========
Puppet currently does not allow a resource attribute to be audited and managed
in the same catalog run. If a resource attribute is both audited and managed
then management trumps auditing and the attribute is managed, not audited.
File { mode => "0644" }
file { "/tmp/audit_and_managed.txt":
audit => [ "content", "mode", "owner", ],
}
In this example, the mode attribute is both managed and audited. In the
state.yaml file tracking audit data the mode attribute is not listed.
"File[/tmp/audit_and_managed.txt]":
!ruby/sym checked: 2010-11-24 17:35:50.081238 -08:00
!ruby/sym content: "{md5}cfe710620b5fc76e4dc817034a21ecb4"
!ruby/sym owner: 402
Expected Behavior
=================
When a resource attribute is both managed and audited using the audit
meta-parameter, I expect puppet to first record the state of the resource as it
is _before_ being managed. In the example in the overview section, if
/tmp/audit_and_managed.txt has a mode of "0600" then I expect 0600 to be
recorded in the audit system and Puppet to manage the state to 0644, reporting
the resource as out of state and transitioned to in-state as normal.
Actual Behavior
===============
The state of a resource attribute being managed is not recorded. If
/tmp/audit_and_managed.txt is 0600 and Puppet manages the state to 0644 during
a catalog run, the fact the file was 0600 is lost and not recorded in the
auditing system.
Steps to Reproduce
==================
The manifests in 2.6.3 reproduces the issue:
File { mode => "0644" }
file { "/tmp/audit_and_managed.txt":
audit => [ "content", "mode", "owner", ],
}
The $vardir/state/state.yaml file does not contain the mode attribute
information while the mode attribute is being managed and audited.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
