Issue #5408 has been updated by Matt Robinson.
Not sure why, but here's a manifest where content is both managed and audited
and it works:
<pre>
file { "/tmp/foo" :
ensure => present,
audit => content,
content => 'foo',
}
</pre>
However, a slightly different manifest produces an error:
<pre>
file { "/tmp/foo" :
ensure => present,
audit => content,
}
</pre>
err: /Stage[main]//File[/tmp/foo]: Could not evaluate: Could not retrieve
content for absent from filebucket: private method `sub' called for
:absent:Symbol at
/Users/matthewrobinson/work/puppet/test_data/genreportm/manifests/site.pp:4
----------------------------------------
Bug #5408: Puppet should allow audited attributes to also be managed
https://projects.puppetlabs.com/issues/5408
Author: Jeff McCune
Status: Accepted
Priority: High
Assignee: Nigel Kersten
Category: auditing/compliance
Target version:
Affected Puppet version: 2.6.3
Keywords: ae8890f89d318e0c2716bb0d9ba4e90e auditfixup iteration_2010-12-01
Branch:
Overview
========
Puppet currently does not allow a resource attribute to be audited and managed
in the same catalog run. If a resource attribute is both audited and managed
then management trumps auditing and the attribute is managed, not audited.
File { mode => "0644" }
file { "/tmp/audit_and_managed.txt":
audit => [ "content", "mode", "owner", ],
}
In this example, the mode attribute is both managed and audited. In the
state.yaml file tracking audit data the mode attribute is not listed.
"File[/tmp/audit_and_managed.txt]":
!ruby/sym checked: 2010-11-24 17:35:50.081238 -08:00
!ruby/sym content: "{md5}cfe710620b5fc76e4dc817034a21ecb4"
!ruby/sym owner: 402
Expected Behavior
=================
When a resource attribute is both managed and audited using the audit
meta-parameter, I expect puppet to first record the state of the resource as it
is _before_ being managed. In the example in the overview section, if
/tmp/audit_and_managed.txt has a mode of "0600" then I expect 0600 to be
recorded in the audit system and Puppet to manage the state to 0644, reporting
the resource as out of state and transitioned to in-state as normal.
Actual Behavior
===============
The state of a resource attribute being managed is not recorded. If
/tmp/audit_and_managed.txt is 0600 and Puppet manages the state to 0644 during
a catalog run, the fact the file was 0600 is lost and not recorded in the
auditing system.
Steps to Reproduce
==================
The manifests in 2.6.3 reproduces the issue:
File { mode => "0644" }
file { "/tmp/audit_and_managed.txt":
audit => [ "content", "mode", "owner", ],
}
The $vardir/state/state.yaml file does not contain the mode attribute
information while the mode attribute is being managed and audited.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
