Issue #5408 has been updated by Matt Robinson. Status changed from Available In Testing Branch to Code Insufficient
This wasn't fully tested before it went in and a lot more development has happened since it was checked in. ---------------------------------------- Bug #5408: Puppet should allow audited attributes to also be managed https://projects.puppetlabs.com/issues/5408 Author: Jeff McCune Status: Code Insufficient Priority: High Assignee: Nigel Kersten Category: auditing/compliance Target version: 2.6.5 Affected Puppet version: 2.6.3 Keywords: ae8890f89d318e0c2716bb0d9ba4e90e auditfixup iteration_2010-12-01 Branch: Overview ======== Puppet currently does not allow a resource attribute to be audited and managed in the same catalog run. If a resource attribute is both audited and managed then management trumps auditing and the attribute is managed, not audited. File { mode => "0644" } file { "/tmp/audit_and_managed.txt": audit => [ "content", "mode", "owner", ], } In this example, the mode attribute is both managed and audited. In the state.yaml file tracking audit data the mode attribute is not listed. "File[/tmp/audit_and_managed.txt]": !ruby/sym checked: 2010-11-24 17:35:50.081238 -08:00 !ruby/sym content: "{md5}cfe710620b5fc76e4dc817034a21ecb4" !ruby/sym owner: 402 Expected Behavior ================= When a resource attribute is both managed and audited using the audit meta-parameter, I expect puppet to first record the state of the resource as it is _before_ being managed. In the example in the overview section, if /tmp/audit_and_managed.txt has a mode of "0600" then I expect 0600 to be recorded in the audit system and Puppet to manage the state to 0644, reporting the resource as out of state and transitioned to in-state as normal. Actual Behavior =============== The state of a resource attribute being managed is not recorded. If /tmp/audit_and_managed.txt is 0600 and Puppet manages the state to 0644 during a catalog run, the fact the file was 0600 is lost and not recorded in the auditing system. Steps to Reproduce ================== The manifests in 2.6.3 reproduces the issue: File { mode => "0644" } file { "/tmp/audit_and_managed.txt": audit => [ "content", "mode", "owner", ], } The $vardir/state/state.yaml file does not contain the mode attribute information while the mode attribute is being managed and audited. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
