Issue #8609 has been updated by Daniel Pittman.
On investigation, this turns out to be a confluence of painful things. Specifically, the `file` type is invoked and managed in the `inspect` application in a way that results in fetching the data from the server using code that is absolutely common with the `apply` code path. Specifically, when loaded and transformed for auditing, the `file` type will initialize `:owner, :mode, :group, :checksum, :ensure, :target` if they are missing and applicable, which results in fetching the content from the server. Theoretically, if you supplied all of those it would work, but that isn't exactly possible for, eg, `:checksum`. Unfortunately, that code is a ways down the stack and has no context to match that this is for inspection rather than application. The short term fix is either to encode into `file` that it shouldn't fetch when inspecting, or into `inspect` that it should hack around this limitation of the `file` type. Of those two, the later is the least worst choice for an immediate-term fix. That would be deleting the `:source` from the `ral_resource` before we transform it. In the longer term we probably want to rewrite the `inspect` application so that it doesn't go through this path; it should reasonably be able to correlate the catalog items and data fetched directly from the RAL without the intermediate transformations along the way. That would skip the fetch stage, which is useful for catalogs and application, but not inspection. ---------------------------------------- Bug #8609: Puppet auditing shouldn't consult server-side files from a "source" parameter https://projects.puppetlabs.com/issues/8609 Author: Nigel Kersten Status: Accepted Priority: High Assignee: Category: Target version: 2.6.x Affected Puppet version: 2.6.9 Keywords: Branch: >From #8418, <blockquote> Talking with Nigel I realized that while the issue with puppet inspect not using run-mode correctly still needs to be fixed (and I believe is in the attached branch), auditing still shouldn’t be needing to inspect the content of source files, it should only be inspecting the content of the file being managed on the puppet agent system. I imagine there’s some weirdness in the content and source attributes of the file resource that need to be disentangled a bit when auditing. </blockquote> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
