Issue #9337 has been updated by Nigel Kersten.
Yes, this isn't ideal, and I'm sorry, as the initial design decision was actually mine, so I created this crappy situation. It's much more difficult for us to model group membership as an attribute of the user, but we need to do it. In the meantime we do need to throw an error, and I'll get those bugs characterized soon. It definitely breaks the abstraction, and in the past I've considered ideas such as a 'groupmembership' type so that you can express intent like: * Ensure "nigel" is in group "admin" * Ensure "nigel" is not in group "admin" without having to actually manage "nigel" or "admin". I think this is a good move, primarily because it actually enforces a higher degree of abstraction, allowing us to work more easily with both kinds of systems, the ones that consider group membership to be an attribute of the user, and those that consider it to be an attribute of a group. Input much appreciated :) ---------------------------------------- Bug #9337: OS X Lion group membership not updated https://projects.puppetlabs.com/issues/9337 Author: David Thompson Status: Needs More Information Priority: Normal Assignee: Nigel Kersten Category: OSX Target version: Affected Puppet version: 2.7.3 Keywords: Branch: Switching to puppet (2.7.3) for managing my OS X Lion systems, I'm finding group membership not being updated. Couldn't find a dup for this, hope the information helps... Starting out, user dt is not a member of group dt-grp: <pre> # dscl . read /groups/dt-grp | grep GroupMembership GroupMembership: </pre> ...Run puppet, says it adds to the group: <pre> # puppet agent --test --environment production info: Caching catalog for cypress.keck.waisman.wisc.edu info: Applying configuration version '1315332406' notice: /Stage[main]/Users_test/User[dt]/groups: groups changed '' to 'dt-grp' notice: Finished catalog run in 0.89 seconds </pre> ...but the user still isn't part of the group: <pre> # dscl . read /groups/dt-grp | grep GroupMembership GroupMembership: </pre> ...Hrm, let's add the user manually...just like the puppet code does... <pre> # dseditgroup -o edit -n . -a dt dt-grp # dscl . read /groups/dt-grp | grep GroupMembership GroupMembership: dt </pre> ...But puppet still tries to add the user to the group... <pre> # puppet agent --test --environment production info: Caching catalog for cypress.keck.waisman.wisc.edu info: Applying configuration version '1315332406' notice: /Stage[main]/Users_test/User[dt]/groups: groups changed '' to 'dt-grp' notice: Finished catalog run in 0.83 seconds </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
