Issue #13934 has been updated by Eric Shamow.
Kelsey, Totally agree - and we should be able to trigger a wide array of actions from this, possibly including halting agent execution. "If IP address changes, DO NOT RUN." -Eric ---------------------------------------- Feature #13934: Mark some facts immutable https://projects.puppetlabs.com/issues/13934#change-60718 Author: Wolf Noble Status: Needs Decision Priority: Normal Assignee: Category: security Target version: Affected Puppet version: Keywords: facter, security, snowflake, Branch: So I think there's a benefit to be had from having the ability to flag certain facts derived from the client as "immutable", and then be able to act "differently" should those facts change. Differently could be ceasing to provide a catalog to the potentially compromised server reporting a custom fact suddenly different, or sending an email because a dimm died and the server suddenly has less memory than it did before, or ... Certain facts are generated on the client. there's no real way around that. having the ability to tell the puppetmaster that should X, Y, or Z fact change something is drastically wrong and do something about it seems like a good tool to have in the shed, even if it's only used on occasion. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
