Jira (PUP-8638) Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc...
Title: Message Title Henrik Lindberg commented on PUP-8638 Re: Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc... Eric Sorenson yes, closed this in favor of 1434 which has more information and other tickets (deprecation) linked to it. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8638) Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc...
Title: Message Title Eric Sorenson commented on PUP-8638 Re: Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc... Isn't this a dup of PUP-1434? Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8638) Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc...
Title: Message Title Henrik Lindberg commented on PUP-8638 Re: Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc... It can be done as part of validation - an autoloaded piece of code should only contain the expected definition (or possibly multiple definitions). Other problems in the same category is defining the wrong name (a foo::myclass) inside of another module's class bar::someohterclass. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8638) Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc...
Title: Message Title Nick Walker updated an issue Puppet / PUP-8638 Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc... Change By: Nick Walker CS Priority: Needs Priority Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8638) Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc...
Title: Message Title Nick Walker updated an issue Puppet / PUP-8638 Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc... Change By: Nick Walker Priority: Normal Major Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8638) Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc...
Title: Message Title Nick Walker commented on PUP-8638 Re: Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc... Henrik Lindberg I spoke with Josh Cooper about this issue and he thought you might have ideas on how this could be implemented. I'm hoping we can agree that the side-effects of unknowingly applying puppet code to your entire infrastructure because we don't have a way to fail compilation under this scenario is a serious problem that requires consideration. cc Reid Vandewiele Charlie Sharpsteen Jarret Lavallee Eric Sorenson Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8638) Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc...
Title: Message Title
Nick Walker updated an issue
Puppet / PUP-8638
Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc...
Change By:
Nick Walker
h1. The Problem You should not be able to accidentally include a class, resource, etc... on all nodes because of an incorrectly coded puppet module. *Actual Behavior:*Writing an init.pp for the module testmod that looks like the following: {code}class testmod { notify { 'hello_world':message => 'I am supposed to be here.' }}include testmod{code}Will cause testmod to be classified on all nodes as soon as testmod is parsed for any reason. h1. Suggested SolutionWe have a setting called [freeze_main|https://puppet.com/docs/puppet/5.5/configuration.html#freezemain] which sounds like it's supposed to provide a way to prevent this sort of behavior and it does for the simplest case but it seems to have an issue with our file resource default that sets backup => false in site.pp and with custom data types. I believe we should have a setting like freeze_main that allows the customer to enable the compiler to fail out if code is included outside of a class definition, defined type, etc...We should have a way to add resource defaults either in site.pp or some other way since the most common reason I can think of to have code outside of a class definition is for resource defaults in site.pp. h1. Customer ImpactThe issue may seem small but the result on user's systems is extremely severe. You apply puppet code to a node that isn't expecting it and it may be next to impossible to reverse those changes completely. If you apply certain firewall, security settings, or other low level settings you may actually take a node out of commission. h1. Related tickets https://tickets.puppetlabs.com/browse/PUP-8536https://tickets.puppetlabs.com/browse/PUP-2973https://tickets.puppetlabs.com/browse/PE-893 https://tickets.puppetlabs.com/browse/PUP-8637
Add Comment
Jira (PUP-8638) Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc...
Title: Message Title
Nick Walker created an issue
Puppet / PUP-8638
Puppet Compilation should fail if code is included outside of class definitions / node definitions / etc...
Issue Type:
New Feature
Assignee:
Unassigned
Created:
2018/04/06 1:08 PM
Priority:
Normal
Reporter:
Nick Walker
The Problem You should not be able to accidentally include a class, resource, etc... on all nodes because of an incorrectly coded puppet module. Actual Behavior: Writing an init.pp for the module testmod that looks like the following:
class testmod {
notify { 'hello_world':
message => 'I am supposed to be here.'
}
}
