Issue #2391 has been updated by Brice Figureau.
Brice Figureau wrote: > Hi, > > While working on #2377, I found that: > [...] > doesn't produce any resource record in the resources table. > Adding a collection to the manifest solve the issue. > > Analysis of the issue: > > The problem is that the catalog that is saved by the active_record > indirection doesn't contain any exported resource. > This is because: > Puppet::Resource::Catalog#to_catalog is never considering the virtual > resources. > Since exported resources are virtual resources they're lost here. > > The solution is easy, just make sure exported resources are considered, the > issue is that I don't really know the drawbacks and I'm afraid it can send to > the client exported resources outside of the context of a collection. > > I'm marking this bug "Needs Design Decision", and I'll produce a fix once > I'll know what to do :-) Yes, that's more tricky than I even first thought. The issue is that if we allow exported resource to make to the catalog, the client got them and applies them, because: * the client "find" the catalog * the server compiles the manifests, and issue a catalog containing exported resources * the server stores this catalog the the database (through the cache save mechanism) * the server returns the catalog to the client, which still contains the exported resources I've fixed the issue by filtering out the resources client side when converting the catalog to the RAL. But that leaves the issue that the client still can see the exported resources. That might not be a big deal, but still it is more data to transfer (and marshall), and an information disclosure. I'm posting the patch to puppet-dev. ---------------------------------------- Bug #2391: Exported resource never make to active_record if they're not collected. http://projects.reductivelabs.com/issues/2391 Author: Brice Figureau Status: Needs design decision Priority: High Assigned to: Luke Kanies Category: Rails Target version: 0.25.0 Complexity: Easy Affected version: 0.25.0beta2 Keywords: rails exported collected catalog Hi, While working on #2377, I found that: <pre> node a { @@file { "/tmp/a" : content => "a" } } </pre> doesn't produce any resource record in the resources table. Adding a collection to the manifest solve the issue. Analysis of the issue: The problem is that the catalog that is saved by the active_record indirection doesn't contain any exported resource. This is because: Puppet::Resource::Catalog#to_catalog is never considering the virtual resources. Since exported resources are virtual resources they're lost here. The solution is easy, just make sure exported resources are considered, the issue is that I don't really know the drawbacks and I'm afraid it can send to the client exported resources outside of the context of a collection. I'm marking this bug "Needs Design Decision", and I'll produce a fix once I'll know what to do :-) -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
