New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix self.instances #13
Conversation
While trying to query pam/su module keep getting absent status. It is the same for all pam resources.
|
@raphink Any update to this one? This would be a really useful feature as it would allow the possibility of adding some purging capabilities but first the instances needs to return something sensible. Currently the |
@crayfishx Honestly, I would deliberately cripple purging from PAM unless you set a parameter. That's about the scariest thing I can think of. |
lib/puppet/provider/pam/augeas.rb
Outdated
resources = [] | ||
aug.match("$target/*[label()!='#comment']").each do |spath| | ||
aug.match("/files/etc/pam.d/*//*[label()!='#comment']").each do |spath| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you want to deconflict between symlinks here or just list everything?
@trevor-vaughan I wasn't meaning native purging using the resources type, that would be scary, but once I could of course write this separately but it would make more sense to use the instances method of the pam provider. The use case we have for this is an installer that places pam.d/ entries in a service, but we want those to be different. At the moment both the Puppet added rules and installer added rules all go into the mix, I want a way to purge a specific pam service of unmanaged entries. |
@crayfishx So, is purging guaranteed to happen last? The problem that I always had with puppetlabs-firewall is that a failure somewhere in the catalog could leave your system inaccessible. It's one of the reasons that I keep using the simp-iptables module. There are some things that just need to be atomic. |
@trevor-vaughan probably getting a bit off topic for this ticket :-) but this isn't a case that's been reported yet though it's worth looking into. If you can simulate a scenario feel free to raise a ticket over there --> |
@crayfishx Fair enough. I did about 2 years ago. Sorry for the noise everyone! |
Better late than never, let's finish this… |
@crayfishx is that good for you? |
No description provided.