Skip to content

(#9862) Do not manage the group if it doesn't exist#1344

Merged
hlindberg merged 14 commits intopuppetlabs:masterfrom
zaphod42:issue/master/9862-cannot-run-without-puppet-group
Jan 2, 2013
Merged

(#9862) Do not manage the group if it doesn't exist#1344
hlindberg merged 14 commits intopuppetlabs:masterfrom
zaphod42:issue/master/9862-cannot-run-without-puppet-group

Conversation

@zaphod42
Copy link
Contributor

The previous behavior for managing the group of a file meant that if the
group didn't exist puppet errored when trying to set permissions. This
changes the behavior to check for the existance of the group and in the
case of the group not existing (and we don't expect it to be created
because :mkusers is false) then the group is not managed.

There were several alternatives that were possible:

  • use the primary group of the "root" user
    • use the primary group of the :owner for the file

Neither of these were compellingly better alternatives, since this should
only be happening when puppet hasn't been fully configured on the system.

The previous tests around the owner behavior for a file setting did very
little to test the logic around what actual owner will be used when.
This commit changes the tests to make them more clearly define the
behavior of the owner selection.
The previous tests for group behaviour of the file setting was not very
clear as to the logic it tried to implement. This changes the tests and
makes clear that the group behavior is a little odd in that if 'root' is
specified it still uses the service group.
Now that the behavior around selecting the right owner and group is
explicitly tested there is no need for the tests around the internal
method to determine whether to use a service user or not. This removes
those tests and fixes up the names of some of the replacement tests.
The previous error message for an invalid owner looked like:

  Error: Could not intialize global default settings: Internal error: The :owner setting for Where Puppet stores dynamic and growing data.  The default for this setting is calculated specially, like `confdir`_.: vardir must be either 'root' or 'service', not 'gnats'

That message was not very clear as to what had just gone wrong because
it is providing far too much information. This commit changes the
message too:

  Error: Could not intialize global default settings: The :owner parameter for the setting 'vardir' must be either 'root' or 'service', not 'gnats'

This applies to both the owner and group parameters.
The error message for the group parameter had gotten out of sync with
what the allowed values actually were. This updates the message to
include all of the allowed values.
The previous behavior allowed the group parameter to be set to root, but
it still selected the configured "service" group. This is contrary to
what is done for the owner parameter and seems to have been an
accidental behavior.

This commit brings this portion of the group handling in line with user.
The previous behavior for managing the group of a file meant that if the
group didn't exist puppet errored when trying to set permissions. This
changes the behavior to check for the existance of the group and in the
case of the group not existing (and we don't expect it to be created
because `:mkusers` is false) then the group is not managed.

There were several alternatives that were possible:

  * use the primary group of the "root" user
  * use the primary group of the `:owner` for the file

Neither of these were compellingly better alternatives, since this
should only be happening when puppet hasn't been fully configured on the
system.
The logic for testing if a group or user were available tried to
short-circuit, but ended up being less clear than if it just branched.
It also created a variable that wasn't actually used later.
This checks to make sure that when puppet is run without a specific
user/group present it doesn't fail. Instead it just ignores the given
user. When a user/group is present then it will manage the ownership.
The previous tests were not very careful about making sure that they
were going to be going down the right branches to test the path that
they wanted. This makes some of the branch selection more explicit so
make the tests a bit more robust to change.
Some core logic of the setting, which is how to manage the user and
group, was hidden inside obtuse if conditions. This tries to make it
clearer what is happening, at the expense of being longer, by promoting
the different values available for owner and group to classes that can
contain the logic for how to deal with that particular value.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest a proper yardoc comment when writing something new. Say, something like this:

  # Returns whether the group exists or not by delegating to the associated provider.
  # @return [Boolean] whether the group exists or not.

What is the value of the comment "Yay breaking out of APIs" ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, just copy and pasted from what is done in user.rb. I should have changed that.

This adds YARD docs for methods and classes that are part of managing
owners and groups of files (and directories).
hlindberg added a commit that referenced this pull request Jan 2, 2013
…ithout-puppet-group

(#9862) Fix puppet cannot run without puppet group on the system
@hlindberg hlindberg merged commit 21266eb into puppetlabs:master Jan 2, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants