Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent data from DSC #116

Closed
bwilcox opened this issue Mar 4, 2021 · 2 comments
Closed

Inconsistent data from DSC #116

bwilcox opened this issue Mar 4, 2021 · 2 comments
Assignees
@david22swan
Labels
bug Something isn't working

Comments

@bwilcox
Copy link
Contributor

bwilcox commented Mar 4, 2021

Describe the Bug

using dsc_securityoption we ran into a parameter where the resource expects an array value, but once set DSC is returning a hash value. I'm not sure if this is an issue in how pwshlib is interpreting the return, or if it's something DSC itself that isn't right.

On the first run we see this:

Notice: /Stage[main]/Main/Dsc_securityoption[Restric clients allowed to make remote calls to SAM]/dsc_network_access_res
trict_clients_allowed_to_make_remote_calls_to_sam: dsc_network_access_restrict_clients_allowed_to_make_remote_calls_to_s
am changed [] to [
  {
    'identity' => 'Administrators',
    'permission' => 'Allow'
  }]

Puppet makes a change because the current value doesn't match the desired. However on subsequent runs we see this:

Notice: /Stage[main]/Main/Dsc_securityoption[Restric clients allowed to make remote calls to SAM]/dsc_network_access_res
trict_clients_allowed_to_make_remote_calls_to_sam: dsc_network_access_restrict_clients_allowed_to_make_remote_calls_to_s
am changed {
  'permission' => undef,
  'identity' => undef
} to [
  {
    'identity' => 'Administrators',
    'permission' => 'Allow'
  }]

If we try to change the value to hash we get an error because the type doesn't like it:

PS C:\Users\Administrator\test\securitypolicydsc> puppet apply .\examples\test.pp --modulepath .\spec\fixtures\modules\
Notice: Compiled catalog for famed-wardrobe.delivery.puppetlabs.net in environment production in 0.42 seconds
Error: Parameter dsc_network_access_restrict_clients_allowed_to_make_remote_calls_to_sam failed on Dsc_securityoption[Restric clients allowed to make remote calls to SAM]: dsc_securityoption.dsc_network_access_restrict_clients_allowed_to_make_remote_calls_to_sam expects a value of type Undef or Array, got Struct
PS C:\Users\Administrator\test\securitypolicydsc>

Looking at the run with pry, here's what's being reported back:

[89] pry(#<Puppet::Provider::DscSecurityoption::DscSecurityoption>)> key
=> :dsc_network_access_restrict_clients_allowed_to_make_remote_calls_to_sam
[90] pry(#<Puppet::Provider::DscSecurityoption::DscSecurityoption>)> value
=> {"permission"=>nil, "identity"=>nil}
[91] pry(#<Puppet::Provider::DscSecurityoption::DscSecurityoption>)> downcased_resource[key]
=> [{"identity"=>"administrators", "permission"=>"allow"}]
[92] pry(#<Puppet::Provider::DscSecurityoption::DscSecurityoption>)> is_same
=> false

Expected Behavior

Expect the resource to behave idempotently.

Steps to Reproduce

Example Puppet Code:

$value = [{
    'identity' => 'Administrators',
	'permission' => 'Allow'
  }]

dsc_securityoption { 'Restric clients allowed to make remote calls to SAM':
  dsc_name => 'Restrict clients allowed to make remote calls to SAM',
  dsc_network_access_restrict_clients_allowed_to_make_remote_calls_to_sam => $value,
}

Environment

pwshlib 0.8.0
securitypolicydsc = Custom build with preview3 and Michael Lombardi's pull request included.

Additional Context

Add any other context about the problem here.
@bwilcox bwilcox added the bug Something isn't working label Mar 4, 2021
@michaeltlombardi michaeltlombardi mentioned this issue Apr 20, 2021
Closed
12 tasks
@michaeltlombardi
Copy link
Contributor

michaeltlombardi commented Jun 28, 2021
edited by david22swan

Validation Environment:

  • Operating System: Windows Server 2019
  • Puppet.Dsc Version: 0.6.0
  • PDK Version: 2.1.1
  • Puppet Version: 7.8.0
  • puppetlabs-pwshlib Version: 0.9.0
  • SecurityPolicyDsc Version: 2.10.0.0

Verification Steps

First, install the PDK and Puppet. Then build dsc-securitypolicydsc from the latest release of Puppet.Dsc and install it:

Install-Module Puppet.Dsc -RequiredVersion '0.6.0'
Import-Module Puppet.Dsc
New-PuppetDscModule -PowerShellModuleName 'SecurityPolicyDsc' -PowerShellModuleVersion '2.10.0.0' -PuppetModuleAuthor 'dsc'
Push-Location ./import/securitypolicydsc
pdk build
puppet module install ./pkg/dsc-securitypolicydsc-2.10.0-0-0.tar.gz

Manifest: non_idempotent.pp

$value = [{
    'identity' => 'Administrators',
	'permission' => 'Allow'
  }]
dsc_securityoption { 'Restric clients allowed to make remote calls to SAM':
  dsc_name => 'Restrict clients allowed to make remote calls to SAM',
  dsc_network_access_restrict_clients_allowed_to_make_remote_calls_to_sam => $value,
}

Manifest: idempotent.pp

idempotent.pp
$value = [{
    'identity' => 'Administrators',
	'permission' => 'Allow'
  }]

dsc_securityoption { 'Restric clients allowed to make remote calls to SAM':
  validation_mode => 'resource'
  dsc_name => 'Restrict clients allowed to make remote calls to SAM',
  dsc_network_access_restrict_clients_allowed_to_make_remote_calls_to_sam => $value,
}

Acceptance Criteria:

Manual verification that:

  • Running puppet apply non_idempotent.pp twice results in flapping
  • Running puppet apply idempotent.pp twice does not flap

@david22swan
Copy link
Member

Everything ran as expected so this issue can be closed
Screen Shot 2021-06-29 at 5 20 07 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@david22swan david22swan

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bwilcox @michaeltlombardi @david22swan