The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #6017

MCX provider doesn't overwrite existing MCX data

Added by Clay Caviness over 3 years ago. Updated 10 months ago.

Status:ClosedStart date:01/26/2011
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:OSX
Target version:3.3.0
Affected Puppet version: Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.


Description

If a directory service resource has pre-existing MCX data, the mcx provider will not remove it – it will only append.

This means that all subsequent puppet runs will see the existing MCX data and re-apply the mcx resource … which of course won’t overwrite the existing MCX data, etc.

In this case, I think an “mcxdelete” on the existing directory service resource will remove all mcx, at which point the “mcximport” will work and the resource will have only the correct MCX.

Example: Assume an existing group, testgroup. Add some MCX data to it:

# dscl . -mcxset /Groups/testgroup existing_domain existing_key always 1
Password: 
$ dscl . -mcxread /Groups/testgroup
App domain: existing_domain
Key: existing_key
State: always
Value: 1

Apply puppet manifest with different MCX data:

mcx_group.pp:
mcx { "/Groups/testgroup":
  ensure => present,
  content => '<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>some.domain</key>
    <dict>
        <key>some.key</key>
        <dict>
            <key>state</key>
            <string>always</string>
            <key>value</key>
            <string>1</string>
        </dict>
    </dict>
</dict>
</plist>
',
}
[...]
notice: /Stage[main]//Mcx[/Groups/testgroup]/content: content changed '<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>existing_domain</key>
    <dict>
        <key>existing_key</key>
        <dict>
            <key>state</key>
            <string>always</string>
            <key>value</key>
            <string>1</string>
        </dict>
    </dict>
</dict>
</plist>
' to '<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>some.domain</key>
    <dict>
        <key>some.key</key>
        <dict>
            <key>state</key>
            <string>always</string>
            <key>value</key>
            <string>1</string>
        </dict>
    </dict>
</dict>
</plist>
'
[...]

Note that the pre-existing MCX data is still in the record:

$ dscl . -mcxread /Groups/testgroup
App domain: existing_domain
Key: existing_key
State: always
Value: 1

App domain: some.domain
Key: some.key
State: always
Value: 1

History

#1 Updated by Nigel Kersten over 3 years ago

  • Status changed from Unreviewed to Accepted

#2 Updated by Devon Peters over 2 years ago

  • Category set to OSX
  • Target version set to 3.x

#3 Updated by Clay Caviness over 2 years ago

I haven’t tested, just glanced at the code, but I wonder if doing a dscl 'localhost', '-mcxdelete', ds_path just before line 118 in mcxcontent.rb would solve this.

#4 Updated by Clay Caviness over 2 years ago

Just tested, and I think this works. I added dscl 'localhost', '-mcxdelete', ds_path just before line 114 in mcxcontent.rb, which simply removes MCX from the path before importing new content.

#5 Updated by Clay Caviness over 2 years ago

I’m not sure if this is the most “proper” method – should it instead call the destroy method? In any case, my limited testing shows it working.

#6 Updated by Gary Larizza over 2 years ago

The destroy method is only used when you want to ensure something :absent. If I get free time this week, I’ll throw the code in a branch, test it out, and try to write tests for it to see if it breaks any expected behavior.

#7 Updated by Clay Caviness about 1 year ago

I created https://github.com/puppetlabs/puppet/pull/1796 for this (hopefully) simple solution.

#8 Updated by Andrew Parker about 1 year ago

  • Status changed from Accepted to Merged - Pending Release

#9 Updated by Andrew Parker about 1 year ago

  • Target version changed from 3.x to 3.3.0

#10 Updated by Andrew Parker 10 months ago

  • Status changed from Merged - Pending Release to Closed

Released in 3.3.0

#11 Updated by Andrew Parker 10 months ago

Released in 3.3.0

Also available in: Atom PDF