| Puppet Version: 6.19.1, 7.9.0
Puppet Server Version: N/A
OS Name/Version: CentOS 7 When setting forcelocal => true on a user resource, I'd expect all user attributes available via /etc/passwd to be used as the "is" value for the insync? check. This appears to not be the case for the home}] and {{shell attributes. Those are always checked against their values from directory services rather than from /etc/passwd, which means those attributes appear to change on each puppet run and the user resource is no longer idempotent. Desired Behavior: When an OS has directory services enabled (e.g. LDAP via SSSD), and with an /etc/passwd file containing:
nate:x:1000:1001:hello world:/opt/hello:/bin/zsh
|
This code should read "shell", "home", and "comment" all from /etc/passwd when comparing the "is" state to the "should" state:
user { 'nate': |
ensure => present, |
forcelocal => true, |
shell => '/bin/zsh', |
home => '/opt/hello', |
comment => 'hello world', |
}
|
Actual Behavior: Only "uid", "gid", "comment", and "groups" are fetched from /etc/passwd when forcelocal => true:
https://github.com/puppetlabs/puppet/blob/7.11.0/lib/puppet/provider/user/useradd.rb#L60-L78 "home" and "shell" are fetched from directory services, not from /etc/passwd. The user resource shows a change to "home" and "shell" on each Puppet run even though nothing is changing. |
