-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(CAT-761) Add custom_generate as a feature #316
(CAT-761) Add custom_generate as a feature #316
Conversation
f9847cc
to
4e5ead5
Compare
# Ensure that a custom `generate` method has been created within the provider | ||
raise(Puppet::DevError, 'No generate method found within the types provider') unless my_provider.respond_to?(:generate) | ||
# Call the providers custom `generate` method | ||
rules_resources = my_provider.generate(context, title, is_hash, should_hash) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Confusingly puppet's type and provider system supports two styles of generating resources on the agent: generate
and eval_generate
, and I assume this is relying on the former?
If a Puppet::Type::<name>
class implements the generate
method, then it will be called early on in the agent's catalog application process, before any resources have been managed. This is often the wrong thing to do, because there's no guarantee any of the other resources in the catalog have reached their desired state before this resource's generate
method is called.
The generally more useful method is eval_generate
, because it is called while this resource is being evaluated. So all of its dependencies have already been managed/enforced. For example, the Puppet::Type::File
class implements eval_generate
, which is needed for recursive directory operations. We have to use eval_generate
since all of the parent directories need to be managed with the correct permissions before we try to recurse: https://github.com/puppetlabs/puppet/blob/fde57136980d63bd2a64532ad74f750cc3b73bc7/lib/puppet/type/file.rb#L531
However, if a type implements prefetching, then you may be forced to use generate
. For example, see https://tickets.puppetlabs.com/browse/PUP-2718?focusedCommentId=839874&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-839874 and our attempts to switch sshkeys
from generate
to eval_generate
and back to generate
in PUP-11320.
If the resource API doesn't support prefetching, then I would recommend using eval_generate
instead. It's usually how people assume generate
works.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this case I think that generate
is preferred as we actively want the resources being fetched to be overwritten.
By that I mean we are generating delete commands against all active Firewall rules on the chain and then letting the catalog overwrite any that we actually need.
From the way you described eval_generate
I am not sure in would work in the same way.
Or I may have just misunderstood you.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@joshcooper ??
Allows the generate function to be utilized in order to manually create an array of types to be enforced. Used within the firewall module in order to enact the Purge functionality.
eff9056
to
fad616a
Compare
@joshcooper Have updated the PR to add a |
fad616a
to
35dc204
Compare
Purge tests disabled pending merge and release of resource_api change: puppetlabs/puppet-resource_api#316
- Update boolean attributes to always return a value. - Update `dst_type` and `src_type` to accept unique values. - Update `nflog_prefix` to correctly quote passed in variables and expect quotes when retrieving them. - Update `source` and `destination` to add a mask when needed. - Update `sport` and `dport` to allow a `-` when submitting a range. - Move `nflog_prefix` size check to validate due to issues with passing size restricted string to a type - Purge tests disabled pending merge and release of resource_api change: puppetlabs/puppet-resource_api#316
- Update boolean attributes to always return a value. - Update `dst_type` and `src_type` to accept unique values. - Update `nflog_prefix` to correctly quote passed in variables and expect quotes when retrieving them. - Update `source` and `destination` to add a mask when needed. - Update `sport` and `dport` to allow a `-` when submitting a range. - Purge tests disabled pending merge and release of resource_api change: puppetlabs/puppet-resource_api#316 - Set type of `nflog_prefix` to String as refining it to String[1] or String[1, 64] causes errors on Puppet 8.
- Update boolean attributes to always return a value. - Update `dst_type` and `src_type` to accept unique values. - Update `nflog_prefix` to correctly quote passed in variables and expect quotes when retrieving them. - Update `source` and `destination` to add a mask when needed. - Update `sport` and `dport` to allow a `-` when submitting a range. - Purge tests disabled pending merge and release of resource_api change: puppetlabs/puppet-resource_api#316 - Set type of `nflog_prefix` to String as refining it to String[1] or String[1, 64] causes errors on Puppet 8.
Allows the generate function to be utilized in order to manually create an array of types to be enforced.
The
generate
method is called prior to the resource being managed.There is a second
eval_generate
method that is called after it has been, which may be good to add at a later date.