Skip to content

Instantly share code, notes, and snippets.

@Iristyle

Iristyle/notes.md

Last active July 11, 2017 23:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Iristyle/d3e50e6add9abe9b8c441528f92551e9 to your computer and use it in GitHub Desktop.
Save Iristyle/d3e50e6add9abe9b8c441528f92551e9 to your computer and use it in GitHub Desktop.
Download ZIP
Comparing ACL on Puppet 4 / Puppet 5
Raw
notes.md

Need to collect

  • Output of puppet resource acl c:\windows
  • Output of test.pp manifest run (make sure c:\test directory is not present prior)
    • What's up with initial application always showing an empty []? (This appears to be a separate bug in all Puppet versions)
file { 'c:/test': ensure => 'directory' } ~>
acl { 'c:/test':
  purge => 'true',
  permissions => [
    { identity => 'Administrators', rights => ['full']},
	{ identity => 'ALL APPLICATION PACKAGES', rights => ['full']},
  ],
  inherit_parent_permissions => 'false',
}

Puppet 5 + Ruby 2.4.1p111 + ACL PR (PR fixes MODULES-5152)

C:\source\puppetlabs-acl

puppet resource

NOTE: this requires a patch to C:\source\puppetlabs-acl.bundle\gems\ruby\2.4.0\gems\puppet-5.0.0-x64-mingw32\lib\puppet\application\resource.rb

bundle exec puppet resource acl "c:\windows" --modulepath C:\source\puppetlabs-acl\spec\fixtures\modules\ --trace --debug --verbose

acl { 'c:\windows':
  group                      => 'S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464',
  inherit_parent_permissions => false,
  owner                      => 'S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464',
  permissions                => [
  {'identity' => 'NT SERVICE\TrustedInstaller', 'rights' => ['full'], 'affects' => 'self_only'},
  {'identity' => 'NT SERVICE\TrustedInstaller', 'rights' => ['full'], 'child_types' => 'containers', 'affects' => 'children_only'},
  {'identity' => 'NT AUTHORITY\SYSTEM', 'rights' => ['modify'], 'affects' => 'self_only'},
  {'identity' => 'NT AUTHORITY\SYSTEM', 'rights' => ['full'], 'affects' => 'children_only'},
  {'identity' => 'BUILTIN\Administrators', 'rights' => ['modify'], 'affects' => 'self_only'},
  {'identity' => 'BUILTIN\Administrators', 'rights' => ['full'], 'affects' => 'children_only'},
  {'identity' => 'BUILTIN\Users', 'rights' => ['read', 'execute'], 'affects' => 'self_only'},
  {'identity' => 'BUILTIN\Users', 'rights' => ['read', 'execute'], 'affects' => 'children_only'},
  {'identity' => 'CREATOR OWNER', 'rights' => ['full'], 'affects' => 'children_only'},
  {'identity' => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', 'rights' => ['read', 'execute'], 'affects' => 'self_only'},
  {'identity' => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', 'rights' => ['read', 'execute'], 'affects' => 'children_only'}],
}

1st run of manifest

bundle exec puppet apply C:\test.pp --modulepath C:\source\puppetlabs-acl\spec\fixtures\modules
Notice: Compiled catalog for f8hwnj18fjl5t5z.delivery.puppetlabs.net in environment production in 0.10 seconds
Notice: /Stage[main]/Main/File[c:/test]/ensure: created
Notice: /Stage[main]/Main/Acl[c:/test]/permissions: permissions changed [] to [{"identity"=>"BUILTIN\\Administrators", "rights"=>["full"]}, {"identity"=>"APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES", "rights"=>["full"]}]
Notice: /Stage[main]/Main/Acl[c:/test]/inherit_parent_permissions: inherit_parent_permissions changed true to 'false'
Notice: Applied catalog in 0.05 seconds
Warning: Event['previous_value'][0] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Administrators', rights => ["full"], is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["read", "execute"], is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '4', child_types => 'containers', is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '2', child_types => 'containers', is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'CREATOR OWNER', rights => ["full"], affects => 'children_only', is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5]['desired_value'][0] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Administrators', rights => ["full"] }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5]['desired_value'][0]['desired_value'][1] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', rights => ["full"] }'
Warning: Event['previous_value'][0] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Administrators', rights => ["full"], is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["read", "execute"], is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '4', child_types => 'containers', is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '2', child_types => 'containers', is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'CREATOR OWNER', rights => ["full"], affects => 'children_only', is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5]['desired_value'][0] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Administrators', rights => ["full"] }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5]['desired_value'][0]['desired_value'][1] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', rights => ["full"] }'

2nd run of manifest

bundle exec puppet apply C:\test.pp --modulepath C:\source\puppetlabs-acl\spec\fixtures\modules
Notice: Compiled catalog for f8hwnj18fjl5t5z.delivery.puppetlabs.net in environment production in 0.10 seconds
Notice: Applied catalog in 0.12 seconds

Puppet 4.10.4 + Ruby 2.3.3p222 + ACL PR (PR fixes MODULES-5152)

C:\source\puppetlabs-acl-4

puppet resource

bundle exec puppet resource acl "c:\windows" --modulepath C:\source\puppetlabs-acl-4\spec\fixtures\modules
acl { 'c:\windows':
  group                      => 'S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464',
  inherit_parent_permissions => 'false',
  owner                      => 'S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464',
  permissions                => [{'affects' => 'self_only', 'identity' => 'NT SERVICE\TrustedInstaller', 'rights' => ['full']}, {'affects' => 'children_only', 'child_types' => 'containers', 'identity' => 'NT SERVICE\TrustedInstaller', 'rights' => ['full']}, {'affects' => 'self_only', 'identity' => 'NT AUTHORITY\SYSTEM', 'rights' => ['modify']}, {'affects' => 'children_only', 'identity' => 'NT AUTHORITY\SYSTEM', 'rights' => ['full']}, {'affects' => 'self_only', 'identity' => 'BUILTIN\Administrators', 'rights' => ['modify']}, {'affects' => 'children_only', 'identity' => 'BUILTIN\Administrators', 'rights' => ['full']}, {'affects' => 'self_only', 'identity' => 'BUILTIN\Users', 'rights' => ['read', 'execute']}, {'affects' => 'children_only', 'identity' => 'BUILTIN\Users', 'rights' => ['read', 'execute']}, {'affects' => 'children_only', 'identity' => 'CREATOR OWNER', 'rights' => ['full']}, {'affects' => 'self_only', 'identity' => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', 'rights' => ['read', 'execute']}, {'affects' => 'children_only', 'identity' => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', 'rights' => ['read', 'execute']}],
}

1st run of manifest

NOTE: that format_value_for_display is called many times in this scenario (inside acl.rb)

bundle exec puppet apply c:\test.pp --modulepath C:\source\puppetlabs-acl-4\spec\fixtures\modules
Notice: Compiled catalog for f8hwnj18fjl5t5z.delivery.puppetlabs.net in environment production in 0.18 seconds
Notice: /Stage[main]/Main/File[c:/test]/ensure: created
called format_value_for_display
called format_value_for_display
called format_value_for_display
called format_value_for_display
called format_value_for_display
called format_value_for_display
called format_value_for_display
called format_value_for_display
called format_value_for_display
called format_value_for_display
Notice: /Stage[main]/Main/Acl[c:/test]/permissions: permissions changed [
] to [
 { identity => 'BUILTIN\Administrators', rights => ['full'
] },
 { identity => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', rights => ['full'
] }
]
Notice: /Stage[main]/Main/Acl[c:/test]/inherit_parent_permissions: inherit_parent_permissions changed 'true' to 'false'
Notice: Applied catalog in 0.06 seconds

2nd run of manifest

bundle exec puppet apply c:\test.pp --modulepath C:\source\puppetlabs-acl-4\spec\fixtures\modules
Notice: Compiled catalog for f8hwnj18fjl5t5z.delivery.puppetlabs.net in environment production in 0.17 seconds
Notice: Applied catalog in 0.04 seconds

for testing purposes, with format_value_for_display commented out

1st run of manifest

bundle exec puppet apply c:\test.pp --modulepath C:\source\puppetlabs-acl-4\spec\fixtures\modules
Notice: Compiled catalog for f8hwnj18fjl5t5z.delivery.puppetlabs.net in environment production in 0.20 seconds
Notice: /Stage[main]/Main/File[c:/test]/ensure: created
Notice: /Stage[main]/Main/Acl[c:/test]/permissions: permissions changed [] to [{'identity' => 'BUILTIN\Administrators', 'rights' => ['full']}, {'identity' => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', 'rights' => ['full']}]
Notice: /Stage[main]/Main/Acl[c:/test]/inherit_parent_permissions: inherit_parent_permissions changed 'true' to 'false'
Notice: Applied catalog in 0.05 seconds

2nd run of manifest

bundle exec puppet apply c:\test.pp --modulepath C:\source\puppetlabs-acl-4\spec\fixtures\modules
Notice: Compiled catalog for f8hwnj18fjl5t5z.delivery.puppetlabs.net in environment production in 0.20 seconds
Notice: Applied catalog in 0.04 seconds

Puppet 5 + Ruby 2.4.1p111 + ACL shipping (Manifest fails due to MODULES-5152)

C:\source\puppetlabs-acl-master

puppet resource

NOTE: this requires a patch to C:\source\puppetlabs-acl-master.bundle\gems\ruby\2.4.0\gems\puppet-5.0.0-x64-mingw32\lib\puppet\application\resource.rb

bundle exec puppet resource acl C:\windows --modulepath C:\source\puppetlabs-acl-master\spec\fixtures\modules
acl { 'C:\windows':
  group                      => 'S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464',
  inherit_parent_permissions => false,
  owner                      => 'S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464',
  permissions                => [
  {'identity' => 'NT SERVICE\TrustedInstaller', 'rights' => ['full'], 'affects' => 'self_only'},
  {'identity' => 'NT SERVICE\TrustedInstaller', 'rights' => ['full'], 'child_types' => 'containers', 'affects' => 'children_only'},
  {'identity' => 'NT AUTHORITY\SYSTEM', 'rights' => ['modify'], 'affects' => 'self_only'},
  {'identity' => 'NT AUTHORITY\SYSTEM', 'rights' => ['full'], 'affects' => 'children_only'},
  {'identity' => 'BUILTIN\Administrators', 'rights' => ['modify'], 'affects' => 'self_only'},
  {'identity' => 'BUILTIN\Administrators', 'rights' => ['full'], 'affects' => 'children_only'},
  {'identity' => 'BUILTIN\Users', 'rights' => ['read', 'execute'], 'affects' => 'self_only'},
  {'identity' => 'BUILTIN\Users', 'rights' => ['read', 'execute'], 'affects' => 'children_only'},
  {'identity' => 'CREATOR OWNER', 'rights' => ['full'], 'affects' => 'children_only'},
  {'identity' => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', 'rights' => ['read', 'execute'], 'affects' => 'self_only'},
  {'identity' => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', 'rights' => ['read', 'execute'], 'affects' => 'children_only'}],
}

1st run of manifest

bundle exec puppet apply C:\test.pp --modulepath C:\source\puppetlabs-acl-master\spec\fixtures\modules Notice: Compiled catalog for f8hwnj18fjl5t5z.delivery.puppetlabs.net in environment production in 0.09 seconds
Notice: /Stage[main]/Main/File[c:/test]/ensure: created
Notice: /Stage[main]/Main/Acl[c:/test]/permissions: permissions changed [] to [
 { identity => 'BUILTIN\Administrators', rights => ["full"] },
 { identity => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', rights => ["full"] }]
Notice: /Stage[main]/Main/Acl[c:/test]/inherit_parent_permissions: inherit_parent_permissions changed true to 'false'
Error: /Stage[main]/Main/Acl[c:/test]: Could not evaluate: Failed to set security descriptor for path 'c:/test': undefined method `bytesize' for nil:NilClass Notice: Applied catalog in 0.06 seconds
Warning: Event['previous_value'][0] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Administrators', rights => ["full"], is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["read", "execute"], is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '4', child_types => 'containers', is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '2', child_types => 'containers', is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'CREATOR OWNER', rights => ["full"], affects => 'children_only', is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5]['desired_value'][0] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Administrators', rights => ["full"] }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5]['desired_value'][0]['desired_value'][1] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', rights => ["full"] }'
Warning: Event['previous_value'][0] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Administrators', rights => ["full"], is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["read", "execute"], is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '4', child_types => 'containers', is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '2', child_types => 'containers', is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'CREATOR OWNER', rights => ["full"], affects => 'children_only', is_inherited => 'true' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5]['desired_value'][0] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Administrators', rights => ["full"] }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5]['desired_value'][0]['desired_value'][1] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', rights => ["full"] }'

2nd run of manifest

bundle exec puppet apply C:\test.pp --modulepath C:\source\puppetlabs-acl-master\spec\fixtures\modules Notice: Compiled catalog for f8hwnj18fjl5t5z.delivery.puppetlabs.net in environment production in 0.09 seconds
Notice: /Stage[main]/Main/Acl[c:/test]/permissions: permissions changed [
 { identity => 'NT AUTHORITY\SYSTEM', rights => ["full"] },
 { identity => 'BUILTIN\Administrators', rights => ["full"] },
 { identity => 'BUILTIN\Users', rights => ["read", "execute"] },
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '4', child_types => 'containers' },
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '2', child_types => 'containers' },
 { identity => 'CREATOR OWNER', rights => ["full"], affects => 'children_only' }] to [
 { identity => 'BUILTIN\Administrators', rights => ["full"] },
 { identity => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', rights => ["full"] }]
Error: /Stage[main]/Main/Acl[c:/test]: Could not evaluate: Failed to set security descriptor for path 'c:/test': undefined method `bytesize' for nil:NilClass Notice: Applied catalog in 0.22 seconds
Warning: Event['previous_value'][0] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'NT AUTHORITY\SYSTEM', rights => ["full"] }'
Warning: Event['previous_value'][0]['previous_value'][1] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Administrators', rights => ["full"] }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["read", "execute"] }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '4', child_types => 'containers' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '2', child_types => 'containers' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'CREATOR OWNER', rights => ["full"], affects => 'children_only' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5]['desired_value'][0] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Administrators', rights => ["full"] }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5]['desired_value'][0]['desired_value'][1] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', rights => ["full"] }'
Warning: Event['previous_value'][0] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'NT AUTHORITY\SYSTEM', rights => ["full"] }'
Warning: Event['previous_value'][0]['previous_value'][1] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Administrators', rights => ["full"] }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["read", "execute"] }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '4', child_types => 'containers' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '2', child_types => 'containers' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'CREATOR OWNER', rights => ["full"], affects => 'children_only' }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5]['desired_value'][0] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'BUILTIN\Administrators', rights => ["full"] }'
Warning: Event['previous_value'][0]['previous_value'][1]['previous_value'][2]['previous_value'][3]['previous_value'][4]['previous_value'][5]['desired_value'][0]['desired_value'][1] contains a Puppet::Type::Acl::Ace value. It will be converted to the String '
 { identity => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', rights => ["full"] }'

Puppet 4.10.4 + Ruby 2.3.3p222 + ACL shipping (Manifest fails due to MODULES-5152)

C:\source\puppetlabs-acl-master-4

bundle exec puppet resource acl C:\windows --modulepath C:\source\puppetlabs-acl-master-4\spec\fixtures\modules 

acl { 'C:\windows':                                                                                                                                           
  group                      => 'S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464',                                                             
  inherit_parent_permissions => 'false',                                                                                                                      
  owner                      => 'S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464',                                                             
  permissions                => [{'affects' => 'self_only', 'identity' => 'NT SERVICE\TrustedInstaller', 'rights' => ['full']}, {'affects' => 'children_only',
 'child_types' => 'containers', 'identity' => 'NT SERVICE\TrustedInstaller', 'rights' => ['full']}, {'affects' => 'self_only', 'identity' => 'NT AUTHORITY\SYS
TEM', 'rights' => ['modify']}, {'affects' => 'children_only', 'identity' => 'NT AUTHORITY\SYSTEM', 'rights' => ['full']}, {'affects' => 'self_only', 'identity
' => 'BUILTIN\Administrators', 'rights' => ['modify']}, {'affects' => 'children_only', 'identity' => 'BUILTIN\Administrators', 'rights' => ['full']}, {'affect
s' => 'self_only', 'identity' => 'BUILTIN\Users', 'rights' => ['read', 'execute']}, {'affects' => 'children_only', 'identity' => 'BUILTIN\Users', 'rights' => 
['read', 'execute']}, {'affects' => 'children_only', 'identity' => 'CREATOR OWNER', 'rights' => ['full']}, {'affects' => 'self_only', 'identity' => 'APPLICATI
ON PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', 'rights' => ['read', 'execute']}, {'affects' => 'children_only', 'identity' => 'APPLICATION PACKAGE AUTHORITY\
ALL APPLICATION PACKAGES', 'rights' => ['read', 'execute']}],                                                                                                 
}

1st run of manifest

bundle exec puppet apply C:\test.pp --modulepath C:\source\puppetlabs-acl-master-4\spec\fixtures\modules
Notice: Compiled catalog for f8hwnj18fjl5t5z.delivery.puppetlabs.net in environment production in 0.14 seconds
Notice: /Stage[main]/Main/File[c:/test]/ensure: created
called format_value_for_display
called format_value_for_display
called format_value_for_display
called format_value_for_display
Notice: /Stage[main]/Main/Acl[c:/test]/permissions: permissions changed [
] to [
 { identity => 'BUILTIN\Administrators', rights => ["full"] },
 { identity => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', rights => ["full"] }
]
Notice: /Stage[main]/Main/Acl[c:/test]/inherit_parent_permissions: inherit_parent_permissions changed 'true' to 'false'
Error: /Stage[main]/Main/Acl[c:/test]: Could not evaluate: Failed to set security descriptor for path 'c:/test': undefined method `bytesize' for nil:NilClass Notice: Applied catalog in 0.05 seconds

2nd run of manifest

bundle exec puppet apply C:\test.pp --modulepath C:\source\puppetlabs-acl-master-4\spec\fixtures\modules
Notice: Compiled catalog for f8hwnj18fjl5t5z.delivery.puppetlabs.net in environment production in 0.15 seconds
called format_value_for_display
called format_value_for_display
called format_value_for_display
called format_value_for_display
called format_value_for_display
called format_value_for_display
called format_value_for_display
called format_value_for_display
called format_value_for_display
called format_value_for_display
Notice: /Stage[main]/Main/Acl[c:/test]/permissions: permissions changed [
 { identity => 'NT AUTHORITY\SYSTEM', rights => ["full"] },
 { identity => 'BUILTIN\Administrators', rights => ["full"] },
 { identity => 'BUILTIN\Users', rights => ["read", "execute"] },
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '4', child_types => 'containers' },
 { identity => 'BUILTIN\Users', rights => ["mask_specific"], mask => '2', child_types => 'containers' },
 { identity => 'CREATOR OWNER', rights => ["full"], affects => 'children_only' }
] to [
 { identity => 'BUILTIN\Administrators', rights => ["full"] },
 { identity => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', rights => ["full"] }
]
Error: /Stage[main]/Main/Acl[c:/test]: Could not evaluate: Failed to set security descriptor for path 'c:/test': undefined method `bytesize' for nil:NilClass Notice: Applied catalog in 0.05 seconds

for testing purposes, with format_value_for_display commented out

1st run of manifest

bundle exec puppet apply C:\test.pp --modulepath C:\source\puppetlabs-acl-master-4\spec\fixtures\modules
Notice: Compiled catalog for f8hwnj18fjl5t5z.delivery.puppetlabs.net in environment production in 0.15 seconds
Notice: /Stage[main]/Main/File[c:/test]/ensure: created
Notice: /Stage[main]/Main/Acl[c:/test]/permissions: permissions changed [] to [{'identity' => 'BUILTIN\Administrators', 'rights' => ['full']}, {'identity' => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', 'rights' => ['full']}]
Notice: /Stage[main]/Main/Acl[c:/test]/inherit_parent_permissions: inherit_parent_permissions changed 'true' to 'false'
Error: /Stage[main]/Main/Acl[c:/test]: Could not evaluate: Failed to set security descriptor for path 'c:/test': undefined method `bytesize' for nil:NilClass Notice: Applied catalog in 0.05 seconds

2nd run of manifest

bundle exec puppet apply C:\test.pp --modulepath C:\source\puppetlabs-acl-master-4\spec\fixtures\modules
Notice: Compiled catalog for f8hwnj18fjl5t5z.delivery.puppetlabs.net in environment production in 0.14 seconds
Notice: /Stage[main]/Main/Acl[c:/test]/permissions: permissions changed [{'identity' => 'NT AUTHORITY\SYSTEM', 'rights' => ['full']}, {'identity' => 'BUILTIN\Administrators', 'rights' => ['full']}, {'identity' => 'BUILTIN\Users', 'rights' => ['read', 'execute']}, {'child_types' => 'containers', 'identity' => 'BUILTIN\Users', 'mask' => '4', 'rights' => ['mask_specific']}, {'child_types' => 'containers', 'identity' => 'BUILTIN\Users', 'mask' => '2', 'rights' => ['mask_specific']}, {'affects' => 'children_only', 'identity' => 'CREATOR OWNER', 'rights' => ['full']}] to [{'identity' => 'BUILTIN\Administrators', 'rights' => ['full']}, {'identity' => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', 'rights' => ['full']}]
Error: /Stage[main]/Main/Acl[c:/test]: Could not evaluate: Failed to set security descriptor for path 'c:/test': undefined method `bytesize' for nil:NilClass Notice: Applied catalog in 0.06 seconds
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment