Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature request]: make exec more secure #13

Open
tuxmea opened this issue Feb 5, 2025 · 1 comment
Open

[Feature request]: make exec more secure #13

tuxmea opened this issue Feb 5, 2025 · 1 comment
Labels
enhancement New feature or request

Comments

@tuxmea
Copy link

tuxmea commented Feb 5, 2025

Use Case

Using exec resource wthout checking idempotency is a bad pattern, as the exec gets executed every time.
Idempotency is possible by setting one of the following parameters:

  • creates
  • onlyif
  • unless
  • refreshonly

OpenVox should let users/developers know that they are using code on bad practice.

There are two was on how to achieve this:

  1. a lint plugin which identifies if an exec has the idempotency parameters set (out of scope for this project)
  2. let the type check if all desired parameters are set

Describe the solution you would like

The exec type should check if any of the idempotency attributes in use and print a warning (on the agent side) to inform users about this bad practice.

Describe alternatives you've considered

No response

Additional context

No response
@tuxmea tuxmea added the enhancement New feature or request label Feb 5, 2025
@tuxmea
Copy link
Author

tuxmea commented Feb 7, 2025

Lint Plugin is at https://github.com/voxpupuli/puppet-lint-exec_idempotency-check

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tuxmea