message : The `source_permissions` parameter is deprecated

Question

message : The `source_permissions` parameter is deprecated

Dan33l opened this issue 6 years ago · 4 comments

Affected Puppet, Ruby, OS and module versions/distributions

Puppet: 5 or 6
Ruby:
Distribution: any
Module version: 7.4.0

How to reproduce (e.g Puppet code you use)

What are you seeing

We are using file resource with source_permissions attribute here :
https://github.com/voxpupuli/puppet-openvpn/blob/master/manifests/ca.pp#L63

It looks to do the expected job and docs about types does not show deprecation message.

The deprecation message is relevant :
https://tickets.puppetlabs.com/browse/PUP-9332

What behaviour did you expect instead

no deprecation message

Output log

$> puppet apply --verbose --detailed-exitcodes /tmp/apply_manifest.pp.3BVJmE
Info: Loading facts
Info: Loading facts
Notice: Compiled catalog for vpnserver in environment production in 0.21 seconds
Warning: The `source_permissions` parameter is deprecated. Explicitly set `owner`, `group`, and `mode`.
(file: /etc/puppetlabs/code/modules/openvpn/manifests/ca.pp, line: 59)
Info: Applying configuration version '1543266749'

Any additional information you'd like to impart

Probably, it should be possible to use https://github.com/puppetlabs/puppetlabs-rsync , instead of file resource.

Answer 1 · 2020-01-19T19:58:06.000Z

There is no requirement to copy the easyrsa files to /etc/openvpn/<server>/easyrsa.

Last week I tested easyrsa 3 and the possible to generate a whole PKI while easyrsa is still in /usr/share/easyrsa

If easyrsa is not copied anymore, the deprecated is gone, too.

Answer 2 · 2020-01-20T10:07:14.000Z

Interesting, thank you @jkroepke .
Since we support OSes that provides version 2, does it works also with easyrsa 2 too ?

Answer 3 · 2020-01-22T21:42:59.000Z

Technically yes (untested).
https://github.com/OpenVPN/easy-rsa-old/blob/105a02011116fc1500e42fd28fa50d9f0fc6e295/easy-rsa/2.0/vars#L39

But the commentary of easyrsa explains that the entire easyrsa should be copied otherwise all keys? are lost.

It might be true, if the keys are also created in /usr/share/easyrsa but if the PKI root is outside this folder any file inside the pki should not deleted by a rpm upgrade.

https://github.com/OpenVPN/easy-rsa-old/blob/master/easy-rsa/2.0/vars#L3

Answer 4 · 2020-03-05T08:41:31.000Z

The source_permissions parameter will be undeprecated :
https://tickets.puppetlabs.com/browse/PUP-10253