Unexpected Corrective Changes

[msmost]

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 6.4.4
• Ruby: 2.5.3
• Distribution: RHEL 7
• Module version: 1.0.0

How to reproduce (e.g Puppet code you use)

I'm trying to ensure a subset of ACLs on a file using the set command. Here's an example of what I'm doing.

file { "/some/example_dir":
   ensure => directory,
   group  => $owning_group,
   mode   => '0770',
} ->
posix_acl { "/some/example_dir":
   action     => set,
   provider   => posixacl,
   permission => ["group:${co_owning_group}:r-x",'user:${special_user}:r-x'],
   recursive  => false,
}

What are you seeing

I get a continuous corrective change that says the permissions will be changed from:
"group::rwx", "group:co_owning_group:r-x", "mask::rwx", "other::---", "user::rwx", "user:special_user:r-x"
to
"group:co_owning_group:r-x", "user:special_user:r-x"

What behavior did you expect instead

I would expect that the ACLs would be overlayed, and further runs would not produce a need for puppet to do a corrective change.

This is the way the module functioned under release 0.1.1. It would simply overlay the permissions and any existing permissions would not be taken into consideration. This seems to be inline with the description of how the set function is supposed to work (as opposed to the exact function.)

Any additional information you'd like to impart

This issue seems to be slightly different from the one opened by @Bouke

I'm perfectly fine with the way the permissions are getting set. It just seems to be a slight issue with the Puppet logic that evaluates whether or not a corrective changes is needed.

[matt-matt2]

I think they are the same issue as reported by @Bouke, and I've commented the same in that issue.