[Pkg-puppet-devel] Bug#809786: The "posix" provider of the "exec" resource seems to invoke a shell even though the documentation says it doesn't

[Alexander Kurtz]

Package: puppet
Version: 3.8.4-1

Hi,

the puppet type reference describes the "posix" provider of the "exec"
resource like this: [0]

	posix
	Executes external binaries directly, without passing through a shell or
	performing any interpolation. This is a safer and more predictable way to
	execute most commands, but prevents the use of globbing and shell built-ins
	(including control logic like “for” and “if” statements).

However:

	# cat manifest.pp 
	$input = 'foo; if false; then exit 23; else exit 42; fi'

	exec { "/bin/echo ${input}":
		provider => 'posix',
	}
	# puppet apply manifest.pp 
	Notice: Compiled catalog for shepard.kurtz.be in environment production in 0.04 seconds
	Notice: /Stage[main]/Main/Exec[/bin/echo foo; if false; then exit 23; else exit 42; fi]/returns: foo
	Error: /bin/echo foo; if false; then exit 23; else exit 42; fi returned 42 instead of one of [0]
	Error: /Stage[main]/Main/Exec[/bin/echo foo; if false; then exit 23; else exit 42; fi]/returns: change from notrun to 0 failed: /bin/echo foo; if false; then exit 23; else exit 42; fi returned 42 instead of one of [0]
	Notice: Finished catalog run in 0.08 seconds
	# 

I'm not really sure what to make of this, but it seems... unexpected.
What do you guys think?

Best regards

Alexander Kurtz

[0] https://docs.puppetlabs.com/references/3.8.latest/type.html#exec-provider-posix
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/attachments/20160104/366e3cb5/attachment.sig>