`bcfg2-info showclient` makes changes to configuration

[https://www.google.com/accounts/o8/id?id=AItOawkPb0RtPyicSdU7pLcv1UrX-yCh-YjkOwU]

Seems like bcfg2-info commands are not safe for repository configuration.

$ sudo bcfg2-info showclient selenium
Loading experimental plugin(s): Packages
NOTE: Interfaces subject to change
Handled 20 events in 0.132s
Handled 3 events in 0.002s
Asserting client selenium profile to basic
Creating new client: selenium, profile basic
Hostname:	selenium
Profile:	basic
Groups:		debian
		basic
Bundles:	motd
Connector data
================================================================================
Packages:	{'sources': []}
================================================================================
$ sudo bcfg2-info showclient selenium
Loading experimental plugin(s): Packages
NOTE: Interfaces subject to change
Failed to find IP address for selenium
Handled 20 events in 0.298s
Handled 3 events in 0.005s
Hostname:	selenium
Profile:	basic
Groups:		debian
		basic
Bundles:	motd
Connector data
================================================================================
Packages:	{'sources': []}
================================================================================

[https://www.google.com/accounts/o8/id?id=AItOawnSjgovXZr-_V3vGkvMSR0pc5LDykRc1Nc]

bcfg2-info spawns its own instance of the Bcfg2 server, and has all of the power of a real server. This is intended (and necessary, in some cases).

If you want bcfg2-info to be unable to modify the repository, run it as a user that only has read-only access to the repository, or run it against a local copy of the repository with the -Q flag.

[https://www.google.com/accounts/o8/id?id=AItOawkPb0RtPyicSdU7pLcv1UrX-yCh-YjkOwU]

When it is necessary for bcfg2-info showclient to alter configuration?

[https://www.google.com/accounts/o8/id?id=AItOawnSjgovXZr-_V3vGkvMSR0pc5LDykRc1Nc]

When you ask it to show you a new client that does not exist yet, it must first add that client to the specification.

[https://www.google.com/accounts/o8/id?id=AItOawkPb0RtPyicSdU7pLcv1UrX-yCh-YjkOwU]

Don't you think that when I ask bcfg2-info showclient about a client that doesn't exists - it should report an error instead of doing stuff that should be done by bcfg2-admin?

It is a bad user experience when you have to clean out configuration every time you've misspelled some client name.

[https://www.google.com/accounts/o8/id?id=AItOawnSjgovXZr-_V3vGkvMSR0pc5LDykRc1Nc]

No, I expect bcfg2-info to act exactly the same way that bcfg2-server would act. This is very important if you're using bcfg2-info for any sort of testing or verification.

If you want bcfg2-info to be unable to modify the repository, run it as a user that only has read-only access to the repository, or run it against a local copy of the repository with the -Q flag. "svn revert" or "git checkout" or similar should suffice to clean up after a mistake.

[https://www.google.com/accounts/o8/id?id=AItOawkPb0RtPyicSdU7pLcv1UrX-yCh-YjkOwU]

I understand that developers are a bit selfish, but did you ask your users - what do they expect?

If you so concerned that server does what it wants when bcfg2-info is run - why don't you move this command (info or 'show clients') to bcfg2-server itself? This will remove one level of indirection, and won't raise questions about info tools with heisenbug architecture.

[m4z <…>]

I don't see a problem related to bcfg2-info: I would rather like to have a config option to disable the automated adding of new clients to clients.xml (if it doesn't exist yet). Then, that could be used when running bcfg2-info, too. (See also #842, #929.)

[solj]

You can change this behavior by *not* using a default/public group in groups.xml. See ​http://docs.bcfg2.org/server/plugins/grouping/metadata.html#metadata-group-tag.