Project

General

Profile

Actions
Copy link

Bug #10570

closed

Regex search on node properties is broken: returns all nodes with a property when no using invalid value

Added by François ARMAND over 7 years ago. Updated over 7 years ago.

Status:
Released
Priority:
N/A
Assignee:
François ARMAND
Category:
Web - Nodes & inventories
Target version:
3.1.19
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Getting started - demo | first install | level 1 Techniques
Effort required:
Small
Priority:
0
Name check:
Fix check:
Regression:

Description

The search on node properties, for the regex part, is completly broken and always returns all nodes: :

[2017-04-07 11:18:14] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [0] Start search for { returnType:'NodeReturnType' with 'And' criteria [serializedNodeProperty.name.value regex datacenter:Europe] }
[2017-04-07 11:18:14] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [0] |-- LDAPObjectType(ou=Nodes,cn=rudder-configuration,One,LDAPObjectTypeFilter((objectClass=*)),None,DNJoin,Set((And,RegexFilter(serializedNodeProperty,.*.*))))
[2017-04-07 11:18:14] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [0] |--- SearchRequest(baseDN='ou=Nodes,cn=rudder-configuration', scope=ONE, deref=NEVER, sizeLimit=0, timeLimit=0, filter='(&(objectClass=*)(objectClass=*))', attrs={1.1, serializedNodeProperty})
[2017-04-07 11:18:14] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [0] |---- 5 result(s)
[2017-04-07 11:18:14] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [0] |---- post-process with filters: [(And,RegexFilter(serializedNodeProperty,.*.*))]
[2017-04-07 11:18:14] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [0] |---- results (post-process): 5
[2017-04-07 11:18:14] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [0] |-- 5 sub-results (merged)
[2017-04-07 11:18:14] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [0] |- (final query) LDAPObjectType(ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration,One,LDAPObjectTypeFilter((objectClass=*)),Some((|(nodeId=0c846655-cb06-486f-ace4-eaeb11372097)(nodeId=root)(nodeId=8b168194-c0b4-41ab-b2b5-9571a8906d59)(nodeId=fc846655-cb06-486f-ace4-eaeb11372097)(nodeId=717b63d1-01fe-4d4f-a7e5-cfb7c0d47b4f))),DNJoin,Set())
[2017-04-07 11:18:14] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [0] |--- SearchRequest(baseDN='ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration', scope=ONE, deref=NEVER, sizeLimit=0, timeLimit=0, filter='(&(objectClass=*)(|(nodeId=0c846655-cb06-486f-ace4-eaeb11372097)(nodeId=root)(nodeId=8b168194-c0b4-41ab-b2b5-9571a8906d59)(nodeId=fc846655-cb06-486f
-ace4-eaeb11372097)(nodeId=717b63d1-01fe-4d4f-a7e5-cfb7c0d47b4f)))', attrs={...snip...})
[2017-04-07 11:18:14] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [0] |---- 5 result(s)
[2017-04-07 11:18:14] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [0] `-> 5 results

On 4.0, the results works as expected (even if the post-process seems false, to):

[2017-04-07 11:25:38] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [940835812988] Start search for { returnType:'NodeReturnType' with 'And' criteria [serializedNodeProperty.name.value regex .*foo.*] }
[2017-04-07 11:25:38] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [940835812988] |-- LDAPObjectType(ou=Nodes,cn=rudder-configuration,One,LDAPObjectTypeFilter((objectClass=*)),None,DNJoin,Set((And,RegexFilter(serializedNodeProperty,.*.*))))
[2017-04-07 11:25:38] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [940835812988] |--- SearchRequest(baseDN='ou=Nodes,cn=rudder-configuration', scope=ONE, deref=NEVER, sizeLimit=0, timeLimit=0, filter='(&(objectClass=*)(objectClass=*))', attrs={1.1, serializedNodeProperty})
[2017-04-07 11:25:38] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [940835812988] |---- 11 result(s)
[2017-04-07 11:25:38] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [940835812988] |---- post-process with filters: [(And,RegexFilter(serializedNodeProperty,.*.*))]
[2017-04-07 11:25:38] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [940835812988] |---- results (post-process): 0
[2017-04-07 11:25:38] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [940835812988] |-- 0 sub-results (merged)
[2017-04-07 11:25:38] DEBUG com.normation.rudder.services.queries.InternalLDAPQueryProcessor - [940835812988] `-> early stop query (empty sub-query)

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #10599: Impossible to search or build groups based on JSON values in node propertiesReleasedVincent MEMBRÉActions
Actions
Copy link
 #1

Updated by François ARMAND over 7 years ago

  • Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
  • User visibility set to Getting started - demo | first install | level 1 Techniques
  • Effort required set to Small

I'm setting criticity to "critical", because it means that people using that feature and migrating to 4.1 may encounter data loss (dyn group can be broken).

Actions
Copy link
 #2

Updated by Vincent MEMBRÉ over 7 years ago

  • Status changed from New to In progress
  • Assignee set to Vincent MEMBRÉ
Actions
Copy link
 #3

Updated by François ARMAND over 7 years ago

  • Severity changed from Critical - prevents main use of Rudder | no workaround | data loss | security to Major - prevents use of part of Rudder | no simple workaround

Ok, so in fact, it is not a regression. We just have more luck in the environment, and so it won't break existing things (it's just that the problem is not raised when nodes don't have properties). I'm decreasing the severity to major, because it "just" make some part of Rudder not usable.

Actions
Copy link
 #4

Updated by Vincent MEMBRÉ over 7 years ago

More explanation.

A value in a 'name=value' field (here Node properties, but it's the same for environment variable) needs an = to make a difference between name and value.

If you enter a value without "=" in a regex query, it fails to split the value and it should fail. But we ignore the error and replace by ".*.*"

Which matches any property and so every Node with a property is a valid result... Which is clearly not what we want

Which should make an error when the data is not valid

Actions
Copy link
 #5

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 4.1.1 to 3.1.19
Actions
Copy link
 #6

Updated by Vincent MEMBRÉ over 7 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Vincent MEMBRÉ to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/1626
Actions
Copy link
 #7

Updated by Vincent MEMBRÉ over 7 years ago

  • Subject changed from Regex search on node properties is broken: returns all node to Regex search on node properties is broken: returns all nodes with a property when no using invalid value
Actions
Copy link
 #8

Updated by Vincent MEMBRÉ over 7 years ago

  • Status changed from Pending technical review to Pending release
Actions
Copy link
 #9

Updated by Vincent MEMBRÉ over 7 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.19, 4.0.4 and 4.1.1 which were released today.

Actions
Copy link
 #10

Updated by François ARMAND over 7 years ago

  • Related to Bug #10599: Impossible to search or build groups based on JSON values in node properties added
Actions
Copy link

Also available in: Atom PDF