Rudder

Version: 4.1.2.rc1.git201705040133 on CFEngine Core 3.10.0

In ./inventory/1.0/fusionAgent.cf there is:

    # guarding execresult to save a lot of time during policy validation
    !windows.(force_inventory|inventory_time)::
      "fusion_inventory_version" string => execresult("${g.rudder_base}/bin/run-inventory --version | ${paths.path[grep]} '[0-9]\.[0-9]' |
 ${paths.path[sed]} 's%.*(\([0-9]\+\)\.\([0-9]\+\).*).*%\1\2%'", "useshell");
      "inventory_path"           string => "${g.rudder_var_tmp}/inventory", policy => "overridable"; # Default value
      "inventory_path_edition"   string => "${g.rudder_var_tmp}/inventory/.*.ocs", policy => "overridable"; # Default value for editing th
e inventory files

=> the execution of "execresult" is guarded
=> it will only be executed if "!windows.(force_inventory|inventory_time)", and only then is "inventory_path" defined.

However, the actual inventory run does not follow this conditions, it is enough for the inventory directory to just be created, it does not depend on the variable of inventory_path actually being set:

  commands:
    !windows.inventoryfoldercreated::
      "${g.rudder_base}/bin/run-inventory --local=${inventory_path}" 
        classes => cf2_if_else("run_inventory", "inventory_failed"),
        comment => "Generating inventory, in the temporary folder";

This results in a File of ${inventory_path} being created in the / if the directory was just created:

rudder41n:~ # rmdir /var/rudder/tmp/inventory/
rudder41n:~ # rudder agent run -q
Rudder agent 4.1.2.rc1.git201705040133 (CFEngine Core 3.10.0)
Node uuid: root
#Start execution with config [20170505-095043-72de9bee]

M| State         Technique                 Component                 Key                Message
E| error         Inventory                 inventory                                    #Generated inventory has been detected as invalid

## Summary #####################################################################
32 components verified in 4 directives
   => 32 components in Enforce mode
      -> 29 compliant
      -> 2 not-applicable
      -> 1 error
execution time: 6.47s
################################################################################
rudder41n:~ #

rudder41n:~ # ll /\$\{inventory_path\}
-rw------- 1 root root 324182 May  5 12:31 /${inventory_path}
rudder41n:~ #

The very strange for this is, that the check should only run if the inventory_file_exist class is set, which is defined by using filesexist based on a findfiles, but that somehow returns true, even if you try to search a bunch of files "*.ocs" in an empty folder by using an intermediate array:

See child ticket #10712 for detailed description.