Project

General

Profile

Bug #13664

Mustache templating in audit mode always considers destination compliant once it exists

Added by Alexis MOUSSET 2 months ago. Updated about 1 month ago.

Status:
Released
Priority:
N/A
Category:
Agent
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Very Small
Priority:
104

Description

We should compare the content of the file with the rendered template when in audit mode (as we do in enforce mode, but without actual destination changes). This is what is done by file_from_string_mustache and file_from_template_jinja2.

It seems (tested with 5.0 on Ubuntu 16.04) that this is not the case and that the agent skips content comparison and defines classes based on file existence only, which breaks mustache templated-files auditing.


Subtasks

Bug #13736: Mustache templating in audit mode always considers destination compliant once it exists - 5.0 branchReleasedBenoît PECCATTE
Bug #13754: Broken agent build after mustache class fixesReleasedBenoît PECCATTE

Associated revisions

Revision d966b356 (diff)
Added by Alexis MOUSSET 2 months ago

Fixes #13664: Mustache templating in audit mode always considers destination compliant once it exists

History

#1 Updated by Alexis MOUSSET 2 months ago

rudder  verbose: P: .........................................................
rudder  verbose: P: BEGIN promise 'promise_file_from_template_type_cf_131' of type "files" (pass 1)
rudder  verbose: P:    Promiser/affected object: '/tmp/dst'
rudder  verbose: P:    From parameterized bundle: file_from_template_type( {"/tmp/tpl","/tmp/dst","mustache"})
rudder  verbose: P:    Base context class: any
rudder  verbose: P:    "if" class condition: !is_jinja2.template_exists
rudder  verbose: P:    Stack path: /default/rudder_directives/methods/'Global configuration for all nodes/Static website'/default/Static_website/methods/'method_call'/default/file_from_template_mustache/methods/'file template mustache type'/default/file_from_template_type/files/'/tmp/dst'[1]
rudder  verbose: Using literal pathtype for '/tmp/dst'
rudder  verbose: Additional promise info: source path '/var/rudder/ncf/common/30_generic_methods/file_from_template_type.cf' at line 131
rudder  verbose: File '/tmp/dst' exists as promised
rudder  verbose: C:    + promise outcome class 'promise_kept_file_from_template__tmp_dst'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_dst_kept'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_dst_ok'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_dst_not_repaired'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_dst_reached'
rudder  verbose: C:    + promise outcome class 'promise_kept_file_from_template__tmp_tpl__tmp_dst_mustache'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_tpl__tmp_dst_mustache_kept'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_tpl__tmp_dst_mustache_ok'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_tpl__tmp_dst_mustache_not_repaired'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_tpl__tmp_dst_mustache_reached'
rudder  verbose: Build file model from a blank slate (emptying)
rudder  verbose: Rendering '/tmp/dst' using template '/tmp/tpl' with method 'mustache'
 warning: Need to render '/tmp/dst' from mustache template '/tmp/tpl' but policy is dry-run
rudder  verbose: Handling file existence constraints on '/tmp/dst'
rudder  verbose: A: Promise NOT KEPT!
rudder  verbose: P: END files promise (/tmp/dst)
rudder  verbose: P: .........................................................

#2 Updated by Alexis MOUSSET 2 months ago

Looks like the file is rendered but the outcome class is not actually updated after failed comparison.

#3 Updated by Alexis MOUSSET 2 months ago

This is a known issue: https://tracker.mender.io/browse/CFE-2600, fixing it it should not be that hard.

#4 Updated by Alexis MOUSSET 2 months ago

We need to backport https://github.com/cfengine/core/pull/3348 in Rudder agents.

#5 Updated by Alexis MOUSSET 2 months ago

  • Effort required set to Very Small
  • Priority changed from 76 to 104

#6 Updated by Alexis MOUSSET 2 months ago

  • Status changed from New to In progress
  • Assignee set to Alexis MOUSSET

#7 Updated by Alexis MOUSSET 2 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis MOUSSET to Nicolas CHARLES
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/1695

#8 Updated by Alexis MOUSSET about 2 months ago

  • Status changed from Pending technical review to Pending release

#9 Updated by Vincent MEMBRÉ about 1 month ago

  • Status changed from Pending release to Released
This bug has been fixed in Rudder 4.1.16, 4.3.6 and 5.0.2 which were released today.
Changelog
Changelog
Changelog

Also available in: Atom PDF