Project

General

Profile

Actions

Bug #13664

closed

Mustache templating in audit mode always considers destination compliant once it exists

Added by Alexis Mousset about 6 years ago. Updated about 6 years ago.

Status:
Released
Priority:
N/A
Category:
Agent
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Very Small
Priority:
104
Name check:
Fix check:
Regression:

Description

We should compare the content of the file with the rendered template when in audit mode (as we do in enforce mode, but without actual destination changes). This is what is done by file_from_string_mustache and file_from_template_jinja2.

It seems (tested with 5.0 on Ubuntu 16.04) that this is not the case and that the agent skips content comparison and defines classes based on file existence only, which breaks mustache templated-files auditing.


Subtasks 2 (0 open2 closed)

Bug #13736: Mustache templating in audit mode always considers destination compliant once it exists - 5.0 branchReleasedBenoît PECCATTEActions
Bug #13754: Broken agent build after mustache class fixesReleasedBenoît PECCATTEActions
Actions #1

Updated by Alexis Mousset about 6 years ago

rudder  verbose: P: .........................................................
rudder  verbose: P: BEGIN promise 'promise_file_from_template_type_cf_131' of type "files" (pass 1)
rudder  verbose: P:    Promiser/affected object: '/tmp/dst'
rudder  verbose: P:    From parameterized bundle: file_from_template_type( {"/tmp/tpl","/tmp/dst","mustache"})
rudder  verbose: P:    Base context class: any
rudder  verbose: P:    "if" class condition: !is_jinja2.template_exists
rudder  verbose: P:    Stack path: /default/rudder_directives/methods/'Global configuration for all nodes/Static website'/default/Static_website/methods/'method_call'/default/file_from_template_mustache/methods/'file template mustache type'/default/file_from_template_type/files/'/tmp/dst'[1]
rudder  verbose: Using literal pathtype for '/tmp/dst'
rudder  verbose: Additional promise info: source path '/var/rudder/ncf/common/30_generic_methods/file_from_template_type.cf' at line 131
rudder  verbose: File '/tmp/dst' exists as promised
rudder  verbose: C:    + promise outcome class 'promise_kept_file_from_template__tmp_dst'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_dst_kept'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_dst_ok'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_dst_not_repaired'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_dst_reached'
rudder  verbose: C:    + promise outcome class 'promise_kept_file_from_template__tmp_tpl__tmp_dst_mustache'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_tpl__tmp_dst_mustache_kept'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_tpl__tmp_dst_mustache_ok'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_tpl__tmp_dst_mustache_not_repaired'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_tpl__tmp_dst_mustache_reached'
rudder  verbose: Build file model from a blank slate (emptying)
rudder  verbose: Rendering '/tmp/dst' using template '/tmp/tpl' with method 'mustache'
 warning: Need to render '/tmp/dst' from mustache template '/tmp/tpl' but policy is dry-run
rudder  verbose: Handling file existence constraints on '/tmp/dst'
rudder  verbose: A: Promise NOT KEPT!
rudder  verbose: P: END files promise (/tmp/dst)
rudder  verbose: P: .........................................................
Actions #2

Updated by Alexis Mousset about 6 years ago

Looks like the file is rendered but the outcome class is not actually updated after failed comparison.

Actions #3

Updated by Alexis Mousset about 6 years ago

This is a known issue: https://tracker.mender.io/browse/CFE-2600, fixing it it should not be that hard.

Actions #4

Updated by Alexis Mousset about 6 years ago

We need to backport https://github.com/cfengine/core/pull/3348 in Rudder agents.

Actions #5

Updated by Alexis Mousset about 6 years ago

  • Effort required set to Very Small
  • Priority changed from 76 to 104
Actions #6

Updated by Alexis Mousset about 6 years ago

  • Status changed from New to In progress
  • Assignee set to Alexis Mousset
Actions #7

Updated by Alexis Mousset about 6 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to Nicolas CHARLES
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/1695
Actions #8

Updated by Alexis Mousset about 6 years ago

  • Status changed from Pending technical review to Pending release
Actions #9

Updated by Vincent MEMBRÉ about 6 years ago

  • Status changed from Pending release to Released
This bug has been fixed in Rudder 4.1.16, 4.3.6 and 5.0.2 which were released today.
Changelog
Changelog
Changelog
Actions

Also available in: Atom PDF