Project

General

Profile

Actions
Copy link

Bug #13664

closed

Mustache templating in audit mode always considers destination compliant once it exists

Added by Alexis Mousset over 5 years ago. Updated over 5 years ago.

Status:
Released
Priority:
N/A
Assignee:
Nicolas CHARLES
Category:
Agent
Target version:
4.1.16
Pull Request:
https://github.com/Normation/rudder-p...
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Very Small
Priority:
104
Name check:
Fix check:
Regression:

Description

We should compare the content of the file with the rendered template when in audit mode (as we do in enforce mode, but without actual destination changes). This is what is done by file_from_string_mustache and file_from_template_jinja2.

It seems (tested with 5.0 on Ubuntu 16.04) that this is not the case and that the agent skips content comparison and defines classes based on file existence only, which breaks mustache templated-files auditing.

Subtasks 2 (0 open2 closed)

Bug #13736: Mustache templating in audit mode always considers destination compliant once it exists - 5.0 branchReleasedBenoît PECCATTEActions
Bug #13754: Broken agent build after mustache class fixesReleasedBenoît PECCATTEActions
Actions
Copy link
 #1

Updated by Alexis Mousset over 5 years ago 

rudder  verbose: P: .........................................................
rudder  verbose: P: BEGIN promise 'promise_file_from_template_type_cf_131' of type "files" (pass 1)
rudder  verbose: P:    Promiser/affected object: '/tmp/dst'
rudder  verbose: P:    From parameterized bundle: file_from_template_type( {"/tmp/tpl","/tmp/dst","mustache"})
rudder  verbose: P:    Base context class: any
rudder  verbose: P:    "if" class condition: !is_jinja2.template_exists
rudder  verbose: P:    Stack path: /default/rudder_directives/methods/'Global configuration for all nodes/Static website'/default/Static_website/methods/'method_call'/default/file_from_template_mustache/methods/'file template mustache type'/default/file_from_template_type/files/'/tmp/dst'[1]
rudder  verbose: Using literal pathtype for '/tmp/dst'
rudder  verbose: Additional promise info: source path '/var/rudder/ncf/common/30_generic_methods/file_from_template_type.cf' at line 131
rudder  verbose: File '/tmp/dst' exists as promised
rudder  verbose: C:    + promise outcome class 'promise_kept_file_from_template__tmp_dst'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_dst_kept'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_dst_ok'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_dst_not_repaired'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_dst_reached'
rudder  verbose: C:    + promise outcome class 'promise_kept_file_from_template__tmp_tpl__tmp_dst_mustache'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_tpl__tmp_dst_mustache_kept'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_tpl__tmp_dst_mustache_ok'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_tpl__tmp_dst_mustache_not_repaired'
rudder  verbose: C:    + promise outcome class 'file_from_template__tmp_tpl__tmp_dst_mustache_reached'
rudder  verbose: Build file model from a blank slate (emptying)
rudder  verbose: Rendering '/tmp/dst' using template '/tmp/tpl' with method 'mustache'
 warning: Need to render '/tmp/dst' from mustache template '/tmp/tpl' but policy is dry-run
rudder  verbose: Handling file existence constraints on '/tmp/dst'
rudder  verbose: A: Promise NOT KEPT!
rudder  verbose: P: END files promise (/tmp/dst)
rudder  verbose: P: .........................................................
Actions
Copy link
 #2

Updated by Alexis Mousset over 5 years ago

Looks like the file is rendered but the outcome class is not actually updated after failed comparison.

Actions
Copy link
 #3

Updated by Alexis Mousset over 5 years ago

This is a known issue: https://tracker.mender.io/browse/CFE-2600, fixing it it should not be that hard.

Actions
Copy link
 #4

Updated by Alexis Mousset over 5 years ago

We need to backport https://github.com/cfengine/core/pull/3348 in Rudder agents.

Actions
Copy link
 #5

Updated by Alexis Mousset over 5 years ago

  • Effort required set to Very Small
  • Priority changed from 76 to 104
Actions
Copy link
 #6

Updated by Alexis Mousset over 5 years ago

  • Status changed from New to In progress
  • Assignee set to Alexis Mousset
Actions
Copy link
 #7

Updated by Alexis Mousset over 5 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to Nicolas CHARLES
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/1695
Actions
Copy link
 #8

Updated by Alexis Mousset over 5 years ago

  • Status changed from Pending technical review to Pending release
Actions
Copy link
 #9

Updated by Vincent MEMBRÉ over 5 years ago

  • Status changed from Pending release to Released
This bug has been fixed in Rudder 4.1.16, 4.3.6 and 5.0.2 which were released today. 
Changelog
 Changelog
 Changelog
Actions
Copy link

Also available in: Atom PDF