Bug #14390
closed
Missing report on generic method "command exec" with $()
Added by François ARMAND almost 6 years ago.
Updated over 5 years ago.
Category:
Web - Compliance & node report
Severity:
Major - prevents use of part of Rudder | no simple workaround
User visibility:
Getting started - demo | first install | Technique editor and level 1 Techniques
Description
I created a technique with an "exec command" generic method with content:
touch /tmp/rudder-$(date --iso-8601=second)
Report are missing - but I mean, on an agent run, the directive is totally missing (see screenshot).
Technique content on the node:
root@agent1:/home/vagrant# cat /var/rudder/cfengine-community/inputs/create_date_file/1.0/create_date_file.cf
# @name create date file
# @description
# @version 1.0
bundle agent create_date_file
{
methods:
"Command execution_context_0" usebundle => _method_reporting_context("Command execution", "touch /tmp/rudder-$(date --iso-8601=second)");
"Command execution" usebundle => command_execution("touch /tmp/rudder-$(date --iso-8601=second)"),
ifvarclass => concat("any");
}
Files
- Target version set to 4.1.21
- Severity set to Major - prevents use of part of Rudder | no simple workaround
- User visibility set to Getting started - demo | first install | Technique editor and level 1 Techniques
- Effort required set to Very Small
- Priority changed from 0 to 98
This is "expected" because $() is a special thing in CFEngine. So, as we can't know what the user want to do (cfengine or shell), we can't automatically escape it.
Two solutions:
- easy: always warn the user "be careful, using $() means the cfengine command, if you want to mean the shell one, use ${const.dollar}(...)". This is not portable and bound to cfengine.
- a little bit more involving: alway interpret $() as shell (ie escape it in technique editor) ; force user to always ${sys.etc}" (or provide an escape solution like ${CFEVAR....}
It's a getting starting, because user are likely to try that kind of shell things early.
- Assignee set to Nicolas CHARLES
- Effort required changed from Very Small to Small
- Priority changed from 98 to 85
So after discussion, the correct path is to always escape that case for the target agent.
NOTE: we will need to make a be warning on update for people who might have use it in existing technique.
- Target version changed from 4.1.21 to 4.3.11
Targetting 4.3 because of the complexity of change in 4.1 + behavior change.
after some tries, there is no way to make $() work simply
one of the issue lies in the canonification that seems to skip the variable itself
with command being /usr/bin/touch /tmp/rudder-${const.dollar}{const.dollar}{const.dollar}{const.dollar}{const.dollar}{const.dollar}{const.dollar}{const.dollar}(date --iso-8601=second) , the string to canonify is command_execution_/usr/bin/touch /tmp/rudder-${const.dollar}{const.dollar}{const.dollar}{const.dollar}{const.dollar}{const.dollar}{const.dollar}(date --iso-8601=second) , but old_class_prefix is ${old_class_prefix}
workaround: use the full path of the command: if there is a / in the $(), then it will work
So only solution would be to check when we save the technique if a field contains $(), and if so, it should either vars.prefix, or a / somewhere, and if not warn the user (but still allow to save)
- Status changed from New to In progress
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/ncf/pull/934
- Status changed from Pending technical review to Pending release
Applied in changeset ncf:commit:8e2ccea63fa7bac986f53ef36fb9e8ad9c9a1ae1.
- Related to Bug #14549: Error in technique editor when there is "$()" in a parameter of a method added
- Status changed from Pending release to Released
- Priority changed from 85 to 84
This bug has been fixed in Rudder 4.3.11 and 5.0.9 which were released today.
Also available in: Atom
PDF