Project

General

Profile

Bug #14934

Rudder directive API seem to take key-value order into account in json POST request

Added by Félix DALLIDET over 1 year ago. Updated 9 days ago.

Status:
Released
Priority:
N/A
Category:
API
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Priority:
43

Description

On my rudder server in 5.0, I tried to import a given technique from its json, I ended up not being able to import it if some key-value were on the wrong order.
Which should not be the case since I guess it should only be key-value based.

I put 2 files here containing some User directive, one works, the other doesn't.


root@server:/tmp# diff not_working.json working.json 
25,26c25,26
<                                                 "value": "linux-shadow-sha256:$5$YNADkZ07$htb77c7EFCvMnMriWLRK.MWDWkQOuZ8ErNJxW.TAK2A",
<                                                 "name": "USERGROUP_USER_PASSWORD" 
---
>                                                 "name": "USERGROUP_USER_PASSWORD", 
>                                                 "value": "linux-shadow-sha256:$5$YNADkZ07$htb77c7EFCvMnMriWLRK.MWDWkQOuZ8ErNJxW.TAK2A" 

The curl command used:

curl --show-error --silent --insecure --location --proxy '' --globoff -H "X-API-Token: xxxxxx" -X PUT "https://127.0.0.1/rudder/api/latest/directives" -H "Content-Type: application/json" -d @/tmp/working.json | jq ''

The error message was absolutly not clear about the error:

{
  "action": "createDirective",
  "result": "error",
  "errorDetails": "Could not create Directive <- Could not extract values from request <- Missing required attribute 'name' for <section>: JObject(List(JField(var,JObject(List(JField(value,JString(linux-shadow-sha256:$5$YNADkZ07$htb77c7EFCvMnMriWLRK.MWDWkQOuZ8ErNJxW.TAK2A)), JField(name,JString(USERGROUP_USER_PASSWORD)))))))" 
}

This is a template, please edit and remove what is not relevant.

I found this bug in Rudder version [Your Version here], on [Distribution here]

This bug happens:

  • During installation of Rudder agent / Rudder server
  • While running rudder agent on a Node
  • When using Rudder web interface
  • When looking at compliance of a Node
  • When configurations are generated on Rudder Server
  • When a Nodes applies a configuration

Description:

You can reproduce it with the following steps:

  • ...
  • ...

You can workaround this issue by doing likewise:


Files

working.json (5.46 KB) working.json Félix DALLIDET, 2019-05-22 10:21
not_working.json (5.46 KB) not_working.json Félix DALLIDET, 2019-05-22 10:21

Related issues

Related to Rudder - Bug #18170: LDAP search error with directive creation API when no id is providedNewFrançois ARMANDActions
#1

Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 5.0.12 to 5.0.13
#2

Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 5.0.13 to 5.0.14
#3

Updated by Vincent MEMBRÉ 12 months ago

  • Target version changed from 5.0.14 to 5.0.15
#4

Updated by Vincent MEMBRÉ 10 months ago

  • Target version changed from 5.0.15 to 5.0.16
#5

Updated by Alexis MOUSSET 7 months ago

  • Target version changed from 5.0.16 to 5.0.17
#6

Updated by Vincent MEMBRÉ 5 months ago

  • Target version changed from 5.0.17 to 5.0.18
#7

Updated by François ARMAND 3 months ago

  • Subject changed from Rudder API seem to take key-value order into account in json POST request to Rudder directive API seem to take key-value order into account in json POST request
  • Severity changed from Minor - inconvenience | misleading | easy workaround to Major - prevents use of part of Rudder | no simple workaround
  • User visibility set to Operational - other Techniques | Rudder settings | Plugins
  • Priority changed from 0 to 43

I don't think it's minor. It can break processes for absolutly no obvious reason, since the JSON is correct and the error message show the missing field. Finding the workaround is easy only if you know what the problem is.

#8

Updated by François ARMAND 3 months ago

  • Assignee set to Elaad FURREEDAN

Elaad, this is a good ticket to upskill in that part of rudder.

#9

Updated by Vincent MEMBRÉ 2 months ago

  • Target version changed from 5.0.18 to 5.0.19
#10

Updated by Vincent MEMBRÉ 29 days ago

  • Status changed from New to In progress
  • Assignee changed from Elaad FURREEDAN to Vincent MEMBRÉ
#11

Updated by Vincent MEMBRÉ 29 days ago

  • Assignee changed from Vincent MEMBRÉ to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/3193
#12

Updated by Vincent MEMBRÉ 28 days ago

  • Status changed from In progress to Pending release
#13

Updated by François ARMAND 18 days ago

We now get:

[2020-09-07 12:24:45] ERROR com.normation.ldap.sdk.RWPooledSimpleAuthConnectionProvider - Can't execute LDAP request
com.unboundid.ldap.sdk.LDAPSearchException: invalid DN
        at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3772)
        at com.unboundid.ldap.sdk.LDAPConnection.getEntry(LDAPConnection.java:1803)
        at com.unboundid.ldap.sdk.LDAPConnection.getEntry(LDAPConnection.java:1770)
        at com.normation.ldap.sdk.RoLDAPConnection.get(LDAPConnection.scala:312)
        at com.normation.ldap.sdk.RwLDAPConnection.save(LDAPConnection.scala:580)
        at com.normation.rudder.repository.ldap.WoLDAPDirectiveRepository.$anonfun$internalSaveDirective$10(LDAPDirectiveRepository.scala:595)
        at com.normation.rudder.repository.ldap.ScalaLock.$anonfun$apply$1(Lock.scala:46)
        at com.normation.rudder.repository.ldap.ScalaLock.map(Lock.scala:36)
        at com.normation.rudder.repository.ldap.ScalaLock.map$(Lock.scala:33)
        at com.normation.rudder.repository.ldap.ScalaLock$$anon$1.map(Lock.scala:60)
        at com.normation.rudder.repository.ldap.ScalaLock.apply(Lock.scala:46)
        at com.normation.rudder.repository.ldap.ScalaLock.apply$(Lock.scala:46)
        at com.normation.rudder.repository.ldap.ScalaLock$$anon$1.apply(Lock.scala:60)
        at com.normation.rudder.repository.ldap.WoLDAPDirectiveRepository.$anonfun$internalSaveDirective$9(LDAPDirectiveRepository.scala:595)
        at net.liftweb.common.Full.flatMap(Box.scala:856)
        at com.normation.rudder.repository.ldap.WoLDAPDirectiveRepository.$anonfun$internalSaveDirective$7(LDAPDirectiveRepository.scala:590)
        at net.liftweb.common.Full.flatMap(Box.scala:856)
        at com.normation.rudder.repository.ldap.WoLDAPDirectiveRepository.$anonfun$internalSaveDirective$3(LDAPDirectiveRepository.scala:560)
        at net.liftweb.common.Full.flatMap(Box.scala:856)
        at com.normation.rudder.repository.ldap.WoLDAPDirectiveRepository.$anonfun$internalSaveDirective$1(LDAPDirectiveRepository.scala:559)
        at com.normation.ldap.sdk.LDAPConnectionProvider.$anonfun$flatMap$1(LDAPConnectionProvider.scala:117)
        at com.normation.ldap.sdk.LDAPConnectionProvider.withCon(LDAPConnectionProvider.scala:154)
        at com.normation.ldap.sdk.LDAPConnectionProvider.withCon$(LDAPConnectionProvider.scala:143)
        at com.normation.ldap.sdk.RWPooledSimpleAuthConnectionProvider.withCon(LDAPConnectionProvider.scala:395)
        at com.normation.ldap.sdk.LDAPConnectionProvider.flatMap(LDAPConnectionProvider.scala:116)
        at com.normation.ldap.sdk.LDAPConnectionProvider.flatMap$(LDAPConnectionProvider.scala:115)
        at com.normation.ldap.sdk.RWPooledSimpleAuthConnectionProvider.flatMap(LDAPConnectionProvider.scala:395)
        at com.normation.rudder.repository.ldap.WoLDAPDirectiveRepository.internalSaveDirective(LDAPDirectiveRepository.scala:558)
        at com.normation.rudder.repository.ldap.WoLDAPDirectiveRepository.saveDirective(LDAPDirectiveRepository.scala:639)
        at com.normation.rudder.rest.lift.DirectiveAPIService2.$anonfun$actualDirectiveCreation$6(DirectiveApi.scala:283)
        at net.liftweb.common.Full.flatMap(Box.scala:856)
        at com.normation.rudder.rest.lift.DirectiveAPIService2.$anonfun$actualDirectiveCreation$1(DirectiveApi.scala:276)
        at net.liftweb.common.Full.flatMap(Box.scala:856)
        at com.normation.rudder.rest.lift.DirectiveAPIService2.actualDirectiveCreation(DirectiveApi.scala:270)
        at com.normation.rudder.rest.lift.DirectiveAPIService2.$anonfun$createDirective$8(DirectiveApi.scala:312)
        at com.normation.rudder.rest.RestUtils$.$anonfun$actionResponse2$3(RestUtils.scala:170)
        at net.liftweb.common.Full.flatMap(Box.scala:856)
        at com.normation.rudder.rest.RestUtils$.$anonfun$actionResponse2$2(RestUtils.scala:170)
        at net.liftweb.common.Full.flatMap(Box.scala:856)
        at com.normation.rudder.rest.RestUtils$.actionResponse2(RestUtils.scala:168)
        at com.normation.rudder.rest.lift.DirectiveApi.actionResponse(DirectiveApi.scala:96)

=> #18170

#14

Updated by François ARMAND 18 days ago

  • Related to Bug #18170: LDAP search error with directive creation API when no id is provided added
#16

Updated by Vincent MEMBRÉ 9 days ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 5.0.19, 6.0.8 and 6.1.4 which were released today.

Also available in: Atom PDF