Project

General

Profile

Actions

Bug #14934

closed

Rudder directive API seem to take key-value order into account in json POST request

Added by Félix DALLIDET over 5 years ago. Updated about 4 years ago.

Status:
Released
Priority:
N/A
Category:
API
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Priority:
43
Name check:
Fix check:
Checked
Regression:

Description

On my rudder server in 5.0, I tried to import a given technique from its json, I ended up not being able to import it if some key-value were on the wrong order.
Which should not be the case since I guess it should only be key-value based.

I put 2 files here containing some User directive, one works, the other doesn't.


root@server:/tmp# diff not_working.json working.json 
25,26c25,26
<                                                 "value": "linux-shadow-sha256:$5$YNADkZ07$htb77c7EFCvMnMriWLRK.MWDWkQOuZ8ErNJxW.TAK2A",
<                                                 "name": "USERGROUP_USER_PASSWORD" 
---
>                                                 "name": "USERGROUP_USER_PASSWORD", 
>                                                 "value": "linux-shadow-sha256:$5$YNADkZ07$htb77c7EFCvMnMriWLRK.MWDWkQOuZ8ErNJxW.TAK2A" 

The curl command used:

curl --show-error --silent --insecure --location --proxy '' --globoff -H "X-API-Token: xxxxxx" -X PUT "https://127.0.0.1/rudder/api/latest/directives" -H "Content-Type: application/json" -d @/tmp/working.json | jq ''

The error message was absolutly not clear about the error:

{
  "action": "createDirective",
  "result": "error",
  "errorDetails": "Could not create Directive <- Could not extract values from request <- Missing required attribute 'name' for <section>: JObject(List(JField(var,JObject(List(JField(value,JString(linux-shadow-sha256:$5$YNADkZ07$htb77c7EFCvMnMriWLRK.MWDWkQOuZ8ErNJxW.TAK2A)), JField(name,JString(USERGROUP_USER_PASSWORD)))))))" 
}

This is a template, please edit and remove what is not relevant.

I found this bug in Rudder version [Your Version here], on [Distribution here]

This bug happens:

  • During installation of Rudder agent / Rudder server
  • While running rudder agent on a Node
  • When using Rudder web interface
  • When looking at compliance of a Node
  • When configurations are generated on Rudder Server
  • When a Nodes applies a configuration

Description:

You can reproduce it with the following steps:

  • ...
  • ...

You can workaround this issue by doing likewise:


Files

working.json (5.46 KB) working.json Félix DALLIDET, 2019-05-22 10:21
not_working.json (5.46 KB) not_working.json Félix DALLIDET, 2019-05-22 10:21

Related issues 1 (1 open0 closed)

Related to Rudder - Bug #18170: LDAP search error with directive creation API when no id is providedNewFrançois ARMANDActions
Actions #1

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.12 to 5.0.13
Actions #2

Updated by Vincent MEMBRÉ about 5 years ago

  • Target version changed from 5.0.13 to 5.0.14
Actions #3

Updated by Vincent MEMBRÉ about 5 years ago

  • Target version changed from 5.0.14 to 5.0.15
Actions #4

Updated by Vincent MEMBRÉ almost 5 years ago

  • Target version changed from 5.0.15 to 5.0.16
Actions #5

Updated by Alexis Mousset almost 5 years ago

  • Target version changed from 5.0.16 to 5.0.17
Actions #6

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.17 to 5.0.18
Actions #7

Updated by François ARMAND over 4 years ago

  • Subject changed from Rudder API seem to take key-value order into account in json POST request to Rudder directive API seem to take key-value order into account in json POST request
  • Severity changed from Minor - inconvenience | misleading | easy workaround to Major - prevents use of part of Rudder | no simple workaround
  • User visibility set to Operational - other Techniques | Rudder settings | Plugins
  • Priority changed from 0 to 43

I don't think it's minor. It can break processes for absolutly no obvious reason, since the JSON is correct and the error message show the missing field. Finding the workaround is easy only if you know what the problem is.

Actions #8

Updated by François ARMAND over 4 years ago

  • Assignee set to Elaad FURREEDAN

Elaad, this is a good ticket to upskill in that part of rudder.

Actions #9

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.18 to 5.0.19
Actions #10

Updated by Vincent MEMBRÉ about 4 years ago

  • Status changed from New to In progress
  • Assignee changed from Elaad FURREEDAN to Vincent MEMBRÉ
Actions #11

Updated by Vincent MEMBRÉ about 4 years ago

  • Assignee changed from Vincent MEMBRÉ to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/3193
Actions #12

Updated by Vincent MEMBRÉ about 4 years ago

  • Status changed from In progress to Pending release
Actions #13

Updated by François ARMAND about 4 years ago

  • Fix check set to Error - Blocking

We now get:

[2020-09-07 12:24:45] ERROR com.normation.ldap.sdk.RWPooledSimpleAuthConnectionProvider - Can't execute LDAP request
com.unboundid.ldap.sdk.LDAPSearchException: invalid DN
        at com.unboundid.ldap.sdk.LDAPConnection.search(LDAPConnection.java:3772)
        at com.unboundid.ldap.sdk.LDAPConnection.getEntry(LDAPConnection.java:1803)
        at com.unboundid.ldap.sdk.LDAPConnection.getEntry(LDAPConnection.java:1770)
        at com.normation.ldap.sdk.RoLDAPConnection.get(LDAPConnection.scala:312)
        at com.normation.ldap.sdk.RwLDAPConnection.save(LDAPConnection.scala:580)
        at com.normation.rudder.repository.ldap.WoLDAPDirectiveRepository.$anonfun$internalSaveDirective$10(LDAPDirectiveRepository.scala:595)
        at com.normation.rudder.repository.ldap.ScalaLock.$anonfun$apply$1(Lock.scala:46)
        at com.normation.rudder.repository.ldap.ScalaLock.map(Lock.scala:36)
        at com.normation.rudder.repository.ldap.ScalaLock.map$(Lock.scala:33)
        at com.normation.rudder.repository.ldap.ScalaLock$$anon$1.map(Lock.scala:60)
        at com.normation.rudder.repository.ldap.ScalaLock.apply(Lock.scala:46)
        at com.normation.rudder.repository.ldap.ScalaLock.apply$(Lock.scala:46)
        at com.normation.rudder.repository.ldap.ScalaLock$$anon$1.apply(Lock.scala:60)
        at com.normation.rudder.repository.ldap.WoLDAPDirectiveRepository.$anonfun$internalSaveDirective$9(LDAPDirectiveRepository.scala:595)
        at net.liftweb.common.Full.flatMap(Box.scala:856)
        at com.normation.rudder.repository.ldap.WoLDAPDirectiveRepository.$anonfun$internalSaveDirective$7(LDAPDirectiveRepository.scala:590)
        at net.liftweb.common.Full.flatMap(Box.scala:856)
        at com.normation.rudder.repository.ldap.WoLDAPDirectiveRepository.$anonfun$internalSaveDirective$3(LDAPDirectiveRepository.scala:560)
        at net.liftweb.common.Full.flatMap(Box.scala:856)
        at com.normation.rudder.repository.ldap.WoLDAPDirectiveRepository.$anonfun$internalSaveDirective$1(LDAPDirectiveRepository.scala:559)
        at com.normation.ldap.sdk.LDAPConnectionProvider.$anonfun$flatMap$1(LDAPConnectionProvider.scala:117)
        at com.normation.ldap.sdk.LDAPConnectionProvider.withCon(LDAPConnectionProvider.scala:154)
        at com.normation.ldap.sdk.LDAPConnectionProvider.withCon$(LDAPConnectionProvider.scala:143)
        at com.normation.ldap.sdk.RWPooledSimpleAuthConnectionProvider.withCon(LDAPConnectionProvider.scala:395)
        at com.normation.ldap.sdk.LDAPConnectionProvider.flatMap(LDAPConnectionProvider.scala:116)
        at com.normation.ldap.sdk.LDAPConnectionProvider.flatMap$(LDAPConnectionProvider.scala:115)
        at com.normation.ldap.sdk.RWPooledSimpleAuthConnectionProvider.flatMap(LDAPConnectionProvider.scala:395)
        at com.normation.rudder.repository.ldap.WoLDAPDirectiveRepository.internalSaveDirective(LDAPDirectiveRepository.scala:558)
        at com.normation.rudder.repository.ldap.WoLDAPDirectiveRepository.saveDirective(LDAPDirectiveRepository.scala:639)
        at com.normation.rudder.rest.lift.DirectiveAPIService2.$anonfun$actualDirectiveCreation$6(DirectiveApi.scala:283)
        at net.liftweb.common.Full.flatMap(Box.scala:856)
        at com.normation.rudder.rest.lift.DirectiveAPIService2.$anonfun$actualDirectiveCreation$1(DirectiveApi.scala:276)
        at net.liftweb.common.Full.flatMap(Box.scala:856)
        at com.normation.rudder.rest.lift.DirectiveAPIService2.actualDirectiveCreation(DirectiveApi.scala:270)
        at com.normation.rudder.rest.lift.DirectiveAPIService2.$anonfun$createDirective$8(DirectiveApi.scala:312)
        at com.normation.rudder.rest.RestUtils$.$anonfun$actionResponse2$3(RestUtils.scala:170)
        at net.liftweb.common.Full.flatMap(Box.scala:856)
        at com.normation.rudder.rest.RestUtils$.$anonfun$actionResponse2$2(RestUtils.scala:170)
        at net.liftweb.common.Full.flatMap(Box.scala:856)
        at com.normation.rudder.rest.RestUtils$.actionResponse2(RestUtils.scala:168)
        at com.normation.rudder.rest.lift.DirectiveApi.actionResponse(DirectiveApi.scala:96)

=> #18170

Actions #14

Updated by François ARMAND about 4 years ago

  • Related to Bug #18170: LDAP search error with directive creation API when no id is provided added
Actions #15

Updated by François ARMAND about 4 years ago

  • Fix check changed from Error - Blocking to Checked
Actions #16

Updated by Vincent MEMBRÉ about 4 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 5.0.19, 6.0.8 and 6.1.4 which were released today.

Actions

Also available in: Atom PDF