Project

General

Profile

Actions

Bug #20498

closed

Compliance issue in 7.0 because of invalid expected reports

Added by Nicolas CHARLES 11 months ago. Updated 11 months ago.

Status:
Released
Priority:
N/A
Category:
Web - Compliance & node report
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Regression:

Description

It's been spotted on the wild, with nodes/reports without any compliance
In this example, nodes are in changes only

everything is in success

so something is problematic

It's been seen with nodes not in changes only


Files


Related issues 3 (0 open3 closed)

Related to Rudder - Bug #20124: Duplicated expected reports leads to bad compliance for technique with blocksReleasedFrançois ARMANDActions
Related to Rudder - Bug #19990: Technique editor blocks do not report as expectedReleasedFrançois ARMANDActions
Related to Rudder - User story #19323: Be able to group reporting and methods so that we have clearer techniques and a better reportingReleasedFrançois ARMANDActions
Actions #1

Updated by Nicolas CHARLES 11 months ago

the expected reports are false

"directives":[{"directiveId":"b1a63da2-ca25-433d-a28b-2850ff0ab809","isSystem":false,"components":[{"componentName":"SSH key","values":[],"unexpanded":[]},{"componentName":"Flush SSH file","values":[],"unexpanded":[]}]}]},{"ruleId":"inventory-all","directives":[{"directiveId":"inventory-all","isSystem":true,"components":[{"componentName":"Inventory","values":["None"],"unexpanded":["None"]}]}]}

Actions #2

Updated by Nicolas CHARLES 11 months ago

  • Subject changed from Compliance issue in 7.0 to Compliance issue in 7.0 because of invalid expected reports
Actions #3

Updated by Nicolas CHARLES 11 months ago

issue is in RuleExpectedReportBuilder

we put in

List(Policy(PolicyId(RuleId(RuleUid(32377fd7-02fd-43d0-aab7-28460a91347b),Revision(default)),DirectiveId(DirectiveUid(a9de189e-9202-4646-b900-711d2e77c7ff),Revision(default)),3.3),Global configuration for all nodes,MOTD and pre-login banner,PolicyTechnique(motdConfiguration/3.3,AgentConfig(cfengine-community,List(TechniqueTemplate(TechniqueResourceIdByName(motdConfiguration/3.3,config),motdConfiguration/3.3/config.cf,true), TechniqueTemplate(TechniqueResourceIdByName(motdConfiguration/3.3,main),motdConfiguration/3.3/main.cf,true)),List(),List(BundleName(rudder_motd)),List()),TrackerVariableSpec(None),SectionSpec(SECTIONS,false,false,None,HighDisplayPriority,,List(SectionSpec(MOTD Configuration,false,true,None,HighDisplayPriority,,List(InputVariableSpec(MOTD,Message of the day (MOTD) to display,,false,true,Constraint(TextareaVType(None),None,false,Set())), SelectOneVariableSpec(MOTD_LOCATION,Where should this text be added in the MOTD,This option defines if the content specified before should be appended or prepended to the file. It is irrelevant if you enforce the file content (option below), or on Windows,List(ValueLabel(before,At the beginning), ValueLabel(after,At the end)),false,true,Constraint(BasicStringVType(None),Some(after),false,Set())), SelectOneVariableSpec(MOTD_EMPTY,Replace the existing content of the MOTD,This option will remove any existing messages in the motd file and replace them with the text provided above. On Windows, the provided text will always remove any existing message,List(ValueLabel(true,Yes), ValueLabel(false,No)),false,true,Constraint(BasicStringVType(None),Some(false),false,Set())), SelectOneVariableSpec(MOTD_BANNER,Display also this message before login,If this option is set, the text will also be printed before the login prompt (by editing /etc/issue and /etc/issue.net). Not available on Windows.,List(ValueLabel(true,Yes), ValueLabel(false,No)),false,true,Constraint(BasicStringVType(None),Some(false),false,Set()))),None)),None),Set(),false,false,MergeDirectives,false),2021-11-17T22:18:38.081+01:00,NonEmptyList(PolicyVars(PolicyId(RuleId(RuleUid(32377fd7-02fd-43d0-aab7-28460a91347b),Revision(default)),DirectiveId(DirectiveUid(a9de189e-9202-4646-b900-711d2e77c7ff),Revision(default)),3.3),None,Map(ComponentId(MOTD,List(MOTD Configuration, SECTIONS)) -> MOTD: [sqdfsdfsq], ComponentId(MOTD_EMPTY,List(MOTD Configuration, SECTIONS)) -> MOTD_EMPTY: [false], ComponentId(MOTD_BANNER,List(MOTD Configuration, SECTIONS)) -> MOTD_BANNER: [false], ComponentId(MOTD_LOCATION,List(MOTD Configuration, SECTIONS)) -> MOTD_LOCATION: [after]),HashMap(ComponentId(MOTD,List(MOTD Configuration, SECTIONS)) -> MOTD: [sqdfsdfsq], ComponentId(MOTD_EMPTY,List(MOTD Configuration, SECTIONS)) -> MOTD_EMPTY: [false], ComponentId(MOTD_BANNER,List(MOTD Configuration, SECTIONS)) -> MOTD_BANNER: [false], ComponentId(TRACKINGKEY,List()) -> TRACKINGKEY: [], ComponentId(MOTD_LOCATION,List(MOTD Configuration, SECTIONS)) -> MOTD_LOCATION: [after]),TRACKINGKEY: [32377fd7-02fd-43d0-a...])),5,None,BundleOrder(Global configuration for all nodes),BundleOrder(MOTD and pre-login banner),Set(PolicyId(RuleId(RuleUid(2279a609-8432-4710-a31e-cf0cad86251e),Revision(default)),DirectiveId(DirectiveUid(a9de189e-9202-4646-b900-711d2e77c7ff),Revision(default)),3.3))), Policy(PolicyId(RuleId(RuleUid(dce2ce33-df6b-4abd-b367-7acd082a82a0),Revision(default)),DirectiveId(DirectiveUid(e7ebaa8f-7bb6-4217-9b4c-505068d4adf1),Revision(default)),4.0),relays key on root,SSH authorised keys,PolicyTechnique(sshKeyDistribution/4.0,AgentConfig(cfengine-community,List(TechniqueTemplate(TechniqueResourceIdByName(sshKeyDistribution/4.0,sshKeyDistribution),sshKeyDistribution/4.0/sshKeyDistribution.cf,true)),List(),List(BundleName(check_ssh_key_distribution_RudderUniqueID)),List(RunHook(runhook_sshKeyDistribution_pre_hook,Pre,Report(PLACEHOLDER,None),List()), RunHook(runhook_sshKeyDistribution_post_hook,Post,Report(PLACEHOLDER,None),List()))),TrackerVariableSpec(Some(SSH_KEY_DISTRIBUTION_NAME)),SectionSpec(SECTIONS,false,false,None,HighDisplayPriority,,List(SectionSpec(SSH key management,true,false,None,HighDisplayPriority,,List(SectionSpec(SSH key,false,true,Some(SSH_KEY_DISTRIBUTION_TAG),HighDisplayPriority,,List(InputVariableSpec(SSH_KEY_DISTRIBUTION_TAG,Key tag (for tracking only),Enter a tag to track this key in reports, i.e. "root #1" or "Operations key". It will not be used in the authorized_keys file.,true,true,Constraint(BasicStringVType(None),None,false,Set())), InputVariableSpec(SSH_KEY_DISTRIBUTION_NAME,Username,User to apply the key to,true,true,Constraint(BasicStringVType(None),None,false,Set())), InputVariableSpec(SSH_KEY_DISTRIBUTION_KEY,Key,Full content of the key to insert in authorized_keys format, may include comments.,true,true,Constraint(TextareaVType(None),None,false,Set()))),None), SectionSpec(Flush SSH file,false,true,Some(SSH_KEY_DISTRIBUTION_TAG),HighDisplayPriority,,List(SelectOneVariableSpec(SSH_KEY_DISTRIBUTION_EDIT_TYPE,Remove other keys,Flush the authorized keys file - only keys managed by Rudder will remain in this file. If any key for a user has this parameter set, and is not in audit mode, then all keys non managed by Rudder for this user will be purged. Also, if any keys checked in audit mode is non compliant for a given user, the keys won't be purged.,List(ValueLabel(true,Yes), ValueLabel(false,No)),true,true,Constraint(BasicStringVType(None),Some(false),false,Set()))),None)),None)),None),Set(),true,false,MultipleDirectives,false),2021-11-17T22:18:37.376+01:00,NonEmptyList(PolicyVars(PolicyId(RuleId(RuleUid(dce2ce33-df6b-4abd-b367-7acd082a82a0),Revision(default)),DirectiveId(DirectiveUid(e7ebaa8f-7bb6-4217-9b4c-505068d4adf1),Revision(default)),4.0),None,Map(ComponentId(SSH_KEY_DISTRIBUTION_EDIT_TYPE,List(Flush SSH file, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_EDIT_TYPE: [false, false], ComponentId(SSH_KEY_DISTRIBUTION_NAME,List(SSH key, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_NAME: [root, root], ComponentId(SSH_KEY_DISTRIBUTION_TAG,List(SSH key, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_TAG: [relay1, relay2], ComponentId(SSH_KEY_DISTRIBUTION_KEY,List(SSH key, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_KEY: [ssh-rsa AAAAB3NzaC1y..., ssh-rsa AAAAB3NzaC1y...]),HashMap(ComponentId(TRACKINGKEY,List()) -> TRACKINGKEY: [], ComponentId(SSH_KEY_DISTRIBUTION_EDIT_TYPE,List(Flush SSH file, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_EDIT_TYPE: [false, false], ComponentId(SSH_KEY_DISTRIBUTION_NAME,List(SSH key, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_NAME: [root, root], ComponentId(SSH_KEY_DISTRIBUTION_TAG,List(SSH key, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_TAG: [relay1, relay2], ComponentId(SSH_KEY_DISTRIBUTION_KEY,List(SSH key, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_KEY: [ssh-rsa AAAAB3NzaC1y..., ssh-rsa AAAAB3NzaC1y...]),TRACKINGKEY: [dce2ce33-df6b-4abd-b..., dce2ce33-df6b-4abd-b...])),5,None,BundleOrder(relays key on root),BundleOrder(SSH authorised keys),Set()), Policy(PolicyId(RuleId(RuleUid(hasPolicyServer-root),Revision(default)),DirectiveId(DirectiveUid(common-hasPolicyServer-root),Revision(default)),1.0),Rudder system policy: basic setup (common),Common,PolicyTechnique(common/1.0,AgentConfig(cfengine-community,List(TechniqueTemplate(TechniqueResourceIdByName(common/1.0,common),common/1.0/common.cf,true), TechniqueTemplate(TechniqueResourceIdByName(common/1.0,cf-serverd),common/1.0/cf-serverd.cf,true), TechniqueTemplate(TechniqueResourceIdByName(common/1.0,update),common/1.0/update.cf,true), TechniqueTemplate(TechniqueResourceIdByName(common/1.0,failsafe),failsafe.cf,false), TechniqueTemplate(TechniqueResourceIdByName(common/1.0,promises),promises.cf,false), TechniqueTemplate(TechniqueResourceIdByName(common/1.0,rudder-directives),rudder-directives.cf,true), TechniqueTemplate(TechniqueResourceIdByName(common/1.0,rudder-system-directives),rudder-system-directives.cf,true), TechniqueTemplate(TechniqueResourceIdByName(common/1.0,rudder-promises-generated),rudder-promises-generated,false), TechniqueTemplate(TechniqueResourceIdByName(common/1.0,rudder_promises_generated),rudder_promises_generated,false), TechniqueTemplate(TechniqueResourceIdByName(common/1.0,rudder-parameters),common/1.0/rudder-parameters.cf,true), TechniqueTemplate(TechniqueResourceIdByName(common/1.0,run_interval),run_interval,false), TechniqueTemplate(TechniqueResourceIdByName(common/1.0,rudder-groups),common/1.0/rudder-groups.cf,true), TechniqueTemplate(TechniqueResourceIdByName(common/1.0,rudder-vars),rudder-vars.json,false)),List(TechniqueFile(TechniqueResourceIdByName(common/1.0,hooks.cf),common/1.0/hooks.cf,true), TechniqueFile(TechniqueResourceIdByName(common/1.0,cron-setup.cf),common/1.0/cron-setup.cf,true), TechniqueFile(TechniqueResourceIdByName(common/1.0,site.cf),common/1.0/site.cf,true), TechniqueFile(TechniqueResourceIdByName(common/1.0,monitoring.cf),common/1.0/monitoring.cf,true), TechniqueFile(TechniqueResourceIdByName(common/1.0,restart-services.cf),common/1.0/restart-services.cf,true), TechniqueFile(TechniqueResourceIdByName(common/1.0,internal-security.cf),common/1.0/internal-security.cf,true), TechniqueFile(TechniqueResourceIdByName(common/1.0,environment-variables.cf),common/1.0/environment-variables.cf,true), TechniqueFile(TechniqueResourceIdByName(common/1.0,properties.cf),common/1.0/properties.cf,true), TechniqueFile(TechniqueResourceIdByName(common/1.0,reporting-http.cf),common/1.0/reporting-http.cf,true), TechniqueFile(TechniqueResourceIdByName(common/1.0,rudder-agent-community-cron),common/cron/rudder-agent-community-cron,false)),List(),List()),TrackerVariableSpec(None),SectionSpec(SECTIONS,false,false,None,HighDisplayPriority,,List(SectionSpec(Update,false,true,None,HighDisplayPriority,,List(),None), SectionSpec(ncf Initialization,false,true,None,HighDisplayPriority,,List(),None), SectionSpec(Security parameters,false,true,None,HighDisplayPriority,,List(),None), SectionSpec(Log system for reports,false,true,None,HighDisplayPriority,,List(),None), SectionSpec(CRON Daemon,false,true,None,HighDisplayPriority,,List(),None), SectionSpec(Monitoring,false,true,None,HighDisplayPriority,,List(),None), SectionSpec(common,false,false,None,HighDisplayPriority,,List(InputVariableSpec(POLICYSERVER_ADMIN,The policy server admin allowed to connect to this node via cf-runagent (see also distributePolicy.ADMIN),,false,true,Constraint(BasicStringVType(None),None,false,Set())), InputVariableSpec(OWNER,User launching cfe (usually root),,false,true,Constraint(BasicStringVType(None),None,false,Set())), InputVariableSpec(UUID,UUID of the machine,,false,true,Constraint(BasicStringVType(None),None,false,Set())), InputVariableSpec(POLICYSERVER_ID,UUID of the policy server,,false,true,Constraint(BasicStringVType(None),None,false,Set())), SectionSpec(authorizedNetworkSection,true,false,None,HighDisplayPriority,,List(InputVariableSpec(ALLOWEDNETWORK,The network(s) allowed to connect to the server (can use the / parameter),,true,true,Constraint(BasicStringVType(None),None,true,Set()))),None)),None)),None),HashSet(SystemVariableSpec(DAVUSER,Username for webdav user,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(RUDDER_REPORT_MODE,Defines if Rudder should send compliance reports or only change (error, repair) one. (default full-compliance),,List(),false,true,Constraint(BasicStringVType(Some(RegexConstraint((full-compliance|changes-only|reports-disabled),Forbiden value, only 'full-compliance' or 'changes-only' or 'reports-disabled' are authorized))),Some(full-compliance),false,Set())), SystemVariableSpec(RUDDER_INVENTORY_VARS,Rudder inventory variables,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(COMMUNITY,The Cfengine Community agent,,List(),false,true,Constraint(BasicStringVType(None),None,true,Set())), SystemVariableSpec(RUDDER_COMPLIANCE_MODE,Rudder compliance mode (enforce or audit),,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(CFENGINE_OUTPUTS_TTL,Number of days to retain CFEngine outputs files,,List(),false,true,Constraint(IntegerVType(None),None,false,Set())), SystemVariableSpec(MANAGED_NODES_NAME,Hostname of nodes managed by the policy server,,List(),true,true,Constraint(BasicStringVType(None),None,true,Set())), SystemVariableSpec(RUDDER_NODE_GROUPS_VARS,The array of group_UUID => group_NAME for the node, in a formatted string,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(RUDDER_HEARTBEAT_INTERVAL,Interval between two heartbeat sending in changes-only mode (in number of runs),,List(),false,true,Constraint(IntegerVType(None),None,false,Set())), SystemVariableSpec(AGENT_RUN_SPLAYTIME,Splaytime (in minutes) for the agent execution,,List(),false,true,Constraint(IntegerVType(None),None,false,Set())), SystemVariableSpec(MANAGED_NODES_ADMIN,Administrator login of nodes managed by the policy server,,List(),true,true,Constraint(BasicStringVType(None),None,true,Set())), SystemVariableSpec(RUDDER_VERIFY_CERTIFICATES,Enforce certificate validation in all HTTPS calls,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(MANAGED_NODES_KEY,Hash of CFEngine KEY of nodes managed by the policy server,,List(),true,true,Constraint(BasicStringVType(None),None,true,Set())), SystemVariableSpec(RUDDER_DIRECTIVES_SEQUENCE,The sequence of bundle to use as method call in bundle rudder_directives, in a formatted string,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(INPUTLIST,Input list,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(DAVPASSWORD,Password for webdav user,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(MANAGED_NODES_ID,UUID of nodes managed by the policy server,,List(),true,true,Constraint(BasicStringVType(None),None,true,Set())), SystemVariableSpec(RUDDER_DIRECTIVES_INPUTS,The list of inputs specific to bundles RUDDER_DIRECTIVES_SEQUENCE, in a formatted string,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(BUNDLELIST,Bundle list,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(RUDDER_SYSTEM_DIRECTIVES_SEQUENCE,The sequence of bundle to use as method call in bundle rudder_system_directives, in a formatted string,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(RUDDER_NODE_CONFIG_ID,Store the node configuration version (actually an identifier) of a node,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(COMMUNITYPORT,The port used for policy distribution by cf-engine,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(ALLOWED_NETWORKS,Networks authorized to connect to the policy server,,List(),true,true,Constraint(BasicStringVType(None),None,true,Set())), SystemVariableSpec(SHARED_FILES_FOLDER,The path to the shared files folder,,List(),false,true,Constraint(BasicStringVType(None),None,true,Set())), SystemVariableSpec(RUDDER_SYSTEM_DIRECTIVES_INPUTS,The list of inputs specific to bundles RUDDER_SYSTEM_DIRECTIVES_SEQUENCE, in a formatted string,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(RUDDER_NODE_KIND,Node kind: root, relay, or node,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(CONFIGURATION_REPOSITORY_FOLDER,The path to the configuration repository folder,,List(),false,true,Constraint(BasicStringVType(None),None,true,Set())), SystemVariableSpec(RUDDER_NODE_GROUPS_CLASSES,The classes definition for groups, both group_UUID and group_normalized(NAME), in a formatted string,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(AGENT_RUN_SCHEDULE,Schedule for the executor daemon,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(POLICY_SERVER_KEY,Hash of CFEngine KEY of the policy server,,List(),false,true,Constraint(BasicStringVType(None),None,true,Set())), SystemVariableSpec(DENYBADCLOCKS,Should CFEngine server accept connection from agent with a desynchronized clock?,,List(),false,true,Constraint(BooleanVType,Some(true),false,Set())), SystemVariableSpec(MODIFIED_FILES_TTL,Number of days to retain modified files,,List(),false,true,Constraint(IntegerVType(None),None,false,Set())), SystemVariableSpec(AGENT_RUN_INTERVAL,Run interval (in minutes) at which the agent runs,,List(),false,true,Constraint(IntegerVType(None),None,false,Set()))),false,true,MergeDirectives,false),2021-07-23T20:45:28.999+02:00,NonEmptyList(PolicyVars(PolicyId(RuleId(RuleUid(hasPolicyServer-root),Revision(default)),DirectiveId(DirectiveUid(common-hasPolicyServer-root),Revision(default)),1.0),None,HashMap(ComponentId(RUDDER_DIRECTIVES_INPUTS,List()) -> RUDDER_DIRECTIVES_INPUTS: [], ComponentId(POLICY_SERVER_KEY,List()) -> POLICY_SERVER_KEY: [], ComponentId(UUID,List(common, SECTIONS)) -> UUID: [root], ComponentId(RUDDER_DIRECTIVES_SEQUENCE,List()) -> RUDDER_DIRECTIVES_SEQUENCE: [], ComponentId(CFENGINE_OUTPUTS_TTL,List()) -> CFENGINE_OUTPUTS_TTL: [], ComponentId(RUDDER_SYSTEM_DIRECTIVES_INPUTS,List()) -> RUDDER_SYSTEM_DIRECTIVES_INPUTS: [], ComponentId(AGENT_RUN_INTERVAL,List()) -> AGENT_RUN_INTERVAL: [], ComponentId(BUNDLELIST,List()) -> BUNDLELIST: [], ComponentId(RUDDER_VERIFY_CERTIFICATES,List()) -> RUDDER_VERIFY_CERTIFICATES: [], ComponentId(RUDDER_INVENTORY_VARS,List()) -> RUDDER_INVENTORY_VARS: [], ComponentId(DAVPASSWORD,List()) -> DAVPASSWORD: [], ComponentId(DAVUSER,List()) -> DAVUSER: [], ComponentId(RUDDER_HEARTBEAT_INTERVAL,List()) -> RUDDER_HEARTBEAT_INTERVAL: [], ComponentId(AGENT_RUN_SCHEDULE,List()) -> AGENT_RUN_SCHEDULE: [], ComponentId(RUDDER_SYSTEM_DIRECTIVES_SEQUENCE,List()) -> RUDDER_SYSTEM_DIRECTIVES_SEQUENCE: [], ComponentId(RUDDER_NODE_GROUPS_CLASSES,List()) -> RUDDER_NODE_GROUPS_CLASSES: [], ComponentId(RUDDER_NODE_GROUPS_VARS,List()) -> RUDDER_NODE_GROUPS_VARS: [], ComponentId(DENYBADCLOCKS,List()) -> DENYBADCLOCKS: [], ComponentId(COMMUNITYPORT,List()) -> COMMUNITYPORT: [], ComponentId(RUDDER_NODE_CONFIG_ID,List()) -> RUDDER_NODE_CONFIG_ID: [], ComponentId(CONFIGURATION_REPOSITORY_FOLDER,List()) -> CONFIGURATION_REPOSITORY_FOLDER: [], ComponentId(POLICYSERVER_ID,List(common, SECTIONS)) -> POLICYSERVER_ID: [root], ComponentId(ALLOWEDNETWORK,List(authorizedNetworkSection, common, SECTIONS)) -> ALLOWEDNETWORK: [], ComponentId(POLICYSERVER_ADMIN,List(common, SECTIONS)) -> POLICYSERVER_ADMIN: [root], ComponentId(AGENT_RUN_SPLAYTIME,List()) -> AGENT_RUN_SPLAYTIME: [], ComponentId(INPUTLIST,List()) -> INPUTLIST: [], ComponentId(SHARED_FILES_FOLDER,List()) -> SHARED_FILES_FOLDER: [], ComponentId(MANAGED_NODES_KEY,List()) -> MANAGED_NODES_KEY: [], ComponentId(MANAGED_NODES_ADMIN,List()) -> MANAGED_NODES_ADMIN: [], ComponentId(MODIFIED_FILES_TTL,List()) -> MODIFIED_FILES_TTL: [], ComponentId(MANAGED_NODES_ID,List()) -> MANAGED_NODES_ID: [], ComponentId(ALLOWED_NETWORKS,List()) -> ALLOWED_NETWORKS: [], ComponentId(RUDDER_NODE_KIND,List()) -> RUDDER_NODE_KIND: [], ComponentId(RUDDER_COMPLIANCE_MODE,List()) -> RUDDER_COMPLIANCE_MODE: [], ComponentId(RUDDER_REPORT_MODE,List()) -> RUDDER_REPORT_MODE: [], ComponentId(MANAGED_NODES_NAME,List()) -> MANAGED_NODES_NAME: [], ComponentId(COMMUNITY,List()) -> COMMUNITY: [], ComponentId(OWNER,List(common, SECTIONS)) -> OWNER: [root]),HashMap(ComponentId(RUDDER_DIRECTIVES_INPUTS,List()) -> RUDDER_DIRECTIVES_INPUTS: [], ComponentId(POLICY_SERVER_KEY,List()) -> POLICY_SERVER_KEY: [], ComponentId(UUID,List(common, SECTIONS)) -> UUID: [${rudder.node.id}], ComponentId(RUDDER_DIRECTIVES_SEQUENCE,List()) -> RUDDER_DIRECTIVES_SEQUENCE: [], ComponentId(CFENGINE_OUTPUTS_TTL,List()) -> CFENGINE_OUTPUTS_TTL: [], ComponentId(RUDDER_SYSTEM_DIRECTIVES_INPUTS,List()) -> RUDDER_SYSTEM_DIRECTIVES_INPUTS: [], ComponentId(AGENT_RUN_INTERVAL,List()) -> AGENT_RUN_INTERVAL: [], ComponentId(BUNDLELIST,List()) -> BUNDLELIST: [], ComponentId(RUDDER_VERIFY_CERTIFICATES,List()) -> RUDDER_VERIFY_CERTIFICATES: [], ComponentId(RUDDER_INVENTORY_VARS,List()) -> RUDDER_INVENTORY_VARS: [], ComponentId(DAVPASSWORD,List()) -> DAVPASSWORD: [], ComponentId(DAVUSER,List()) -> DAVUSER: [], ComponentId(RUDDER_HEARTBEAT_INTERVAL,List()) -> RUDDER_HEARTBEAT_INTERVAL: [], ComponentId(AGENT_RUN_SCHEDULE,List()) -> AGENT_RUN_SCHEDULE: [], ComponentId(RUDDER_SYSTEM_DIRECTIVES_SEQUENCE,List()) -> RUDDER_SYSTEM_DIRECTIVES_SEQUENCE: [], ComponentId(RUDDER_NODE_GROUPS_CLASSES,List()) -> RUDDER_NODE_GROUPS_CLASSES: [], ComponentId(RUDDER_NODE_GROUPS_VARS,List()) -> RUDDER_NODE_GROUPS_VARS: [], ComponentId(DENYBADCLOCKS,List()) -> DENYBADCLOCKS: [], ComponentId(COMMUNITYPORT,List()) -> COMMUNITYPORT: [], ComponentId(RUDDER_NODE_CONFIG_ID,List()) -> RUDDER_NODE_CONFIG_ID: [], ComponentId(CONFIGURATION_REPOSITORY_FOLDER,List()) -> CONFIGURATION_REPOSITORY_FOLDER: [], ComponentId(POLICYSERVER_ID,List(common, SECTIONS)) -> POLICYSERVER_ID: [${rudder.node.policyserver.id}], ComponentId(ALLOWEDNETWORK,List(authorizedNetworkSection, common, SECTIONS)) -> ALLOWEDNETWORK: [], ComponentId(POLICYSERVER_ADMIN,List(common, SECTIONS)) -> POLICYSERVER_ADMIN: [${rudder.node.policyserver.admin}], ComponentId(AGENT_RUN_SPLAYTIME,List()) -> AGENT_RUN_SPLAYTIME: [], ComponentId(INPUTLIST,List()) -> INPUTLIST: [], ComponentId(SHARED_FILES_FOLDER,List()) -> SHARED_FILES_FOLDER: [], ComponentId(TRACKINGKEY,List()) -> TRACKINGKEY: [], ComponentId(MANAGED_NODES_KEY,List()) -> MANAGED_NODES_KEY: [], ComponentId(MANAGED_NODES_ADMIN,List()) -> MANAGED_NODES_ADMIN: [], ComponentId(MODIFIED_FILES_TTL,List()) -> MODIFIED_FILES_TTL: [], ComponentId(MANAGED_NODES_ID,List()) -> MANAGED_NODES_ID: [], ComponentId(ALLOWED_NETWORKS,List()) -> ALLOWED_NETWORKS: [], ComponentId(RUDDER_NODE_KIND,List()) -> RUDDER_NODE_KIND: [], ComponentId(RUDDER_COMPLIANCE_MODE,List()) -> RUDDER_COMPLIANCE_MODE: [], ComponentId(RUDDER_REPORT_MODE,List()) -> RUDDER_REPORT_MODE: [], ComponentId(MANAGED_NODES_NAME,List()) -> MANAGED_NODES_NAME: [], ComponentId(COMMUNITY,List()) -> COMMUNITY: [], ComponentId(OWNER,List(common, SECTIONS)) -> OWNER: [${rudder.node.admin}]),TRACKINGKEY: [hasPolicyServer-root...])),0,None,BundleOrder(Rudder system policy: basic setup (common)),BundleOrder(Common),Set()), Policy(PolicyId(RuleId(RuleUid(policy-server-root),Revision(default)),DirectiveId(DirectiveUid(rudder-service-apache-root),Revision(default)),1.0),Rudder system policy: Server components,Rudder Apache,PolicyTechnique(rudder-service-apache/1.0,AgentConfig(cfengine-community,List(TechniqueTemplate(TechniqueResourceIdByName(rudder-service-apache/1.0,apache/main),rudder-service-apache/1.0/apache/main.cf,true), TechniqueTemplate(TechniqueResourceIdByName(rudder-service-apache/1.0,apache/nodescerts.pem),rudder-service-apache/1.0/apache/nodescerts.pem,false)),List(TechniqueFile(TechniqueResourceIdByName(rudder-service-apache/1.0,apache/apache-certificate.cf),rudder-service-apache/1.0/apache/apache-certificate.cf,true), TechniqueFile(TechniqueResourceIdByName(rudder-service-apache/1.0,apache/system_rudder_apache_networks_configuration.cf),rudder-service-apache/1.0/apache/system_rudder_apache_networks_configuration.cf,true), TechniqueFile(TechniqueResourceIdByName(rudder-service-apache/1.0,apache/system_rudder_apache_webdav_configuration.cf),rudder-service-apache/1.0/apache/system_rudder_apache_webdav_configuration.cf,true), TechniqueFile(TechniqueResourceIdByName(rudder-service-apache/1.0,apache/logrotate.cf),rudder-service-apache/1.0/apache/logrotate.cf,true), TechniqueFile(TechniqueResourceIdByName(rudder-service-apache/1.0,apache/apache-logrotate.mustache),rudder-service-apache/1.0/apache/apache-logrotate.mustache,false)),List(BundleName(system_rudder_apache_configuration)),List()),TrackerVariableSpec(None),SectionSpec(SECTIONS,false,false,None,HighDisplayPriority,,List(SectionSpec(Apache service,true,true,Some(expectedReportKey Apache service),HighDisplayPriority,,List(PredefinedValuesVariableSpec(expectedReportKey Apache service,Expected Report key names for component Apache service,(Enabled,List(Started)),,true,true,Constraint(BasicStringVType(None),None,false,Set()))),None), SectionSpec(Apache configuration,true,true,Some(expectedReportKey Apache configuration),HighDisplayPriority,,List(PredefinedValuesVariableSpec(expectedReportKey Apache configuration,Expected Report key names for component Apache configuration,(Allowed networks permissions,List(Allowed networks configuration, Remote run permissions, Remote run configuration, Webdav configuration, Webdav permissions, Logrotate)),,true,true,Constraint(BasicStringVType(None),None,false,Set()))),None), SectionSpec(Configure apache certificate,true,true,Some(expectedReportKey Configure apache certificate),HighDisplayPriority,,List(PredefinedValuesVariableSpec(expectedReportKey Configure apache certificate,Expected Report key names for component Configure apache certificate,(Permissions,List(Apache certificate)),,true,true,Constraint(BasicStringVType(None),None,false,Set()))),None)),None),Set(SystemVariableSpec(MANAGED_NODES_CERT_PEM,PEM encoded certificate of the node,,List(),true,true,Constraint(BasicStringVType(None),None,true,Set())), SystemVariableSpec(HTTPS_POLICY_DISTRIBUTION_PORT,The port used for policy distribution on HTTPS,,List(),false,true,Constraint(RawVType,None,false,Set()))),false,true,MergeDirectives,true),2021-07-23T20:45:28.999+02:00,NonEmptyList(PolicyVars(PolicyId(RuleId(RuleUid(policy-server-root),Revision(default)),DirectiveId(DirectiveUid(rudder-service-apache-root),Revision(default)),1.0),None,HashMap(ComponentId(expectedReportKey Configure apache certificate,List(Configure apache certificate, SECTIONS)) -> expectedReportKey Configure apache certificate: [Permissions, Apache certificate], ComponentId(expectedReportKey Apache service,List(Apache service, SECTIONS)) -> expectedReportKey Apache service: [Enabled, Started], ComponentId(expectedReportKey Apache configuration,List(Apache configuration, SECTIONS)) -> expectedReportKey Apache configuration: [Allowed networks per..., Allowed networks con..., Remote run permissio..., Remote run configura..., Webdav configuration..., Webdav permissions, Logrotate], ComponentId(MANAGED_NODES_CERT_PEM,List()) -> MANAGED_NODES_CERT_PEM: [], ComponentId(HTTPS_POLICY_DISTRIBUTION_PORT,List()) -> HTTPS_POLICY_DISTRIBUTION_PORT: []),HashMap(ComponentId(expectedReportKey Configure apache certificate,List(Configure apache certificate, SECTIONS)) -> expectedReportKey Configure apache certificate: [Permissions, Apache certificate], ComponentId(expectedReportKey Apache service,List(Apache service, SECTIONS)) -> expectedReportKey Apache service: [Enabled, Started], ComponentId(TRACKINGKEY,List()) -> TRACKINGKEY: [], ComponentId(expectedReportKey Apache configuration,List(Apache configuration, SECTIONS)) -> expectedReportKey Apache configuration: [Allowed networks per..., Allowed networks con..., Remote run permissio..., Remote run configura..., Webdav configuration..., Webdav permissions, Logrotate], ComponentId(MANAGED_NODES_CERT_PEM,List()) -> MANAGED_NODES_CERT_PEM: [], ComponentId(HTTPS_POLICY_DISTRIBUTION_PORT,List()) -> HTTPS_POLICY_DISTRIBUTION_PORT: []),TRACKINGKEY: [policy-server-root@@...])),5,None,BundleOrder(Rudder system policy: Server components),BundleOrder(Rudder Apache),Set()), Policy(PolicyId(RuleId(RuleUid(policy-server-root),Revision(default)),DirectiveId(DirectiveUid(rudder-service-postgresql-root),Revision(default)),1.0),Rudder system policy: Server components,Rudder Postgresql,PolicyTechnique(rudder-service-postgresql/1.0,AgentConfig(cfengine-community,List(TechniqueTemplate(TechniqueResourceIdByName(rudder-service-postgresql/1.0,password-check),rudder-service-postgresql/1.0/password-check.cf,true), TechniqueTemplate(TechniqueResourceIdByName(rudder-service-postgresql/1.0,main),rudder-service-postgresql/1.0/main.cf,true)),List(),List(BundleName(system_rudder_postgresql_configuration)),List()),TrackerVariableSpec(None),SectionSpec(SECTIONS,false,false,None,HighDisplayPriority,,List(SectionSpec(Postgresql configuration,true,true,Some(expectedReportKey Postgresql configuration),HighDisplayPriority,,List(PredefinedValuesVariableSpec(expectedReportKey Postgresql configuration,Expected Report key names for component Postgresql configuration,(Check pgpass file,List(Postgresql credentials)),,true,true,Constraint(BasicStringVType(None),None,false,Set()))),None), SectionSpec(Postgresql service,true,true,Some(expectedReportKey Postgresql service),HighDisplayPriority,,List(PredefinedValuesVariableSpec(expectedReportKey Postgresql service,Expected Report key names for component Postgresql service,(Started,List(Enabled)),,true,true,Constraint(BasicStringVType(None),None,false,Set()))),None)),None),Set(SystemVariableSpec(RUDDER_REPORTS_DB_URL,PostgreSQL connection URL (postgresql://rudder@localhost:5432/rudder),,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(RUDDER_REPORTS_DB_NAME,Name of the Rudder database (rudder by default),,List(),false,true,Constraint(RawVType,None,false,Set()))),false,true,MergeDirectives,true),2021-07-23T20:45:28.999+02:00,NonEmptyList(PolicyVars(PolicyId(RuleId(RuleUid(policy-server-root),Revision(default)),DirectiveId(DirectiveUid(rudder-service-postgresql-root),Revision(default)),1.0),None,Map(ComponentId(RUDDER_REPORTS_DB_URL,List()) -> RUDDER_REPORTS_DB_URL: [], ComponentId(expectedReportKey Postgresql configuration,List(Postgresql configuration, SECTIONS)) -> expectedReportKey Postgresql configuration: [Check pgpass file, Postgresql credentia...], ComponentId(expectedReportKey Postgresql service,List(Postgresql service, SECTIONS)) -> expectedReportKey Postgresql service: [Started, Enabled], ComponentId(RUDDER_REPORTS_DB_NAME,List()) -> RUDDER_REPORTS_DB_NAME: []),HashMap(ComponentId(RUDDER_REPORTS_DB_URL,List()) -> RUDDER_REPORTS_DB_URL: [], ComponentId(expectedReportKey Postgresql configuration,List(Postgresql configuration, SECTIONS)) -> expectedReportKey Postgresql configuration: [Check pgpass file, Postgresql credentia...], ComponentId(TRACKINGKEY,List()) -> TRACKINGKEY: [], ComponentId(expectedReportKey Postgresql service,List(Postgresql service, SECTIONS)) -> expectedReportKey Postgresql service: [Started, Enabled], ComponentId(RUDDER_REPORTS_DB_NAME,List()) -> RUDDER_REPORTS_DB_NAME: []),TRACKINGKEY: [policy-server-root@@...])),5,None,BundleOrder(Rudder system policy: Server components),BundleOrder(Rudder Postgresql),Set()), Policy(PolicyId(RuleId(RuleUid(policy-server-root),Revision(default)),DirectiveId(DirectiveUid(rudder-service-relayd-root),Revision(default)),1.0),Rudder system policy: Server components,Rudder Relay,PolicyTechnique(rudder-service-relayd/1.0,AgentConfig(cfengine-community,List(TechniqueTemplate(TechniqueResourceIdByName(rudder-service-relayd/1.0,main),rudder-service-relayd/1.0/main.cf,true), TechniqueTemplate(TechniqueResourceIdByName(rudder-service-relayd/1.0,relay/nodeslist.json),rudder-service-relayd/1.0/relay/nodeslist.json,false)),List(TechniqueFile(TechniqueResourceIdByName(rudder-service-relayd/1.0,common/relayd.cf),rudder-service-relayd/1.0/common/relayd.cf,true), TechniqueFile(TechniqueResourceIdByName(rudder-service-relayd/1.0,common/relayd.conf.tpl),rudder-service-relayd/1.0/common/relayd.conf.tpl,false), TechniqueFile(TechniqueResourceIdByName(rudder-service-relayd/1.0,common/logrotate.cf),rudder-service-relayd/1.0/common/logrotate.cf,true), TechniqueFile(TechniqueResourceIdByName(rudder-service-relayd/1.0,common/relay-logrotate.mustache),rudder-service-relayd/1.0/common/relay-logrotate.mustache,false), TechniqueFile(TechniqueResourceIdByName(rudder-service-relayd/1.0,relay/propagatePromises.cf),rudder-service-relayd/1.0/relay/propagatePromises.cf,true), TechniqueFile(TechniqueResourceIdByName(rudder-service-relayd/1.0,root/rudderRelayRootNa.cf),rudder-service-relayd/1.0/root/rudderRelayRootNa.cf,true)),List(BundleName(system_rudder_relay_configuration)),List()),TrackerVariableSpec(None),SectionSpec(SECTIONS,false,false,None,HighDisplayPriority,,List(SectionSpec(Rudder-relayd service,true,true,Some(expectedReportKey Rudder-relayd service),HighDisplayPriority,,List(PredefinedValuesVariableSpec(expectedReportKey Rudder-relayd service,Expected Report key names for component Rudder-relayd service,(Configuration permissions,List(Configuration, Enabled, Started, Log rotation, Policy-server certificate, Root server certificate, Root certificate permissions, Policy server certificate permissions)),,true,true,Constraint(BasicStringVType(None),None,false,Set()))),None), SectionSpec(Synchronize policies,false,true,None,HighDisplayPriority,,List(),None), SectionSpec(Synchronize files,false,true,None,HighDisplayPriority,,List(),None), SectionSpec(Synchronize resources,false,true,None,HighDisplayPriority,,List(),None)),None),HashSet(SystemVariableSpec(RUDDER_REPORTS_DB_URL,PostgreSQL connection URL (postgresql://rudder@localhost:5432/rudder),,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(HTTPS_POLICY_DISTRIBUTION_PORT,The port used for policy distribution on HTTPS,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(SUB_NODES_KEYHASH,Crypto key hash (standard one, not CFEngine format) of node private key,,List(),true,true,Constraint(BasicStringVType(None),None,true,Set())), SystemVariableSpec(RUDDER_REPORTS_DB_PASSWORD,Password of the Rudder database user (rudder.jdbc.password property),,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(SUB_NODES_SERVER,Policy server to which the node is connected,,List(),true,true,Constraint(BasicStringVType(None),None,true,Set())), SystemVariableSpec(RELAY_SYNC_PROMISES,Synchronize policies on relay with Rsync in rsync mode,,List(),false,true,Constraint(BooleanVType,Some(true),false,Set())), SystemVariableSpec(RELAY_SYNC_SHAREDFILES,Synchronize sharedfiles on relay with Rsync in rsync mode,,List(),false,true,Constraint(BooleanVType,Some(true),false,Set())), SystemVariableSpec(SUB_NODES_NAME,Hostname of nodes managed by the policy server AND relays under it,,List(),true,true,Constraint(BasicStringVType(None),None,true,Set())), SystemVariableSpec(RELAY_SYNC_METHOD,Synchronization method for relay; can be classic, rsync or manual ,,List(),false,true,Constraint(RawVType,None,false,Set())), SystemVariableSpec(SUB_NODES_ID,UUID of nodes managed by the policy server AND relays under if,,List(),true,true,Constraint(BasicStringVType(None),None,true,Set()))),false,true,MergeDirectives,true),2021-07-23T20:45:28.999+02:00,NonEmptyList(PolicyVars(PolicyId(RuleId(RuleUid(policy-server-root),Revision(default)),DirectiveId(DirectiveUid(rudder-service-relayd-root),Revision(default)),1.0),None,HashMap(ComponentId(RUDDER_REPORTS_DB_URL,List()) -> RUDDER_REPORTS_DB_URL: [], ComponentId(SUB_NODES_ID,List()) -> SUB_NODES_ID: [], ComponentId(RUDDER_REPORTS_DB_PASSWORD,List()) -> RUDDER_REPORTS_DB_PASSWORD: [], ComponentId(RELAY_SYNC_METHOD,List()) -> RELAY_SYNC_METHOD: [], ComponentId(HTTPS_POLICY_DISTRIBUTION_PORT,List()) -> HTTPS_POLICY_DISTRIBUTION_PORT: [], ComponentId(SUB_NODES_KEYHASH,List()) -> SUB_NODES_KEYHASH: [], ComponentId(RELAY_SYNC_PROMISES,List()) -> RELAY_SYNC_PROMISES: [], ComponentId(SUB_NODES_SERVER,List()) -> SUB_NODES_SERVER: [], ComponentId(RELAY_SYNC_SHAREDFILES,List()) -> RELAY_SYNC_SHAREDFILES: [], ComponentId(expectedReportKey Rudder-relayd service,List(Rudder-relayd service, SECTIONS)) -> expectedReportKey Rudder-relayd service: [Configuration permis..., Configuration, Enabled, Started, Log rotation, Policy-server certif..., Root server certific..., Root certificate per..., Policy server certif...], ComponentId(SUB_NODES_NAME,List()) -> SUB_NODES_NAME: []),HashMap(ComponentId(RUDDER_REPORTS_DB_URL,List()) -> RUDDER_REPORTS_DB_URL: [], ComponentId(SUB_NODES_ID,List()) -> SUB_NODES_ID: [], ComponentId(RUDDER_REPORTS_DB_PASSWORD,List()) -> RUDDER_REPORTS_DB_PASSWORD: [], ComponentId(RELAY_SYNC_METHOD,List()) -> RELAY_SYNC_METHOD: [], ComponentId(TRACKINGKEY,List()) -> TRACKINGKEY: [], ComponentId(HTTPS_POLICY_DISTRIBUTION_PORT,List()) -> HTTPS_POLICY_DISTRIBUTION_PORT: [], ComponentId(SUB_NODES_KEYHASH,List()) -> SUB_NODES_KEYHASH: [], ComponentId(RELAY_SYNC_PROMISES,List()) -> RELAY_SYNC_PROMISES: [], ComponentId(SUB_NODES_SERVER,List()) -> SUB_NODES_SERVER: [], ComponentId(RELAY_SYNC_SHAREDFILES,List()) -> RELAY_SYNC_SHAREDFILES: [], ComponentId(expectedReportKey Rudder-relayd service,List(Rudder-relayd service, SECTIONS)) -> expectedReportKey Rudder-relayd service: [Configuration permis..., Configuration, Enabled, Started, Log rotation, Policy-server certif..., Root server certific..., Root certificate per..., Policy server certif...], ComponentId(SUB_NODES_NAME,List()) -> SUB_NODES_NAME: []),TRACKINGKEY: [policy-server-root@@...])),5,None,BundleOrder(Rudder system policy: Server components),BundleOrder(Rudder Relay),Set()), Policy(PolicyId(RuleId(RuleUid(policy-server-root),Revision(default)),DirectiveId(DirectiveUid(rudder-service-slapd-root),Revision(default)),1.0),Rudder system policy: Server components,Rudder Slapd,PolicyTechnique(rudder-service-slapd/1.0,AgentConfig(cfengine-community,List(TechniqueTemplate(TechniqueResourceIdByName(rudder-service-slapd/1.0,main),rudder-service-slapd/1.0/main.cf,true)),List(TechniqueFile(TechniqueResourceIdByName(rudder-service-slapd/1.0,slapd-logrotate.mustache),rudder-service-slapd/1.0/slapd-logrotate.mustache,false), TechniqueFile(TechniqueResourceIdByName(rudder-service-slapd/1.0,logrotate.cf),rudder-service-slapd/1.0/logrotate.cf,true)),List(BundleName(system_rudder_slapd_configuration)),List()),TrackerVariableSpec(None),SectionSpec(SECTIONS,false,false,None,HighDisplayPriority,,List(SectionSpec(Rudder slapd service,true,true,Some(expectedReportKey Rudder slapd service),HighDisplayPriority,,List(PredefinedValuesVariableSpec(expectedReportKey Rudder slapd service,Expected Report key names for component Rudder slapd service,(Started,List(Enabled)),,true,true,Constraint(BasicStringVType(None),None,false,Set()))),None), SectionSpec(Rudder slapd configuration,true,true,Some(expectedReportKey Rudder slapd configuration),HighDisplayPriority,,List(PredefinedValuesVariableSpec(expectedReportKey Rudder slapd configuration,Expected Report key names for component Rudder slapd configuration,(Check Rudder ldap password,List(Check Rudder ldap permissions, Log rotation)),,true,true,Constraint(BasicStringVType(None),None,false,Set()))),None)),None),Set(),false,true,MergeDirectives,true),2021-07-23T20:45:28.999+02:00,NonEmptyList(PolicyVars(PolicyId(RuleId(RuleUid(policy-server-root),Revision(default)),DirectiveId(DirectiveUid(rudder-service-slapd-root),Revision(default)),1.0),None,Map(ComponentId(expectedReportKey Rudder slapd service,List(Rudder slapd service, SECTIONS)) -> expectedReportKey Rudder slapd service: [Started, Enabled], ComponentId(expectedReportKey Rudder slapd configuration,List(Rudder slapd configuration, SECTIONS)) -> expectedReportKey Rudder slapd configuration: [Check Rudder ldap pa..., Check Rudder ldap pe..., Log rotation]),Map(ComponentId(expectedReportKey Rudder slapd service,List(Rudder slapd service, SECTIONS)) -> expectedReportKey Rudder slapd service: [Started, Enabled], ComponentId(expectedReportKey Rudder slapd configuration,List(Rudder slapd configuration, SECTIONS)) -> expectedReportKey Rudder slapd configuration: [Check Rudder ldap pa..., Check Rudder ldap pe..., Log rotation], ComponentId(TRACKINGKEY,List()) -> TRACKINGKEY: []),TRACKINGKEY: [policy-server-root@@...])),5,None,BundleOrder(Rudder system policy: Server components),BundleOrder(Rudder Slapd),Set()), Policy(PolicyId(RuleId(RuleUid(policy-server-root),Revision(default)),DirectiveId(DirectiveUid(rudder-service-webapp-root),Revision(default)),1.0),Rudder system policy: Server components,Rudder Webapp,PolicyTechnique(rudder-service-webapp/1.0,AgentConfig(cfengine-community,List(TechniqueTemplate(TechniqueResourceIdByName(rudder-service-webapp/1.0,main),rudder-service-webapp/1.0/main.cf,true)),List(TechniqueFile(TechniqueResourceIdByName(rudder-service-webapp/1.0,alive-check.cf),rudder-service-webapp/1.0/alive-check.cf,true), TechniqueFile(TechniqueResourceIdByName(rudder-service-webapp/1.0,compress-webapp-log.cf),rudder-service-webapp/1.0/compress-webapp-log.cf,true), TechniqueFile(TechniqueResourceIdByName(rudder-service-webapp/1.0,integrity-check.cf),rudder-service-webapp/1.0/integrity-check.cf,true), TechniqueFile(TechniqueResourceIdByName(rudder-service-webapp/1.0,metrics-reporting.cf),rudder-service-webapp/1.0/metrics-reporting.cf,true), TechniqueFile(TechniqueResourceIdByName(rudder-service-webapp/1.0,password-check.cf),rudder-service-webapp/1.0/password-check.cf,true), TechniqueFile(TechniqueResourceIdByName(rudder-service-webapp/1.0,updateNcfHash.cf),rudder-service-webapp/1.0/updateNcfHash.cf,true), TechniqueFile(TechniqueResourceIdByName(rudder-service-webapp/1.0,bootstrapRudderServer.cf),rudder-service-webapp/1.0/bootstrapRudderServer.cf,true)),List(BundleName(system_rudder_webapp)),List()),TrackerVariableSpec(None),SectionSpec(SECTIONS,false,false,None,HighDisplayPriority,,List(SectionSpec(Rudder-jetty service,true,true,Some(expectedReportKey Rudder-jetty service),HighDisplayPriority,,List(PredefinedValuesVariableSpec(expectedReportKey Rudder-jetty service,Expected Report key names for component Rudder-jetty service,(Enabled,List(Started, API status)),,true,true,Constraint(BasicStringVType(None),None,false,Set()))),None), SectionSpec(Check configuration-repository,true,true,Some(expectedReportKey Check configuration-repository),HighDisplayPriority,,List(PredefinedValuesVariableSpec(expectedReportKey Check configuration-repository,Expected Report key names for component Check configuration-repository,(Configuration-repository exists,List(Check configuration-repository GIT lock)),,true,true,Constraint(BasicStringVType(None),None,false,Set()))),None), SectionSpec(Check webapp configuration,true,true,Some(expectedReportKey Check webapp configuration),HighDisplayPriority,,List(PredefinedValuesVariableSpec(expectedReportKey Check webapp configuration,Expected Report key names for component Check webapp configuration,(postgres password,List(ldap password, webdav password, rudder-passwords.conf permissions, rudder-web.properties permissions, rudder-users.xml permissions)),,true,true,Constraint(BasicStringVType(None),None,false,Set()))),None), SectionSpec(Send metrics to rudder-project,false,true,None,HighDisplayPriority,,List(),None)),None),Set(),false,true,MergeDirectives,true),2021-07-23T20:45:28.999+02:00,NonEmptyList(PolicyVars(PolicyId(RuleId(RuleUid(policy-server-root),Revision(default)),DirectiveId(DirectiveUid(rudder-service-webapp-root),Revision(default)),1.0),None,Map(ComponentId(expectedReportKey Rudder-jetty service,List(Rudder-jetty service, SECTIONS)) -> expectedReportKey Rudder-jetty service: [Enabled, Started, API status], ComponentId(expectedReportKey Check configuration-repository,List(Check configuration-repository, SECTIONS)) -> expectedReportKey Check configuration-repository: [Configuration-reposi..., Check configuration-...], ComponentId(expectedReportKey Check webapp configuration,List(Check webapp configuration, SECTIONS)) -> expectedReportKey Check webapp configuration: [postgres password, ldap password, webdav password, rudder-passwords.con..., rudder-web.propertie..., rudder-users.xml per...]),Map(ComponentId(expectedReportKey Rudder-jetty service,List(Rudder-jetty service, SECTIONS)) -> expectedReportKey Rudder-jetty service: [Enabled, Started, API status], ComponentId(expectedReportKey Check configuration-repository,List(Check configuration-repository, SECTIONS)) -> expectedReportKey Check configuration-repository: [Configuration-reposi..., Check configuration-...], ComponentId(expectedReportKey Check webapp configuration,List(Check webapp configuration, SECTIONS)) -> expectedReportKey Check webapp configuration: [postgres password, ldap password, webdav password, rudder-passwords.con..., rudder-web.propertie..., rudder-users.xml per...], ComponentId(TRACKINGKEY,List()) -> TRACKINGKEY: []),TRACKINGKEY: [policy-server-root@@...])),5,None,BundleOrder(Rudder system policy: Server components),BundleOrder(Rudder Webapp),Set()), Policy(PolicyId(RuleId(RuleUid(policy-server-root),Revision(default)),DirectiveId(DirectiveUid(server-common-root),Revision(default)),1.0),Rudder system policy: Server components,Server Common,PolicyTechnique(server-common/1.0,AgentConfig(cfengine-community,List(TechniqueTemplate(TechniqueResourceIdByName(server-common/1.0,reloadRudderServices),server-common/1.0/reloadRudderServices.cf,true)),List(TechniqueFile(TechniqueResourceIdByName(server-common/1.0,rudder_syslog.cf),server-common/1.0/rudder_syslog.cf,true)),List(BundleName(system_reload_rudder_services)),List()),TrackerVariableSpec(None),SectionSpec(SECTIONS,false,false,None,HighDisplayPriority,,List(SectionSpec(Reload Rudder services,false,true,None,HighDisplayPriority,,List(),None)),None),Set(),false,true,MergeDirectives,true),2021-07-23T20:45:28.999+02:00,NonEmptyList(PolicyVars(PolicyId(RuleId(RuleUid(policy-server-root),Revision(default)),DirectiveId(DirectiveUid(server-common-root),Revision(default)),1.0),None,Map(),Map(ComponentId(TRACKINGKEY,List()) -> TRACKINGKEY: []),TRACKINGKEY: [policy-server-root@@...])),5,None,BundleOrder(Rudder system policy: Server components),BundleOrder(Server Common),Set()), Policy(PolicyId(RuleId(RuleUid(inventory-all),Revision(default)),DirectiveId(DirectiveUid(inventory-all),Revision(default)),1.0),Rudder system policy: System daily inventory,System inventory,PolicyTechnique(inventory/1.0,AgentConfig(cfengine-community,List(TechniqueTemplate(TechniqueResourceIdByName(inventory/1.0,fusionAgent),inventory/1.0/fusionAgent.cf,true), TechniqueTemplate(TechniqueResourceIdByName(inventory/1.0,test-inventory.pl),inventory/1.0/test-inventory.pl,false)),List(),List(BundleName(doInventory)),List()),TrackerVariableSpec(None),SectionSpec(SECTIONS,false,false,None,HighDisplayPriority,,List(SectionSpec(Inventory,true,true,Some(expectedReportKey Inventory),HighDisplayPriority,,List(PredefinedValuesVariableSpec(expectedReportKey Inventory,Expected Report key names for component Inventory,(None,List()),,true,true,Constraint(BasicStringVType(None),None,false,Set()))),None)),None),Set(SystemVariableSpec(AGENT_RUN_INTERVAL,Run interval (in minutes) at which the agent runs,,List(),false,true,Constraint(IntegerVType(None),None,false,Set()))),false,true,MergeDirectives,false),2011-07-15T14:43:28.999+02:00,NonEmptyList(PolicyVars(PolicyId(RuleId(RuleUid(inventory-all),Revision(default)),DirectiveId(DirectiveUid(inventory-all),Revision(default)),1.0),None,Map(ComponentId(expectedReportKey Inventory,List(Inventory, SECTIONS)) -> expectedReportKey Inventory: [None], ComponentId(AGENT_RUN_INTERVAL,List()) -> AGENT_RUN_INTERVAL: []),Map(ComponentId(expectedReportKey Inventory,List(Inventory, SECTIONS)) -> expectedReportKey Inventory: [None], ComponentId(AGENT_RUN_INTERVAL,List()) -> AGENT_RUN_INTERVAL: [], ComponentId(TRACKINGKEY,List()) -> TRACKINGKEY: []),TRACKINGKEY: [inventory-all@@inven...])),0,None,BundleOrder(Rudder system policy: System daily inventory),BundleOrder(System inventory),Set()))

and we get out

List(RuleExpectedReports(RuleId(RuleUid(hasPolicyServer-root),Revision(default)),List(DirectiveExpectedReports(DirectiveId(DirectiveUid(common-hasPolicyServer-root),Revision(default)),None,true,List(ValueExpectedReport(Update,List(None),List(None)), ValueExpectedReport(ncf Initialization,List(None),List(None)), ValueExpectedReport(Security parameters,List(None),List(None)), ValueExpectedReport(Log system for reports,List(None),List(None)), ValueExpectedReport(CRON Daemon,List(None),List(None)), ValueExpectedReport(Monitoring,List(None),List(None)))))), RuleExpectedReports(RuleId(RuleUid(policy-server-root),Revision(default)),List(DirectiveExpectedReports(DirectiveId(DirectiveUid(rudder-service-apache-root),Revision(default)),None,true,List(ValueExpectedReport(Apache service,List(Enabled, Started),List(Enabled, Started)), ValueExpectedReport(Apache configuration,List(Allowed networks permissions, Allowed networks configuration, Remote run permissions, Remote run configuration, Webdav configuration, Webdav permissions, Logrotate),List(Allowed networks permissions, Allowed networks configuration, Remote run permissions, Remote run configuration, Webdav configuration, Webdav permissions, Logrotate)), ValueExpectedReport(Configure apache certificate,List(Permissions, Apache certificate),List(Permissions, Apache certificate)))), DirectiveExpectedReports(DirectiveId(DirectiveUid(rudder-service-postgresql-root),Revision(default)),None,true,List(ValueExpectedReport(Postgresql configuration,List(Check pgpass file, Postgresql credentials),List(Check pgpass file, Postgresql credentials)), ValueExpectedReport(Postgresql service,List(Started, Enabled),List(Started, Enabled)))), DirectiveExpectedReports(DirectiveId(DirectiveUid(rudder-service-relayd-root),Revision(default)),None,true,List(ValueExpectedReport(Rudder-relayd service,List(Configuration permissions, Configuration, Enabled, Started, Log rotation, Policy-server certificate, Root server certificate, Root certificate permissions, Policy server certificate permissions),List(Configuration permissions, Configuration, Enabled, Started, Log rotation, Policy-server certificate, Root server certificate, Root certificate permissions, Policy server certificate permissions)), ValueExpectedReport(Synchronize policies,List(None),List(None)), ValueExpectedReport(Synchronize files,List(None),List(None)), ValueExpectedReport(Synchronize resources,List(None),List(None)))), DirectiveExpectedReports(DirectiveId(DirectiveUid(rudder-service-slapd-root),Revision(default)),None,true,List(ValueExpectedReport(Rudder slapd service,List(Started, Enabled),List(Started, Enabled)), ValueExpectedReport(Rudder slapd configuration,List(Check Rudder ldap password, Check Rudder ldap permissions, Log rotation),List(Check Rudder ldap password, Check Rudder ldap permissions, Log rotation)))), DirectiveExpectedReports(DirectiveId(DirectiveUid(rudder-service-webapp-root),Revision(default)),None,true,List(ValueExpectedReport(Rudder-jetty service,List(Enabled, Started, API status),List(Enabled, Started, API status)), ValueExpectedReport(Check configuration-repository,List(Configuration-repository exists, Check configuration-repository GIT lock),List(Configuration-repository exists, Check configuration-repository GIT lock)), ValueExpectedReport(Check webapp configuration,List(postgres password, ldap password, webdav password, rudder-passwords.conf permissions, rudder-web.properties permissions, rudder-users.xml permissions),List(postgres password, ldap password, webdav password, rudder-passwords.conf permissions, rudder-web.properties permissions, rudder-users.xml permissions)), ValueExpectedReport(Send metrics to rudder-project,List(None),List(None)))), DirectiveExpectedReports(DirectiveId(DirectiveUid(server-common-root),Revision(default)),None,true,List(ValueExpectedReport(Reload Rudder services,List(None),List(None)))))), RuleExpectedReports(RuleId(RuleUid(inventory-all),Revision(default)),List(DirectiveExpectedReports(DirectiveId(DirectiveUid(inventory-all),Revision(default)),None,true,List(ValueExpectedReport(Inventory,List(None),List(None)))))), RuleExpectedReports(RuleId(RuleUid(dce2ce33-df6b-4abd-b367-7acd082a82a0),Revision(default)),List(DirectiveExpectedReports(DirectiveId(DirectiveUid(e7ebaa8f-7bb6-4217-9b4c-505068d4adf1),Revision(default)),None,false,List(ValueExpectedReport(SSH key,List(),List()), ValueExpectedReport(Flush SSH file,List(),List()))))), RuleExpectedReports(RuleId(RuleUid(32377fd7-02fd-43d0-aab7-28460a91347b),Revision(default)),List(DirectiveExpectedReports(DirectiveId(DirectiveUid(a9de189e-9202-4646-b900-711d2e77c7ff),Revision(default)),None,false,List(ValueExpectedReport(MOTD Configuration,List(None),List(None)))))))

interesting part is for SSH Key Distribution

olicyTechnique(sshKeyDistribution/4.0,AgentConfig(cfengine-community,List(TechniqueTemplate(TechniqueResourceIdByName(sshKeyDistribution/4.0,sshKeyDistribution),sshKeyDistribution/4.0/sshKeyDistribution.cf,true)),List(),List(BundleName(check_ssh_key_distribution_RudderUniqueID)),List(RunHook(runhook_sshKeyDistribution_pre_hook,Pre,Report(PLACEHOLDER,None),List()), RunHook(runhook_sshKeyDistribution_post_hook,Post,Report(PLACEHOLDER,None),List()))),TrackerVariableSpec(Some(SSH_KEY_DISTRIBUTION_NAME)),SectionSpec(SECTIONS,false,false,None,HighDisplayPriority,,List(SectionSpec(SSH key management,true,false,None,HighDisplayPriority,,List(SectionSpec(SSH key,false,true,Some(SSH_KEY_DISTRIBUTION_TAG),HighDisplayPriority,,List(InputVariableSpec(SSH_KEY_DISTRIBUTION_TAG,Key tag (for tracking only),Enter a tag to track this key in reports, i.e. "root #1" or "Operations key". It will not be used in the authorized_keys file.,true,true,Constraint(BasicStringVType(None),None,false,Set())), InputVariableSpec(SSH_KEY_DISTRIBUTION_NAME,Username,User to apply the key to,true,true,Constraint(BasicStringVType(None),None,false,Set())), InputVariableSpec(SSH_KEY_DISTRIBUTION_KEY,Key,Full content of the key to insert in authorized_keys format, may include comments.,true,true,Constraint(TextareaVType(None),None,false,Set()))),None), SectionSpec(Flush SSH file,false,true,Some(SSH_KEY_DISTRIBUTION_TAG),HighDisplayPriority,,List(SelectOneVariableSpec(SSH_KEY_DISTRIBUTION_EDIT_TYPE,Remove other keys,Flush the authorized keys file - only keys managed by Rudder will remain in this file. If any key for a user has this parameter set, and is not in audit mode, then all keys non managed by Rudder for this user will be purged. Also, if any keys checked in audit mode is non compliant for a given user, the keys won't be purged.,List(ValueLabel(true,Yes), ValueLabel(false,No)),true,true,Constraint(BasicStringVType(None),Some(false),false,Set()))),None)),None)),None),Set(),true,false,MultipleDirectives,false),2021-11-17T22:18:37.376+01:00,NonEmptyList(PolicyVars(PolicyId(RuleId(RuleUid(dce2ce33-df6b-4abd-b367-7acd082a82a0),Revision(default)),DirectiveId(DirectiveUid(e7ebaa8f-7bb6-4217-9b4c-505068d4adf1),Revision(default)),4.0),None,Map(ComponentId(SSH_KEY_DISTRIBUTION_EDIT_TYPE,List(Flush SSH file, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_EDIT_TYPE: [false, false], ComponentId(SSH_KEY_DISTRIBUTION_NAME,List(SSH key, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_NAME: [root, root], ComponentId(SSH_KEY_DISTRIBUTION_TAG,List(SSH key, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_TAG: [relay1, relay2], ComponentId(SSH_KEY_DISTRIBUTION_KEY,List(SSH key, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_KEY: [ssh-rsa AAAAB3NzaC1y..., ssh-rsa AAAAB3NzaC1y...]),HashMap(ComponentId(TRACKINGKEY,List()) -> TRACKINGKEY: [], ComponentId(SSH_KEY_DISTRIBUTION_EDIT_TYPE,List(Flush SSH file, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_EDIT_TYPE: [false, false], ComponentId(SSH_KEY_DISTRIBUTION_NAME,List(SSH key, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_NAME: [root, root], ComponentId(SSH_KEY_DISTRIBUTION_TAG,List(SSH key, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_TAG: [relay1, relay2], ComponentId(SSH_KEY_DISTRIBUTION_KEY,List(SSH key, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_KEY: [ssh-rsa AAAAB3NzaC1y..., ssh-rsa AAAAB3NzaC1y...]),TRACKINGKEY: [dce2ce33-df6b-4abd-b..., dce2ce33-df6b-4abd-b...])),5,None,BundleOrder(relays key on root),BundleOrder(SSH authorised keys),Set())

and we get out

RuleExpectedReports(RuleId(RuleUid(dce2ce33-df6b-4abd-b367-7acd082a82a0),Revision(default)),List(DirectiveExpectedReports(DirectiveId(DirectiveUid(e7ebaa8f-7bb6-4217-9b4c-505068d4adf1),Revision(default)),None,false,List(ValueExpectedReport(SSH key,List(),List()), ValueExpectedReport(Flush SSH file,List(),List())))))

Actions #4

Updated by Nicolas CHARLES 11 months ago

  • Related to Bug #20124: Duplicated expected reports leads to bad compliance for technique with blocks added
Actions #5

Updated by Nicolas CHARLES 11 months ago

  • Related to Bug #19990: Technique editor blocks do not report as expected added
Actions #6

Updated by Nicolas CHARLES 11 months ago

It doesn't find the variables
Variables are

 all expanded vars are Map(ComponentId(SSH_KEY_DISTRIBUTION_EDIT_TYPE,List(Flush SSH file, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_EDIT_TYPE: [false, false], ComponentId(SSH_KEY_DISTRIBUTION_NAME,List(SSH key, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_NAME: [root, root], ComponentId(SSH_KEY_DISTRIBUTION_TAG,List(SSH key, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_TAG: [relay1, relay2], ComponentId(SSH_KEY_DISTRIBUTION_KEY,List(SSH key, SSH key management, SECTIONS)) -> SSH_KEY_DISTRIBUTION_KEY: [ssh-rsa AAAAB3NzaC1y..., ssh-rsa AAAAB3NzaC1y...])

but it looks in path
ComponentId(SSH_KEY_DISTRIBUTION_TAG,List(SSH key, SECTIONS))

Note the missing "SSH key management" in the looked upon path

Actions #7

Updated by Nicolas CHARLES 11 months ago

for a technique from the technique editor, the story is not the same

Map(ComponentId(expectedReportKey Command execution,List(Command execution, SECTIONS)) -> expectedReportKey Command execution: [/bin/true])

and looked upon path is
ComponentId(expectedReportKey Command execution,List(Command execution, SECTIONS))

Actions #8

Updated by Nicolas CHARLES 11 months ago

Ok, simply adding the whole path to variable doesn't work at all

The root cause of the issue is that we look at the componentKey within the section, but in historical technique, there is only one componentKey for all sections - meaning that we can find it in only one section, but not the others

Actions #9

Updated by Nicolas CHARLES 11 months ago

  • Related to User story #19323: Be able to group reporting and methods so that we have clearer techniques and a better reporting added
Actions #10

Updated by Nicolas CHARLES 11 months ago

  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES
Actions #11

Updated by Nicolas CHARLES 11 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/4083
Actions #12

Updated by Nicolas CHARLES 11 months ago

  • Status changed from Pending technical review to Pending release
Actions #13

Updated by Vincent MEMBRÉ 11 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 7.0.0~rc3 which was released today.

Actions

Also available in: Atom PDF