Project

General

Profile

Actions

Bug #25770

closed

Override audit/enforce mode does not work with iterator

Added by Nicolas CHARLES about 2 months ago. Updated about 1 month ago.

Status:
Released
Priority:
1 (highest)
Category:
rudderc
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Description

When we use an iterator, the override for audit or enforce is only applied for the 1st element, but not the subsequent

The generate code is as follow

bundle agent call_ensure_unchanged_files_6bd0b06f_1564_4b0d_aeb0_b01aea6870e9(c_name, c_key, report_id, args, class_prefix, method_call_condition, source, path) {
  methods:
    "6bd0b06f-1564-4b0d-aeb0-b01aea6870e9_${report_data.directive_id}" usebundle => _method_reporting_context_v4("${c_name}", "${c_key}", "${report_id}");
    "6bd0b06f-1564-4b0d-aeb0-b01aea6870e9_${report_data.directive_id}" usebundle => push_dry_run_mode("true");
    "6bd0b06f-1564-4b0d-aeb0-b01aea6870e9_${report_data.directive_id}" usebundle => file_from_local_source("${source}", "${path}"),
                                             if => "${method_call_condition}";
    "6bd0b06f-1564-4b0d-aeb0-b01aea6870e9_${report_data.directive_id}" usebundle => pop_dry_run_mode();
    "6bd0b06f-1564-4b0d-aeb0-b01aea6870e9_${report_data.directive_id}" usebundle => _classes_noop(canonify("${class_prefix}_file_from_local_source_${c_key}")),
                                         unless => "${method_call_condition}";
    "6bd0b06f-1564-4b0d-aeb0-b01aea6870e9_${report_data.directive_id}" usebundle => log_rudder("Skipping method 'File from local source' with key parameter '/opt/files_backup${list_unchanged_files.file}' since condition 'user_privileges_is_user_root' is not reached", "/opt/files_backup${list_unchanged_files.file}", canonify("${class_prefix}_file_from_local_source_${c_key}"), canonify("${class_prefix}_file_from_local_source_${c_key}"), @{args}),
                                         unless => "${method_call_condition}";
}

The part driving the override are the two lines

"6bd0b06f-1564-4b0d-aeb0-b01aea6870e9_${report_data.directive_id}" usebundle => push_dry_run_mode("true")
"6bd0b06f-1564-4b0d-aeb0-b01aea6870e9_${report_data.directive_id}" usebundle => pop_dry_run_mode();

With an iterator, the bundle is evaluated several time, and so the push and pop are done only once, as in the next passage in the bundle the agent assumes it has already done it
Adding the c_key or args as a comment for push and pop would cover most of the cases (or something similar)

Actions #1

Updated by Félix DALLIDET about 2 months ago

  • Priority changed from N/A to 1 (highest)
Actions #2

Updated by Alexis Mousset about 2 months ago

  • Status changed from New to In progress
  • Assignee set to Alexis Mousset
Actions #3

Updated by Alexis Mousset about 2 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to Félix DALLIDET
  • Pull Request set to https://github.com/Normation/rudder/pull/5982
Actions #4

Updated by Alexis Mousset about 2 months ago

  • Status changed from Pending technical review to Pending release
Actions #5

Updated by Alexis Mousset about 1 month ago

  • Fix check changed from To do to Checked
Actions #6

Updated by Vincent MEMBRÉ about 1 month ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 8.1.8 and 8.2.1 which were released today.

Actions

Also available in: Atom PDF