Project

General

Profile

Actions

Bug #27114

closed

Many diffs no longer display in event logs

Added by Clark ANDRIANASOLO about 1 month ago. Updated 13 days ago.

Status:
Released
Priority:
1 (highest)
Category:
Web - Config management
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
I dislike using that feature
User visibility:
Getting started - demo | first install | Technique editor and level 1 Techniques
Effort required:
Medium
Priority:
58
Name check:
To do
Fix check:
Error - Next version
Regression:
No

Description

it seems that many JS code that are executed as AJAX in the Event logs (also the change logs page in starting from 8.3) are not executed.
We use diff libraries and we inject JS code that does not seem to be executed at all, makeDiff and jsondiffpatch
So, we can no longer see the diff of tags for directives/rules (see #15019), or JSON semantic diff for node properties.

Screenshot for a missing directive diff on tags

There is a CSP violation in the page which could be the cause of that.


Files

clipboard-202506171645-uib6i.png (264 KB) clipboard-202506171645-uib6i.png Clark ANDRIANASOLO, 2025-06-17 16:45
clipboard-202507040928-0foxe.png (196 KB) clipboard-202507040928-0foxe.png François ARMAND, 2025-07-04 09:28
clipboard-202507040929-yccjb.png (37.7 KB) clipboard-202507040929-yccjb.png François ARMAND, 2025-07-04 09:29

Related issues 3 (2 open1 closed)

Related to Rudder - Bug #25352: Event log rollback action is prevented from CSP headersReleasedRaphael GAUTHIERActions
Related to Rudder - Architecture #27124: Use ESM modules in rudder-webPending technical reviewClark ANDRIANASOLOActions
Related to Rudder - Bug #25704: event log detail show shouldBeReplacedByDiffNewFrançois ARMANDActions
Actions #1

Updated by Clark ANDRIANASOLO about 1 month ago

  • Description updated (diff)
Actions #2

Updated by Clark ANDRIANASOLO about 1 month ago · Edited

  • Effort required changed from Very Small to Medium
  • Priority changed from 103 to 58

The JS code to render the event log makes an HTTP request to the event logs details endpoint, which returns HTML code in some field, but in #25352 we made assumptions about the response of the API, which may only contain HTML, but no JS.

So we should find a way to run diffs, we can not longer run script tags from the server, it will be far from trivial to prevent any XSS (and looking forward to migrate in Elm) : we would need to change the API, maybe add an optional "changes"/"diff" field as already returned in the change request API : https://docs.rudder.io/api/v/21/#tag/Change-requests/operation/changeRequestDetails. So we should backport [[a lot of code from the change-validation plugin]](https://github.com/Normation/rudder-plugins/pull/618), and handle the display of diffs in the JS code instead of Scala, it is a major architecture change.

Another temporary solution for 8.2 would be to sandbox the js code within an iframe and allow the execution of those scripts. It seems urgent to find a solution to have visibility on the architectural change : #27124

Actions #3

Updated by Clark ANDRIANASOLO about 1 month ago

  • Related to Bug #25352: Event log rollback action is prevented from CSP headers added
Actions #4

Updated by Clark ANDRIANASOLO about 1 month ago

Actions #5

Updated by François ARMAND about 1 month ago

  • Priority changed from To review to 1 (highest)

P1 because it may be small and it's very user facing.

Actions #6

Updated by Clark ANDRIANASOLO about 1 month ago

  • Status changed from New to In progress
Actions #7

Updated by Clark ANDRIANASOLO about 1 month ago

  • Status changed from In progress to Pending technical review
  • Pull Request set to https://github.com/Normation/rudder/pull/6470
Actions #8

Updated by Clark ANDRIANASOLO about 1 month ago

  • Assignee changed from Clark ANDRIANASOLO to François ARMAND
Actions #9

Updated by Clark ANDRIANASOLO 27 days ago

  • Related to Bug #25704: event log detail show shouldBeReplacedByDiff added
Actions #10

Updated by Clark ANDRIANASOLO 27 days ago

  • Status changed from Pending technical review to Pending release

Updated by François ARMAND 26 days ago

I does not seems to work, at least not for properties in 8.3, maybe perhaps because of a CSP header problem.

Some other diffs, like rule change for directive, work.

Actions #12

Updated by Félix DALLIDET 13 days ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 8.2.8 and 8.3.3 which were released today.

Actions

Also available in: Atom PDF