Project

General

Profile

Actions

Bug #27114

open

Many diffs no longer display in event logs

Added by Clark ANDRIANASOLO 22 days ago. Updated 5 days ago.

Status:
Pending release
Priority:
1 (highest)
Category:
Web - Config management
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
I dislike using that feature
User visibility:
Getting started - demo | first install | Technique editor and level 1 Techniques
Effort required:
Medium
Priority:
58
Name check:
To do
Fix check:
Error - Next version
Regression:
No

Description

it seems that many JS code that are executed as AJAX in the Event logs (also the change logs page in starting from 8.3) are not executed.
We use diff libraries and we inject JS code that does not seem to be executed at all, makeDiff and jsondiffpatch
So, we can no longer see the diff of tags for directives/rules (see #15019), or JSON semantic diff for node properties.

Screenshot for a missing directive diff on tags

There is a CSP violation in the page which could be the cause of that.


Files

clipboard-202506171645-uib6i.png (264 KB) clipboard-202506171645-uib6i.png Clark ANDRIANASOLO, 2025-06-17 16:45
clipboard-202507040928-0foxe.png (196 KB) clipboard-202507040928-0foxe.png François ARMAND, 2025-07-04 09:28
clipboard-202507040929-yccjb.png (37.7 KB) clipboard-202507040929-yccjb.png François ARMAND, 2025-07-04 09:29

Related issues 3 (2 open1 closed)

Related to Rudder - Bug #25352: Event log rollback action is prevented from CSP headersReleasedRaphael GAUTHIERActions
Related to Rudder - Architecture #27124: Use ESM modules in rudder-webPending technical reviewClark ANDRIANASOLOActions
Related to Rudder - Bug #25704: event log detail show shouldBeReplacedByDiffNewFrançois ARMANDActions
Actions #1

Updated by Clark ANDRIANASOLO 22 days ago

  • Description updated (diff)
Actions #2

Updated by Clark ANDRIANASOLO 22 days ago · Edited

  • Effort required changed from Very Small to Medium
  • Priority changed from 103 to 58

The JS code to render the event log makes an HTTP request to the event logs details endpoint, which returns HTML code in some field, but in #25352 we made assumptions about the response of the API, which may only contain HTML, but no JS.

So we should find a way to run diffs, we can not longer run script tags from the server, it will be far from trivial to prevent any XSS (and looking forward to migrate in Elm) : we would need to change the API, maybe add an optional "changes"/"diff" field as already returned in the change request API : https://docs.rudder.io/api/v/21/#tag/Change-requests/operation/changeRequestDetails. So we should backport [[a lot of code from the change-validation plugin]](https://github.com/Normation/rudder-plugins/pull/618), and handle the display of diffs in the JS code instead of Scala, it is a major architecture change.

Another temporary solution for 8.2 would be to sandbox the js code within an iframe and allow the execution of those scripts. It seems urgent to find a solution to have visibility on the architectural change : #27124

Actions #3

Updated by Clark ANDRIANASOLO 22 days ago

  • Related to Bug #25352: Event log rollback action is prevented from CSP headers added
Actions #4

Updated by Clark ANDRIANASOLO 21 days ago

Actions #5

Updated by François ARMAND 20 days ago

  • Priority changed from To review to 1 (highest)

P1 because it may be small and it's very user facing.

Actions #6

Updated by Clark ANDRIANASOLO 20 days ago

  • Status changed from New to In progress
Actions #7

Updated by Clark ANDRIANASOLO 20 days ago

  • Status changed from In progress to Pending technical review
  • Pull Request set to https://github.com/Normation/rudder/pull/6470
Actions #8

Updated by Clark ANDRIANASOLO 13 days ago

  • Assignee changed from Clark ANDRIANASOLO to François ARMAND
Actions #9

Updated by Clark ANDRIANASOLO 6 days ago

  • Related to Bug #25704: event log detail show shouldBeReplacedByDiff added
Actions #10

Updated by Clark ANDRIANASOLO 6 days ago

  • Status changed from Pending technical review to Pending release

Updated by François ARMAND 5 days ago

I does not seems to work, at least not for properties in 8.3, maybe perhaps because of a CSP header problem.

Some other diffs, like rule change for directive, work.

Actions

Also available in: Atom PDF