User story #3285
closedUser story #2947: A special textarea-type field should exist for the Techniques that automatically escapes some characters
Create a migration script to "unescape" manually escaped variable
Description
Prior to #3281, one had to manually escape string to be set in Rudder, so that they where valid
It's was quite a burden to do, and if they have also to bear the burden of updating all their directive, they'll go mad
We'll have to scan all entries in the directive, find all values which is manually escaped ( \" but not \\" replaced to ", \\ but not \\" replaced by \ )
However, we'd need an invariant to do it only once.
Updated by Nicolas CHARLES almost 12 years ago
We need to :
- run the migration script only once
- unescape only variables that are not system or not RAW
And I have no idea on how to do it for the first point, and the second looks quite tricky
Updated by Nicolas CHARLES almost 12 years ago
On non-raw fields or non-system variables,
- if a user typed \", it meant he expected a " in the promise
- if a user typed \\, he expected a \
- if he typed \ folowwed by anything but " or \, he simply meant \
- \" to "
- \\ to \
That should cover most cases
Updated by Nicolas CHARLES over 11 years ago
- Status changed from New to 8
- Assignee set to Matthieu CERDA
It's been decided that is should be a script launched by the migration script from pre 2.6 to 2.6. It would look into the LDAP directory, for entries with OC directive within DN: directiveId=common-root,activeTechniqueId=common
It would look for directiveVariable attributes, with the format LHS[x]:RHS, and replace within RHS all the \\ by \, and all the \" by "
Thank you !
Updated by Nicolas PERRON over 11 years ago
- Status changed from 8 to Discussion
- Assignee changed from Matthieu CERDA to Nicolas CHARLES
Nicolas CHARLES wrote:
It's been decided that is should be a script launched by the migration script from pre 2.6 to 2.6. It would look into the LDAP directory, for entries with OC directive within DN: directiveId=common-root,activeTechniqueId=common
It would look for directiveVariable attributes, with the format LHS[x]:RHS, and replace within RHS all the \\ by \, and all the \" by "Thank you !
What do you mean by "OC directive" ?
If I search into dn: directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration I only have one result:
nperron@rudder-snapshot:~$ /opt/rudder/bin/ldapsearch -H ldap://localhost -x -w ${LDAP_PASSWORD} -D ${LDAP_USER} -b 'directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration' -LLL dn: directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudde r Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configur ation objectClass: directive objectClass: top directiveId: common-root cn: Common description: Common - Technical techniqueVersion: 0:1.0 isEnabled: TRUE isSystem: TRUE directivePriority: 0 directiveVariable: OWNER[0]:${rudder.node.admin} directiveVariable: UUID[0]:${rudder.node.id} directiveVariable: POLICYSERVER[0]:rudder-snapshot-2.6.normation.com directiveVariable: POLICYSERVER_ID[0]:root directiveVariable: POLICYSERVER_ADMIN[0]:root directiveVariable: ALLOWEDNETWORK[0]:192.168.0.0/24 directiveVariable: POLICYCHILDREN[0]:${rudder.hasPolicyServer-root.target.host name} directiveVariable: ADMIN[0]:${rudder.hasPolicyServer-root.target.admin} directiveVariable: CHILDRENID[0]:${rudder.hasPolicyServer-root.target.id}
This result seems normal to me but I don't understand why we should make actions here.
Updated by Nicolas PERRON over 11 years ago
Nicolas PERRON wrote:
Nicolas CHARLES wrote:
It's been decided that is should be a script launched by the migration script from pre 2.6 to 2.6. It would look into the LDAP directory, for entries with OC directive within DN: directiveId=common-root,activeTechniqueId=common
It would look for directiveVariable attributes, with the format LHS[x]:RHS, and replace within RHS all the \\ by \, and all the \" by "Thank you !
What do you mean by "OC directive" ?
If I search into dn: directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration I only have one result:
[...]This result seems normal to me but I don't understand why we should make actions here.
Ok, what you mean was to search all ObjectClass Directive within techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration:
/opt/rudder/bin/ldapsearch -H ldap://localhost -x -w ${LDAP_PASSWORD} -D ${LDAP_USER} -b 'techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration' -LLL '(objectClass=directive)'
Updated by Matthieu CERDA over 11 years ago
- Assignee changed from Nicolas CHARLES to Jonathan CLARKE
- % Done changed from 0 to 50
- If a \\ or a \"blablahbla\" is detected
then - Replace it by "blablahbla" or \
It is totally reentrant and only modifies values if matching patterns appear.
Command:
/opt/rudder/bin/ldapsearch -H ldap://localhost -x -w secret -D cn=Manager,cn=rudder-configuration -b 'techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration' -LLL '(&(objectClass=directive)(|(directiveVariable=*\\"*)(directiveVariable=*\\\\*)))' directiveVariable|sed "s/\(ou=Rudder,cn=rudder-configuration\)/\1\nchangetype: modify\nreplace: directiveVariable/"|sed "s/\\\\\"/\"/g"|sed "s%\\\\\\\%\\\%g"|/opt/rudder/bin/ldapmodify -H ldap://localhost -x -w secret -D cn=Manager,cn=rudder-configuration
May I convert this to a migration script unit ?
Updated by Jonathan CLARKE over 11 years ago
- Assignee changed from Jonathan CLARKE to Matthieu CERDA
This looks fine to me.
Be careful though, it is very important that this script is only run once. Users may introduce deliberate \\ or \" in directiveVariables, so please use RPM/deb postinst tests to only run this if oldversion < 2.6 && new version >= 2.6.
Updated by Matthieu CERDA over 11 years ago
- Assignee changed from Matthieu CERDA to Jonathan CLARKE
- % Done changed from 50 to 80
- Pull Request set to https://github.com/Normation/rudder-packages/pull/28
I committed a first approach, due to the complexity of the old/new version handling in the SPECfiles.
Is this a good way of doing it ?
Updated by Matthieu CERDA over 11 years ago
- Status changed from Discussion to Pending technical review
- Assignee changed from Jonathan CLARKE to Matthieu CERDA
- % Done changed from 80 to 100
The PR has been fixed and jon acknowledged it. This ticket awaits a merge.
Updated by Matthieu CERDA over 11 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset packages:commit:210f5c25ee52ec1117efb691e2ce2979fa920d7d.
Updated by Matthieu CERDA over 11 years ago
Applied in changeset packages:commit:560a9590d0c974f6141941febf57e32d7a1cd082.
Updated by Matthieu CERDA over 11 years ago
Applied in changeset packages:commit:5028b04c84ec80d5813e77344d64b1638fea7a8d.
Updated by Jonathan CLARKE over 11 years ago
- Status changed from Pending release to Released
This ticket has been addressed in version 2.6.0~beta1 of Rudder, which has just been released. Please see the changelog here: https://www.rudder-project.org/foswiki/System/Documentation:ChangeLog26.
Updated by Benoît PECCATTE almost 10 years ago
- Category changed from 14 to Web - Config management
Updated by Benoît PECCATTE over 9 years ago
- Tracker changed from 6 to User story