Project

General

Profile

Actions

User story #3285

closed

User story #2947: A special textarea-type field should exist for the Techniques that automatically escapes some characters

Create a migration script to "unescape" manually escaped variable

Added by Nicolas CHARLES almost 12 years ago. Updated over 9 years ago.

Status:
Released
Priority:
1 (highest)
Assignee:
Matthieu CERDA
Category:
Web - Config management
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:

Description

Prior to #3281, one had to manually escape string to be set in Rudder, so that they where valid
It's was quite a burden to do, and if they have also to bear the burden of updating all their directive, they'll go mad

We'll have to scan all entries in the directive, find all values which is manually escaped ( \" but not \\" replaced to ", \\ but not \\" replaced by \ )
However, we'd need an invariant to do it only once.

Actions #1

Updated by Nicolas CHARLES almost 12 years ago

This is a quite complex feature
We need to :
  1. run the migration script only once
  2. unescape only variables that are not system or not RAW

And I have no idea on how to do it for the first point, and the second looks quite tricky

Actions #2

Updated by Nicolas CHARLES almost 12 years ago

Here is the list of the problematic case :
On non-raw fields or non-system variables,
  • if a user typed \", it meant he expected a " in the promise
  • if a user typed \\, he expected a \
  • if he typed \ folowwed by anything but " or \, he simply meant \
So we have to figure what are the non-raw or non-system variables, and convert
  • \" to "
  • \\ to \

That should cover most cases

Actions #3

Updated by Nicolas CHARLES over 11 years ago

  • Status changed from New to 8
  • Assignee set to Matthieu CERDA

It's been decided that is should be a script launched by the migration script from pre 2.6 to 2.6. It would look into the LDAP directory, for entries with OC directive within DN: directiveId=common-root,activeTechniqueId=common
It would look for directiveVariable attributes, with the format LHS[x]:RHS, and replace within RHS all the \\ by \, and all the \" by "

Thank you !

Actions #4

Updated by Nicolas PERRON over 11 years ago

  • Status changed from 8 to Discussion
  • Assignee changed from Matthieu CERDA to Nicolas CHARLES

Nicolas CHARLES wrote:

It's been decided that is should be a script launched by the migration script from pre 2.6 to 2.6. It would look into the LDAP directory, for entries with OC directive within DN: directiveId=common-root,activeTechniqueId=common
It would look for directiveVariable attributes, with the format LHS[x]:RHS, and replace within RHS all the \\ by \, and all the \" by "

Thank you !

What do you mean by "OC directive" ?

If I search into dn: directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration I only have one result:

nperron@rudder-snapshot:~$ /opt/rudder/bin/ldapsearch -H ldap://localhost -x -w ${LDAP_PASSWORD} -D ${LDAP_USER} -b 'directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration' -LLL 
dn: directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudde
 r Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configur
 ation
objectClass: directive
objectClass: top
directiveId: common-root
cn: Common
description: Common - Technical
techniqueVersion: 0:1.0
isEnabled: TRUE
isSystem: TRUE
directivePriority: 0
directiveVariable: OWNER[0]:${rudder.node.admin}
directiveVariable: UUID[0]:${rudder.node.id}
directiveVariable: POLICYSERVER[0]:rudder-snapshot-2.6.normation.com
directiveVariable: POLICYSERVER_ID[0]:root
directiveVariable: POLICYSERVER_ADMIN[0]:root
directiveVariable: ALLOWEDNETWORK[0]:192.168.0.0/24
directiveVariable: POLICYCHILDREN[0]:${rudder.hasPolicyServer-root.target.host
 name}
directiveVariable: ADMIN[0]:${rudder.hasPolicyServer-root.target.admin}
directiveVariable: CHILDRENID[0]:${rudder.hasPolicyServer-root.target.id}

This result seems normal to me but I don't understand why we should make actions here.

Actions #5

Updated by Nicolas PERRON over 11 years ago

Nicolas PERRON wrote:

Nicolas CHARLES wrote:

It's been decided that is should be a script launched by the migration script from pre 2.6 to 2.6. It would look into the LDAP directory, for entries with OC directive within DN: directiveId=common-root,activeTechniqueId=common
It would look for directiveVariable attributes, with the format LHS[x]:RHS, and replace within RHS all the \\ by \, and all the \" by "

Thank you !

What do you mean by "OC directive" ?

If I search into dn: directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration I only have one result:
[...]

This result seems normal to me but I don't understand why we should make actions here.

Ok, what you mean was to search all ObjectClass Directive within techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration:

/opt/rudder/bin/ldapsearch -H ldap://localhost -x -w ${LDAP_PASSWORD} -D ${LDAP_USER} -b 'techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration' -LLL '(objectClass=directive)'
Actions #6

Updated by Matthieu CERDA over 11 years ago

  • Assignee changed from Nicolas CHARLES to Jonathan CLARKE
  • % Done changed from 0 to 50
Here is what I did:
  • If a \\ or a \"blablahbla\" is detected
    then
  • Replace it by "blablahbla" or \

It is totally reentrant and only modifies values if matching patterns appear.

Command:

/opt/rudder/bin/ldapsearch -H ldap://localhost -x -w secret -D cn=Manager,cn=rudder-configuration -b 'techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration' -LLL '(&(objectClass=directive)(|(directiveVariable=*\\"*)(directiveVariable=*\\\\*)))' directiveVariable|sed "s/\(ou=Rudder,cn=rudder-configuration\)/\1\nchangetype: modify\nreplace: directiveVariable/"|sed "s/\\\\\"/\"/g"|sed "s%\\\\\\\%\\\%g"|/opt/rudder/bin/ldapmodify -H ldap://localhost -x -w secret -D cn=Manager,cn=rudder-configuration

May I convert this to a migration script unit ?

Actions #7

Updated by Jonathan CLARKE over 11 years ago

  • Assignee changed from Jonathan CLARKE to Matthieu CERDA

This looks fine to me.

Be careful though, it is very important that this script is only run once. Users may introduce deliberate \\ or \" in directiveVariables, so please use RPM/deb postinst tests to only run this if oldversion < 2.6 && new version >= 2.6.

Actions #8

Updated by Matthieu CERDA over 11 years ago

  • Assignee changed from Matthieu CERDA to Jonathan CLARKE
  • % Done changed from 50 to 80
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/28

I committed a first approach, due to the complexity of the old/new version handling in the SPECfiles.

Is this a good way of doing it ?

PR: https://github.com/Normation/rudder-packages/pull/28

Actions #9

Updated by Matthieu CERDA over 11 years ago

  • Status changed from Discussion to Pending technical review
  • Assignee changed from Jonathan CLARKE to Matthieu CERDA
  • % Done changed from 80 to 100

The PR has been fixed and jon acknowledged it. This ticket awaits a merge.

Actions #10

Updated by Matthieu CERDA over 11 years ago

  • Status changed from Pending technical review to Pending release

Applied in changeset packages:commit:210f5c25ee52ec1117efb691e2ce2979fa920d7d.

Actions #11

Updated by Matthieu CERDA over 11 years ago

Applied in changeset packages:commit:560a9590d0c974f6141941febf57e32d7a1cd082.

Actions #12

Updated by Matthieu CERDA over 11 years ago

Applied in changeset packages:commit:5028b04c84ec80d5813e77344d64b1638fea7a8d.

Actions #13

Updated by Jonathan CLARKE over 11 years ago

  • Status changed from Pending release to Released

This ticket has been addressed in version 2.6.0~beta1 of Rudder, which has just been released. Please see the changelog here: https://www.rudder-project.org/foswiki/System/Documentation:ChangeLog26.

Actions #14

Updated by Benoît PECCATTE almost 10 years ago

  • Category changed from 14 to Web - Config management
Actions #15

Updated by Benoît PECCATTE over 9 years ago

  • Tracker changed from 6 to User story
Actions

Also available in: Atom PDF