User story #7376
closedAuthorize both path relative to technique and to config-repos in technique metadata.xml descriptor
Description
In the Technique descriptor (metadata.xml), allow both relative and full path for the templates used (TML attribute) to allow better isolation of promises in ncf
Updated by Nicolas CHARLES about 9 years ago
Oh, and also autorize pure .cf file
Updated by Nicolas CHARLES about 9 years ago
- Related to User story #7377: Adapt rudderify script to use <FILE> in the generated metadata.xml added
Updated by François ARMAND about 9 years ago
- Status changed from New to In progress
Updated by Vincent MEMBRÉ about 9 years ago
- Related to deleted (User story #7377: Adapt rudderify script to use <FILE> in the generated metadata.xml)
Updated by François ARMAND about 9 years ago
After some more thought, I'm pretty that we don't want to authorize any absolute path for templates.
For one, I'm almost sure it's a security all waiting to be found. Letting the possibility for one to use any file on the FS, especially one with unpriviliedge rights, as a template for root-level management of nodes seems to be a bad idea.
But even without considering the extension of the attack surface, allowing to use template anywhere on the FS completely broke the boudaries of our system, and it becomes impossible to even try to versionned (or take care of version) of Technique templates, because we can't any longer tell when some technique come into Rudder. Today, we DO can, even if we are not doing it completelly: the Technique template is versionned in our Git. And we do use it, because it's what allows to trigger a promise generation if a Technique changed and the library was reload (or more exactly, it allows to trace which Techniques changed, and so what promises must be updated).
So, the problem may be tell like that: we don't want to authorise template outside of our Git.
Notice that all of that MAY be irrelevant for the <FILE> tag (see #7402), because we can have as policy that <FILES> are outside of Rudder system, and that it's a feature to not track them - but that's not clear, see details on the ticket)
So, I propose to add that prerequisite: the absolute path given must be a subdirectory of the Git defined in the rudder configuration file for property "rudder.dir.gitRoot" (by default, /var/rudder/configuration-repository)
Updated by François ARMAND about 9 years ago
- Subject changed from Authorize both relative and full path for templates in technique descriptor to Authorize both path relative to technique and to config-repos in technique metadata.xml descriptor
See for explanation about the "why" in #7402
Updated by François ARMAND about 9 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Nicolas CHARLES
- Pull Request set to https://github.com/Normation/rudder/pull/966
Updated by François ARMAND about 9 years ago
- Related to User story #7402: Add a <FILE> tag in metadata.xml to allow simple file copy into techniques added
Updated by François ARMAND about 9 years ago
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
Applied in changeset rudder|e78ec2eca1eb38b6e627a45af0279e02149da83f.
Updated by François ARMAND about 9 years ago
Applied in changeset rudder|aeed4977f5ceaf12b6a57ef52d44ad99b442c3f7.
Updated by Vincent MEMBRÉ about 9 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 3.2.0~beta1 which was released today.