[PUP-10097] Protect against binary diffs - Puppet Tickets

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Affects Version/s: PUP 5.5.16
Fix Version/s: PUP 5.5.18, PUP 6.4.5, PUP 6.12.0
Component/s: None
Labels:
- beginner
- resolved-issue-added

Template:
PUP Bug Template customfield_10700 328673
Acceptance Criteria:

Hide

Binary types as file resource content works consistently across puppet agent and puppet apply.

Show
Binary types as file resource content works consistently across puppet agent and puppet apply .
Team:
Night's Watch
Story Points:
2
Sprint:
2019-11-27, 2019-12-11, 2019-12-24
Method Found:
Customer Feedback

CS Priority:
Reviewed

Release Notes:
Bug Fix
Release Notes Summary:

Hide
Previously "puppet agent -t" or "puppet apply --show_diff" could generate an error when trying to display the changes it made to a binary file.
Puppet now detects this case and prints a generic message mentioning that the binary files differ.

Show
Previously "puppet agent -t" or "puppet apply --show_diff" could generate an error when trying to display the changes it made to a binary file. Puppet now detects this case and prints a generic message mentioning that the binary files differ.

QA Risk Assessment:
Needs Assessment

Description

Puppet Version: 5.5.16
Puppet Server Version: PE 2018.1.9
OS Name/Version: RHEL 7.6

Desired Behavior:

puppet agent can manage the contents of a file resource that uses a Binary type for its contents, with behavior consistent with puppet apply running the same manifest.

Actual Behavior:

Attempting to write binary file content represented in hex as c7 d1 fc 84, converted to base64 and passed as Binary('x9H8hA=='), editing /etc/puppetlabs/code/environments/production/manifests/site.pp:

[root@pe-201819-master manifests]# cat site.pp

## site.pp ##

# This file (/etc/puppetlabs/puppet/manifests/site.pp) is the main entry point

...

node default {

  # This is where you can declare classes for all nodes.

  # Example:

  #   class { 'my_class': }

  file { '/tmp/test':

    ensure  => present,

    content => Binary('x9H8hA=='),

[root@pe-201819-master manifests]# puppet apply site.pp

Notice: Compiled catalog for pe-201819-master.puppetdebug.vlan in environment production in 0.02 seconds

Notice: /Stage[main]/Main/Node[default]/File[/tmp/test]/ensure: defined content as '{md5}387d16f3cb61048e6fb16cfd81367ce8'

Notice: Applied catalog in 0.20 seconds

[root@pe-201819-master manifests]# od -t x1 /tmp/test

0000000 c7 d1 fc 84

This is the expected result of applying the manifest. puppet apply works as expected.

Running as puppet agent fails:

[root@pe-201819-master manifests]# puppet agent --test

Info: Using configured environment 'production'

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Retrieving locales

Info: Loading facts

Info: Caching catalog for pe-201819-master.puppetdebug.vlan

Info: Applying configuration version '1570644420'

Notice: /Stage[main]/Main/Node[default]/File[/tmp/test]/content: Received a Log attribute with invalid encoding:"\n--- /tmp/test\t2019-10-09 18:06:34.850138853 +0000\n+++ /tmp/puppet-file20191009-20057-12z3c2w\t2019-10-09 18:07:15.397076080 +0000\n@@ -1 +1 @@\n-\xC7\xD1\xFC\x84\n\\ No newline at end of file\n+x9H8hA==\n\\ No newline at end of file\n"\nBacktrace:

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:190:in `newmessage'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:313:in `initialize'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:88:in `new'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:88:in `create'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/logging.rb:11:in `send_log'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/logging.rb:20:in `block (2 levels) in <module:Logging>'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:45:in `block in checksum_insync?'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:19:in `write_temporarily'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:44:in `checksum_insync?'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/content.rb:104:in `insync?'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:278:in `safe_insync?'

Notice: /Stage[main]/Main/Node[default]/File[/tmp/test]/content: content changed '{md5}387d16f3cb61048e6fb16cfd81367ce8' to '{md5}1567c6c4f10f34202b0f7578d8d44e43'

Notice: Applied catalog in 21.24 seconds

Excerpted with debug logging:

...

2019-10-09 18:25:28 +0000 Puppet (debug): Executing: 'diff -u /tmp/test /tmp/puppet-file20191009-29036-thyi2b'

2019-10-09 18:25:28 +0000 /Stage[main]/Main/Node[default]/File[/tmp/test]/content (notice): Received a Log attribute with invalid encoding:"\n--- /tmp/test\t2019-10-09 18:25:21.809153889 +0000\n+++ /tmp/puppet-file20191009-29036-thyi2b\t2019-10-09 18:25:28.063298027 +0000\n@@ -1 +1 @@\n-\xC7\xD1\xFC\x84\n\\ No newline at end of file\n+x9H8hA==\n\\ No newline at end of file\n"\nBacktrace:

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:190:in `newmessage'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:313:in `initialize'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:88:in `new'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:88:in `create'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/logging.rb:11:in `send_log'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/logging.rb:20:in `block (2 levels) in <module:Logging>'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:45:in `block in checksum_insync?'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:19:in `write_temporarily'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:44:in `checksum_insync?'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/content.rb:104:in `insync?'

/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:278:in `safe_insync?'

2019-10-09 18:25:28 +0000 Puppet (debug): Executing: 'diff -u /tmp/test /tmp/puppet-file20191009-29036-2dqm05'

2019-10-09 18:25:28 +0000 /Stage[main]/Main/Node[default]/File[/tmp/test]/content (notice):

2019-10-09 18:25:28 +0000 /Stage[main]/Main/Node[default]/File[/tmp/test]/content (notice): content changed '{md5}387d16f3cb61048e6fb16cfd81367ce8' to '{md5}1567c6c4f10f34202b0f7578d8d44e43' (corrective)

2019-10-09 18:25:28 +0000 /Stage[main]/Main/Node[default]/File[/tmp/test] (debug): The container Node[default] will propagate my refresh event

...

The file is created, but with the base64 content written as a string:

[root@pe-201819-master manifests]# od -t x1 /tmp/test

0000000 78 39 48 38 68 41 3d 3d

[root@pe-201819-master manifests]# cat /tmp/test

x9H8hA==

md5 of the incorrect content ends in 4e43. md5 of the correct content ends in 7ce8.

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(4 mentioned in)

Protect against binary diffs

Details

Description

Attachments

Issue Links

Activity

People

Dates

Zendesk Support