Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10097

Protect against binary diffs

    XMLWordPrintable

    Details

    • Template:
      PUP Bug Template
    • Acceptance Criteria:
      Hide

      Binary types as file resource content works consistently across puppet agent and puppet apply.

      Show
      Binary types as file resource content works consistently across puppet agent and puppet apply .
    • Team:
      Night's Watch
    • Story Points:
      2
    • Sprint:
      2019-11-27, 2019-12-11, 2019-12-24
    • Method Found:
      Customer Feedback
    • CS Priority:
      Reviewed
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      Previously "puppet agent -t" or "puppet apply --show_diff" could generate an error when trying to display the changes it made to a binary file.
      Puppet now detects this case and prints a generic message mentioning that the binary files differ.
      Show
      Previously "puppet agent -t" or "puppet apply --show_diff" could generate an error when trying to display the changes it made to a binary file. Puppet now detects this case and prints a generic message mentioning that the binary files differ.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet Version: 5.5.16
      Puppet Server Version: PE 2018.1.9
      OS Name/Version: RHEL 7.6

      Desired Behavior:

      puppet agent can manage the contents of a file resource that uses a Binary type for its contents, with behavior consistent with puppet apply running the same manifest.

      Actual Behavior:

      Attempting to write binary file content represented in hex as c7 d1 fc 84, converted to base64 and passed as Binary('x9H8hA=='), editing /etc/puppetlabs/code/environments/production/manifests/site.pp:

      [root@pe-201819-master manifests]# cat site.pp
      ## site.pp ##
       
      # This file (/etc/puppetlabs/puppet/manifests/site.pp) is the main entry point
      ...
      node default {
        # This is where you can declare classes for all nodes.
        # Example:
        #   class { 'my_class': }
        file { '/tmp/test':
          ensure  => present,
          content => Binary('x9H8hA=='),
        }
      }
       
      [root@pe-201819-master manifests]# puppet apply site.pp
      Notice: Compiled catalog for pe-201819-master.puppetdebug.vlan in environment production in 0.02 seconds
      Notice: /Stage[main]/Main/Node[default]/File[/tmp/test]/ensure: defined content as '{md5}387d16f3cb61048e6fb16cfd81367ce8'
      Notice: Applied catalog in 0.20 seconds
       
      [root@pe-201819-master manifests]# od -t x1 /tmp/test
      0000000 c7 d1 fc 84
      0000004
      

      This is the expected result of applying the manifest. puppet apply works as expected.

      Running as puppet agent fails:

      [root@pe-201819-master manifests]# puppet agent --test
      Info: Using configured environment 'production'
      Info: Retrieving pluginfacts
      Info: Retrieving plugin
      Info: Retrieving locales
      Info: Loading facts
      Info: Caching catalog for pe-201819-master.puppetdebug.vlan
      Info: Applying configuration version '1570644420'
      Notice: /Stage[main]/Main/Node[default]/File[/tmp/test]/content: Received a Log attribute with invalid encoding:"\n--- /tmp/test\t2019-10-09 18:06:34.850138853 +0000\n+++ /tmp/puppet-file20191009-20057-12z3c2w\t2019-10-09 18:07:15.397076080 +0000\n@@ -1 +1 @@\n-\xC7\xD1\xFC\x84\n\\ No newline at end of file\n+x9H8hA==\n\\ No newline at end of file\n"\nBacktrace:
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:190:in `newmessage'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:313:in `initialize'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:88:in `new'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:88:in `create'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/logging.rb:11:in `send_log'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/logging.rb:20:in `block (2 levels) in <module:Logging>'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:45:in `block in checksum_insync?'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:19:in `write_temporarily'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:44:in `checksum_insync?'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/content.rb:104:in `insync?'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:278:in `safe_insync?'
      Notice: /Stage[main]/Main/Node[default]/File[/tmp/test]/content: content changed '{md5}387d16f3cb61048e6fb16cfd81367ce8' to '{md5}1567c6c4f10f34202b0f7578d8d44e43'
      Notice: Applied catalog in 21.24 seconds
      

      Excerpted with debug logging:

      ...
      2019-10-09 18:25:28 +0000 Puppet (debug): Executing: 'diff -u /tmp/test /tmp/puppet-file20191009-29036-thyi2b'
      2019-10-09 18:25:28 +0000 /Stage[main]/Main/Node[default]/File[/tmp/test]/content (notice): Received a Log attribute with invalid encoding:"\n--- /tmp/test\t2019-10-09 18:25:21.809153889 +0000\n+++ /tmp/puppet-file20191009-29036-thyi2b\t2019-10-09 18:25:28.063298027 +0000\n@@ -1 +1 @@\n-\xC7\xD1\xFC\x84\n\\ No newline at end of file\n+x9H8hA==\n\\ No newline at end of file\n"\nBacktrace:
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:190:in `newmessage'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:313:in `initialize'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:88:in `new'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:88:in `create'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/logging.rb:11:in `send_log'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/logging.rb:20:in `block (2 levels) in <module:Logging>'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:45:in `block in checksum_insync?'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:19:in `write_temporarily'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:44:in `checksum_insync?'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/content.rb:104:in `insync?'
      /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:278:in `safe_insync?'
      2019-10-09 18:25:28 +0000 Puppet (debug): Executing: 'diff -u /tmp/test /tmp/puppet-file20191009-29036-2dqm05'
      2019-10-09 18:25:28 +0000 /Stage[main]/Main/Node[default]/File[/tmp/test]/content (notice):
      2019-10-09 18:25:28 +0000 /Stage[main]/Main/Node[default]/File[/tmp/test]/content (notice): content changed '{md5}387d16f3cb61048e6fb16cfd81367ce8' to '{md5}1567c6c4f10f34202b0f7578d8d44e43' (corrective)
      2019-10-09 18:25:28 +0000 /Stage[main]/Main/Node[default]/File[/tmp/test] (debug): The container Node[default] will propagate my refresh event
      ...
      

      The file is created, but with the base64 content written as a string:

      [root@pe-201819-master manifests]# od -t x1 /tmp/test
      0000000 78 39 48 38 68 41 3d 3d
      0000010
       
      [root@pe-201819-master manifests]# cat /tmp/test
      x9H8hA==
      

      md5 of the incorrect content ends in 4e43. md5 of the correct content ends in 7ce8.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ciprian.badescu Ciprian Badescu
              Reporter:
              garrett.guillotte Garrett Guillotte
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support