Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10097

Protect against binary diffs

          Details

          • Template:
            PUP Bug Template
          • Acceptance Criteria:
            Hide

            Binary types as file resource content works consistently across puppet agent and puppet apply.

            Show
            Binary types as file resource content works consistently across puppet agent and puppet apply .
          • Team:
            Night's Watch
          • Story Points:
            2
          • Sprint:
            2019-11-27, 2019-12-11, 2019-12-24
          • Method Found:
            Customer Feedback
          • CS Priority:
            Reviewed
          • Release Notes:
            Bug Fix
          • Release Notes Summary:
            Hide
            Previously "puppet agent -t" or "puppet apply --show_diff" could generate an error when trying to display the changes it made to a binary file.
            Puppet now detects this case and prints a generic message mentioning that the binary files differ.
            Show
            Previously "puppet agent -t" or "puppet apply --show_diff" could generate an error when trying to display the changes it made to a binary file. Puppet now detects this case and prints a generic message mentioning that the binary files differ.
          • QA Risk Assessment:
            Needs Assessment

            Description

            Puppet Version: 5.5.16
            Puppet Server Version: PE 2018.1.9
            OS Name/Version: RHEL 7.6

            Desired Behavior:

            puppet agent can manage the contents of a file resource that uses a Binary type for its contents, with behavior consistent with puppet apply running the same manifest.

            Actual Behavior:

            Attempting to write binary file content represented in hex as c7 d1 fc 84, converted to base64 and passed as Binary('x9H8hA=='), editing /etc/puppetlabs/code/environments/production/manifests/site.pp:

            [root@pe-201819-master manifests]# cat site.pp
            		 
            ## site.pp ##
            		 
             
            		 
            # This file (/etc/puppetlabs/puppet/manifests/site.pp) is the main entry point
            		 
            ...
            		 
            node default {
            		 
              # This is where you can declare classes for all nodes.
            		 
              # Example:
            		 
              #   class { 'my_class': }
            		 
              file { '/tmp/test':
            		 
                ensure  => present,
            		 
                content => Binary('x9H8hA=='),
            		 
              }
            		 
            }
            		 
             
            		 
            [root@pe-201819-master manifests]# puppet apply site.pp
            		 
            Notice: Compiled catalog for pe-201819-master.puppetdebug.vlan in environment production in 0.02 seconds
            		 
            Notice: /Stage[main]/Main/Node[default]/File[/tmp/test]/ensure: defined content as '{md5}387d16f3cb61048e6fb16cfd81367ce8'
            		 
            Notice: Applied catalog in 0.20 seconds
            		 
             
            		 
            [root@pe-201819-master manifests]# od -t x1 /tmp/test
            		 
            0000000 c7 d1 fc 84
            		 
            0000004

            This is the expected result of applying the manifest. puppet apply works as expected.

            Running as puppet agent fails:

            [root@pe-201819-master manifests]# puppet agent --test
            		 
            Info: Using configured environment 'production'
            		 
            Info: Retrieving pluginfacts
            		 
            Info: Retrieving plugin
            		 
            Info: Retrieving locales
            		 
            Info: Loading facts
            		 
            Info: Caching catalog for pe-201819-master.puppetdebug.vlan
            		 
            Info: Applying configuration version '1570644420'
            		 
            Notice: /Stage[main]/Main/Node[default]/File[/tmp/test]/content: Received a Log attribute with invalid encoding:"\n--- /tmp/test\t2019-10-09 18:06:34.850138853 +0000\n+++ /tmp/puppet-file20191009-20057-12z3c2w\t2019-10-09 18:07:15.397076080 +0000\n@@ -1 +1 @@\n-\xC7\xD1\xFC\x84\n\\ No newline at end of file\n+x9H8hA==\n\\ No newline at end of file\n"\nBacktrace:
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:190:in `newmessage'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:313:in `initialize'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:88:in `new'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:88:in `create'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/logging.rb:11:in `send_log'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/logging.rb:20:in `block (2 levels) in <module:Logging>'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:45:in `block in checksum_insync?'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:19:in `write_temporarily'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:44:in `checksum_insync?'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/content.rb:104:in `insync?'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:278:in `safe_insync?'
            		 
            Notice: /Stage[main]/Main/Node[default]/File[/tmp/test]/content: content changed '{md5}387d16f3cb61048e6fb16cfd81367ce8' to '{md5}1567c6c4f10f34202b0f7578d8d44e43'
            		 
            Notice: Applied catalog in 21.24 seconds

            Excerpted with debug logging:

            ...
            		 
            2019-10-09 18:25:28 +0000 Puppet (debug): Executing: 'diff -u /tmp/test /tmp/puppet-file20191009-29036-thyi2b'
            		 
            2019-10-09 18:25:28 +0000 /Stage[main]/Main/Node[default]/File[/tmp/test]/content (notice): Received a Log attribute with invalid encoding:"\n--- /tmp/test\t2019-10-09 18:25:21.809153889 +0000\n+++ /tmp/puppet-file20191009-29036-thyi2b\t2019-10-09 18:25:28.063298027 +0000\n@@ -1 +1 @@\n-\xC7\xD1\xFC\x84\n\\ No newline at end of file\n+x9H8hA==\n\\ No newline at end of file\n"\nBacktrace:
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:190:in `newmessage'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:313:in `initialize'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:88:in `new'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/log.rb:88:in `create'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/logging.rb:11:in `send_log'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/logging.rb:20:in `block (2 levels) in <module:Logging>'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:45:in `block in checksum_insync?'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:19:in `write_temporarily'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/data_sync.rb:44:in `checksum_insync?'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/file/content.rb:104:in `insync?'
            		 
            /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:278:in `safe_insync?'
            		 
            2019-10-09 18:25:28 +0000 Puppet (debug): Executing: 'diff -u /tmp/test /tmp/puppet-file20191009-29036-2dqm05'
            		 
            2019-10-09 18:25:28 +0000 /Stage[main]/Main/Node[default]/File[/tmp/test]/content (notice):
            		 
            2019-10-09 18:25:28 +0000 /Stage[main]/Main/Node[default]/File[/tmp/test]/content (notice): content changed '{md5}387d16f3cb61048e6fb16cfd81367ce8' to '{md5}1567c6c4f10f34202b0f7578d8d44e43' (corrective)
            		 
            2019-10-09 18:25:28 +0000 /Stage[main]/Main/Node[default]/File[/tmp/test] (debug): The container Node[default] will propagate my refresh event
            		 
            ...

            The file is created, but with the base64 content written as a string:

            [root@pe-201819-master manifests]# od -t x1 /tmp/test
            		 
            0000000 78 39 48 38 68 41 3d 3d
            		 
            0000010
            		 
             
            		 
            [root@pe-201819-master manifests]# cat /tmp/test
            		 
            x9H8hA==

            md5 of the incorrect content ends in 4e43. md5 of the correct content ends in 7ce8.

              Attachments

                Issue Links

                mentioned in

                Page Loading...

                Page Loading...

                Page Loading...

                Page Loading...

                Page Loading...

                Page Loading...

                Page Loading...

                Page Loading...

                Page Loading...

                  Activity

                    People

                    • Assignee:
                      ciprian.badescu Ciprian Badescu
                      Reporter:
                      garrett.guillotte Garrett Guillotte
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      8 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved:

                        Zendesk Support