Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10375

Latest version ensured for python packages is incorrect

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.15.0
    • Component/s: None
    • Labels:
    • Template:
      PUP Bug Template
    • Team:
      Night's Watch
    • Story Points:
      3
    • Sprint:
      NW - 2020-04-15, NW - 2020-04-29
    • Method Found:
      Needs Assessment
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Ensuring latest package available using pip caused, in certain scenarios, lack of idempotency because puppet was seeing the wrong version as being latest. Comparing and sorting mechanism of versions was improved.
    • QA Risk Assessment:
      Needs Assessment

      Description

      In lib/puppet/provider/package/pip.rb pip version checks and python packages sortings/comparisons are prone to be often done incorrectly. One example would be for the 'numpy' package. Below can be seen some of this package's versions being sorted incorrectly:

      Correctly sorted Currently sorted
      1.10.4 1.10.4
      1.11.0b3 1.11.0
      1.11.0rc1 1.11.0b3
      1.11.0rc2 1.11.0rc1
      1.11.0 1.11.0rc2
      1.11.1rc1 1.11.1
      1.11.1 1.11.1rc1
      1.11.2rc1 1.11.2
      1.11.2 1.11.2rc1

       

      This impacts package installation, using pip, when trying to ensure the latest version for any python package. 

       

      Proposed solution:

      All pip version checks and python packages comparison/sortings should be done using Puppet::Util::Package::Version::Pip.compare instead of Puppet::Util::Package.versioncmp.

      This solution's implementation impact needs to be addressed as following:

      • in case of invalid/unsupported versions, it shouldn't raise anything which might disrupt the rest of a manifest application/agent run
      • would be a good idea to investigate pip's legacy versions (see pip's source code, check if this is still being used by packages/if such packages still exist and then, based on findings, maybe reconsider supporting them OR find a suitable solution for when puppet will come across one of them)
      • some refactoring needs to be done for partially duplicated code: get all available versions for a package in only one method (at least per pip version particularities) by sorting the list of available versions and use it to find out the latest version and also use it when checking for a version range)

       

       

        Attachments

          Activity

            People

            Assignee:
            luchian.nemes Luchian Nemes
            Reporter:
            luchian.nemes Luchian Nemes
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support