Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-684

Namevar over 1024 characters is not caught and results in invalid yaml with accompanying errors

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: PUP 3.6.1
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      Puppet resources with namevars over 1024 characters result in the generation of invalid yaml.

      For example, this nonsense resource:

      ssh_authorized_key

      { 'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff': ensure => present, user => 'root', type => 'rsa', key => 'foo', }

      Results in the following:

      [root@pe-301-master pe-301-master.puppetdebug.vlan]# puppet agent --test
      ...
      Info: Applying configuration version '1380664174'
      Notice: /Stage[main]//Ssh_authorized_key[ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff]/ensure: created
      Info: Creating state file /var/opt/lib/pe-puppet/state/state.yaml
      Notice: Finished catalog run in 8.37 seconds
      Error: Could not send report: Error 400 on SERVER: (<unknown>): could not find expected ':' while scanning a simple key at line 1314 column 5

      All future runs are prevented at that point, until you remove the state.yaml file:

      [root@pe-301-master pe-301-master.puppetdebug.vlan]# puppet agent --test
      Error: Could not run Puppet configuration client: (<unknown>): could not find expected ':' while scanning a simple key at line 441 column 3
      Error: Could not run: can't convert Puppet::Util::Log into Integer

      and then:

      root@pe-301-master pe-301-master.puppetdebug.vlan]# rm /var/opt/lib/pe-puppet/state/state.yaml
      rm: remove regular file `/var/opt/lib/pe-puppet/state/state.yaml'? y
      [root@pe-301-master pe-301-master.puppetdebug.vlan]# /opt/puppet/bin/puppet agent --test
      Info: Retrieving plugin
      Info: Loading facts in /opt/puppet/share/puppet/modules/stdlib/lib/facter/pe_version.rb
      Info: Loading facts in /opt/puppet/share/puppet/modules/stdlib/lib/facter/facter_dot_d.rb
      Info: Loading facts in /opt/puppet/share/puppet/modules/stdlib/lib/facter/puppet_vardir.rb
      Info: Loading facts in /opt/puppet/share/puppet/modules/stdlib/lib/facter/root_home.rb

      Info: Caching catalog for pe-301-master.puppetdebug.vlan
      Info: Applying configuration version '1380664174'
      Info: Creating state file /var/opt/lib/pe-puppet/state/state.yaml
      Notice: Finished catalog run in 17.62 seconds
      Error: Could not send report: Error 400 on SERVER: (<unknown>): could not find expected ':' while scanning a simple key at line 1302 column 5

      While obviously having a 1024+ character namevar is a bad idea, it shouldn't be SO bad that it prevents all future puppet runs from proceeding.

      Note: The namevar actually needs to be slightly less than 1024 chars to trigger this, since it ends up padded a bit in the yaml key, and then breaks 1024, even if the namevar itself isn't quite 1024 chars.

      One real-world example of this is that the pe_accounts module we supply with PE has defined types that generate ssh trusted key resources, with the ssh keys themselves as the namevars. This results in very long namevars in some cases, with the above problem.

      The issue is that the namevar gets set as the key of a hash in, for example, state.yaml, and the YAML spec restricts hash key length to 1024 chars.

      This appears to have not been enforced in Ruby 1.8.7, but is in 1.9.3, and is now affecting users.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                redmine.exporter redmine.exporter
              • Votes:
                3 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Zendesk Support