[SERVER-542] NullPointerException if PUT /certificate_status does not specify desired_state Created: 2015/04/09  Updated: 2016/05/19  Resolved: 2016/03/09

Status: Closed
Project: Puppet Server
Component/s: Puppet Server
Affects Version/s: SERVER 1.0.8, SERVER 2.0.0
Fix Version/s: SERVER 2.4.0

Type: Bug Priority: Normal
Reporter: Ruth Linehan Assignee: Erik Dasher
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Epic Link: Server- TBD tickets
Sub-team: jade
Story Points: 1
Sprint: Server Jade 2016-03-09
QA Contact: Erik Dasher


If a PUT request is made to /certificate_status that does not include a desired_state parameter, a null pointer exception gets thrown.

$ curl -k -i --cert /etc/puppetlabs/puppet/ssl/certs/precise64-1.localdomain.pem --key /etc/puppetlabs/puppet/ssl/private_keys/precise64-1.localdomain.pem --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem -X PUT -H "Content-Type: application/json" -d '{"foo_state": "signed"}' https://localhost:8140/puppet-ca/v1/certificate_status/bar
HTTP/1.1 500 Server Error
Date: Fri, 10 Apr 2015 00:33:50 GMT
X-Puppet-Version: 4.0.0-rc2
Content-Type: text/plain; charset=ISO-8859-1
Content-Length: 53
Server: Jetty(9.1.z-SNAPSHOT)
Internal Server Error: java.lang.NullPointerException

This is due to: https://github.com/rlinehan/puppet-server/blob/master/src/clj/puppetlabs/services/ca/certificate_authority_core.clj#L196

This is an issue in both Puppet Server 1.0.x and Puppet Server 2.0.0 (both stable and master branches of Puppet Server).

Comment by Kevin Corcoran [ 2016/02/24 ]

It would be better to return a 400 Bad Request with a message about the missing required parameter in the response body in this case.

Comment by Justin Stoller [ 2016/03/05 ]

For QA review purposes, this change affected the logic for when we tell our web routing framework a request is malformed/invalid. The included test is at the service unit level (in process testing passing through the web routing framework).

(That info may not be helpful for the QA review, or it could be incredibly obvious to folks who have been on the team longer than I. Let me know if it is helpful, for now it's at least helpful for me to think about what degree of testing I've put my changes through).

Generated at Sun Sep 27 15:14:17 PDT 2020 using Jira 8.5.2#805002-sha1:a66f9354b9e12ac788984e5d84669c903a370049.