Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-2779

palimpsest effect in cf-agent verbose mode

    XMLWordPrintable

    Details

    • Platform:
      RHEL or CentOS
    • Steps to reproduce:
      Manual steps provided
    • Complexity:
      S

      Description

      pal·imp·sest
      noun
      a manuscript or piece of writing material on which the original writing has been effaced to make room for later writing but of which traces remain.

      https://www.google.com/search?q=define+palimpsest

      Summary: When looking in cf-agent -v output, we see traces of prior bundles. This is confusing - and concerning, seems it seems there is some kind of data leakage .

      We observed this on 3.7.3, and it is still present in 3.10.3.

      How to reproduce:

      Create a simple policy with two bundles, the first is parameterized and the second not:

      bundle agent main {
      
      methods:
      
        "any" usebundle => one("apple");
        "any" usebundle => two;
      
      }
      
      bundle agent one (x) {
      
      reports:
        "$(x)";
      
      }
      
      bundle agent two {
      
      reports:
      
      "II";
      
      }
      

      Now run it, and you will see that the parameter is reported for the first AND SECOND bundle – even thought the second bundle was NOT parameterized!

      verbose: END Discovered hard classes
       verbose: ----------------------------------------------------------------
       verbose: ----------------------------------------------------------------
       verbose:  Preliminary variable/class-context convergence 
       verbose: ----------------------------------------------------------------
       verbose: Setting minimum acceptable TLS version: 1.0
       verbose: ----------------------------------------------------------------
       verbose:  Begin policy/promise evaluation 
       verbose: ----------------------------------------------------------------
       verbose: Using bundlesequence =>  {"main"}
       verbose: B: *****************************************************************
       verbose: B: BEGIN bundle main
       verbose: B: *****************************************************************
       verbose: P: .........................................................
       verbose: P: BEGIN promise 'promise_example_cf_5' of type "methods" (pass 1)
       verbose: P:    Promiser/affected object: 'any'
       verbose: P:    From parameterized bundle: main( {"apple"})
       verbose: P:    Base context class: any
       verbose: P:    Stack path: /default/main/methods/'any'[1]
       verbose: B: *****************************************************************
       verbose: B: BEGIN bundle one( {"apple"})
       verbose: B: *****************************************************************
       verbose: V:     +  Private parameter: 'x' in scope 'one' (type: s) in pass 1
       verbose: P: .........................................................
       verbose: P: BEGIN promise 'promise_example_cf_13' of type "reports" (pass 1)
       verbose: P:    Promiser/affected object: 'apple'
       verbose: P:    From parameterized bundle: one( {"apple"})
       verbose: P:    Base context class: any
       verbose: P:    Stack path: /default/main/methods/'any'/default/one/reports/'apple'[1]
      R: apple
       verbose: A: Promise was KEPT
       verbose: P: END reports promise (apple)
       verbose: A: ...................................................
       verbose: A: Bundle Accounting Summary for 'one' in namespace default
       verbose: A: Promises kept in 'one' = 1
       verbose: A: Promises not kept in 'one' = 0
       verbose: A: Promises repaired in 'one' = 0
       verbose: A: Aggregate compliance (promises kept/repaired) for bundle 'one' = 100.0%
       verbose: A: ...................................................
       verbose: Additional promise info: source path '/tmp/example.cf' at line 5
       verbose: Method 'one' verified
       verbose: B: *****************************************************************
       verbose: B: END bundle one
       verbose: B: *****************************************************************
       verbose: A: Promise was KEPT
       verbose: P: END methods promise (any)
       verbose: P: .........................................................
       verbose: P: BEGIN promise 'promise_example_cf_6' of type "methods" (pass 1)
       verbose: P:    Promiser/affected object: 'any'
       verbose: P:    From parameterized bundle: main( {"apple"})
       verbose: P:    Base context class: any
       verbose: P:    Stack path: /default/main/methods/'any'[1]
       verbose: B: *****************************************************************
       verbose: B: BEGIN bundle two
       verbose: B: *****************************************************************
       verbose: P: .........................................................
       verbose: P: BEGIN promise 'promise_example_cf_21' of type "reports" (pass 1)
       verbose: P:    Promiser/affected object: 'II'
       verbose: P:    From parameterized bundle: two( {"apple"})
       verbose: P:    Base context class: any
       verbose: P:    Stack path: /default/main/methods/'any'/default/two/reports/'II'[1]
      R: II
       verbose: A: Promise was KEPT
       verbose: P: END reports promise (II)
       verbose: A: ...................................................
       verbose: A: Bundle Accounting Summary for 'two' in namespace default
       verbose: A: Promises kept in 'two' = 1
       verbose: A: Promises not kept in 'two' = 0
       verbose: A: Promises repaired in 'two' = 0
       verbose: A: Aggregate compliance (promises kept/repaired) for bundle 'two' = 100.0%
       verbose: A: ...................................................
       verbose: Additional promise info: source path '/tmp/example.cf' at line 6
       verbose: Method 'two' verified
       verbose: B: *****************************************************************
       verbose: B: END bundle two
       verbose: B: *****************************************************************
       verbose: A: Promise was KEPT
       verbose: P: END methods promise (any)
       verbose: A: ...................................................
       verbose: A: Bundle Accounting Summary for 'main' in namespace default
       verbose: A: Promises kept in 'main' = 4
       verbose: A: Promises not kept in 'main' = 0
       verbose: A: Promises repaired in 'main' = 0
       verbose: A: Aggregate compliance (promises kept/repaired) for bundle 'main' = 100.0%
       verbose: A: ...................................................
       verbose: B: *****************************************************************
       verbose: B: END bundle main
       verbose: B: *****************************************************************
       verbose: Generate diff state reports for policy '/tmp/example.cf' SKIPPED
       verbose: No lock purging scheduled
       verbose: Outcome of version (not specified) (agent-0): Promises observed - Total promise compliance: 100% kept, 0% repaired, 0% not kept (out of 4 events). User promise compliance: 100% kept, 0% repaired, 0% not kept (out of 4 events). CFEngine system compliance: 0% kept, 0% repaired, 0% not kept (out of 0 events).
      

      Specifically:

       verbose: P:    From parameterized bundle: two( {"apple"})
      

      The bundle two was not parameterized.

        Attachments

          Activity

            People

            • Assignee:
              vpodzime Vratislav Podzimek
              Reporter:
              atsaloli Aleksey Tsalolikhin
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Summary Panel