Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

acl.present: TypeError on subsequent runs #31270

Closed
4001982248998 opened this issue Feb 17, 2016 · 6 comments · Fixed by #33172
Closed

acl.present: TypeError on subsequent runs #31270

4001982248998 opened this issue Feb 17, 2016 · 6 comments · Fixed by #33172
Labels
Bug broken, incorrect, or confusing behavior Confirmed Salt engineer has confirmed bug/feature - often including a MCVE P2 Priority 2 Platform Relates to OS, containers, platform-based utilities like FS, system based apps severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around State-Module
Milestone
Approved

Comments

@4001982248998
Copy link

Description

I think I have hit a bug with setting linux file acls:

ACLs are set correctly (albeit a change is not reported), but subsequent runs throw a TypeError.

Example:

/tmp/testdir/:
  acl.present:
    - acl_type: user
    - acl_name: root
    - perms: r-x

When executed, this sets ACLs correctly. Note that no change is being reported (green text):

          ID: /tmp/testdir/
    Function: acl.present
      Result: True
     Comment: Permissions will be applied
     Started: 14:01:36.454709
    Duration: 71.794 ms
     Changes:

When executed a second time, this error is thrown (red text):

          ID: /tmp/testdir/
    Function: acl.present
      Result: False
     Comment: An exception occurred in this state: Traceback (most recent call last):
                File "/usr/lib/python2.7/dist-packages/salt/state.py", line 1624, in call
                  **cdata['kwargs'])
                File "/usr/lib/python2.7/dist-packages/salt/loader.py", line 1491, in wrapper
                  return f(*args, **kwargs)
                File "/usr/lib/python2.7/dist-packages/salt/states/linux_acl.py", line 77, in present
                  if user[acl_name]['octal'] == sum([_octal.get(i, i) for i in perms]):
              TypeError: unsupported operand type(s) for +: 'int' and 'str'
     Started: 14:09:49.598612
    Duration: 37.613 ms
     Changes:

Versions

Master

salt --versions-report
Salt Version:
           Salt: 2015.8.5

Dependency Versions:
         Jinja2: 2.7.3
       M2Crypto: Not Installed
           Mako: Not Installed
         PyYAML: 3.11
          PyZMQ: 14.4.0
         Python: 2.7.9 (default, Mar  1 2015, 12:57:24)
           RAET: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.0.5
           cffi: 0.8.6
       cherrypy: Not Installed
       dateutil: 2.2
          gitdb: 0.5.4
      gitpython: 0.3.2 RC1
          ioflo: Not Installed
        libgit2: Not Installed
        libnacl: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.4.2
   mysql-python: 1.2.3
      pycparser: 2.10
       pycrypto: 2.6.1
         pygit2: Not Installed
   python-gnupg: Not Installed
          smmap: 0.8.2
        timelib: Not Installed

System Versions:
           dist: debian 8.3 
        machine: x86_64
        release: 3.16.0-4-amd64
         system: debian 8.3

Minion

salt-minion --versions-report
Salt Version:
           Salt: 2015.8.5

Dependency Versions:
         Jinja2: 2.7.2
       M2Crypto: Not Installed
           Mako: 0.9.1
         PyYAML: 3.10
          PyZMQ: 14.0.1
         Python: 2.7.6 (default, Jun 22 2015, 17:58:13)
           RAET: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.0.4
           cffi: Not Installed
       cherrypy: Not Installed
       dateutil: 1.5
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
        libgit2: Not Installed
        libnacl: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.3.0
   mysql-python: 1.2.3
      pycparser: Not Installed
       pycrypto: 2.6.1
         pygit2: Not Installed
   python-gnupg: Not Installed
          smmap: Not Installed
        timelib: Not Installed

System Versions:
           dist: Ubuntu 14.04 trusty
        machine: x86_64
        release: 3.13.0-77-generic
         system: Ubuntu 14.04 trusty
@jfindlay jfindlay added State-Module Bug broken, incorrect, or confusing behavior severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around Platform Relates to OS, containers, platform-based utilities like FS, system based apps P2 Priority 2 labels Feb 17, 2016
@jfindlay jfindlay added this to the Approved milestone Feb 17, 2016
@jfindlay
Copy link
Contributor

@svenehret, thanks for the report.

@timwsuqld
Copy link

I'm also hitting this. Any ideas what we need to do to fix it?

Kurocon added a commit to Kurocon/salt that referenced this issue May 11, 2016
@Kurocon
linux_acl: Allow '-' as a separation character in ACL permissions. Fixes
a5675cf 
 saltstack#31270

This allows using acl states with things like '- perms: r-x' or '- perms: r--', which also works when manually setting ACL's using setfacl.
@Kurocon Kurocon mentioned this issue May 11, 2016
Merged
@jfindlay
Copy link
Contributor

@timwsuqld, you can construct a state with cmd.run and call the shell utils directly. Here is what I get when I run the state:

# cat /srv/salt/test.sls 
/tmp/testdir/:
  acl.present:
    - acl_type: user
    - acl_name: root
    - perms: r-x
# salt jmoney-main state.apply test
jmoney-main:
----------
          ID: /tmp/testdir/
    Function: acl.present
      Result: False
     Comment: An exception occurred in this state: Traceback (most recent call last):
                File "/root/salt/salt/state.py", line 1626, in call
                  **cdata['kwargs'])
                File "/root/salt/salt/loader.py", line 1492, in wrapper
                  return f(*args, **kwargs)
                File "/root/salt/salt/states/linux_acl.py", line 68, in present
                  _current_perms = __current_perms[name]
              KeyError: '/tmp/testdir/'
     Started: 13:56:15.526489
    Duration: 19.233 ms
     Changes:   

Summary for jmoney-main
------------
Succeeded: 0
Failed:    1
------------
Total states run:     1
ERROR: Minions returned with non-zero exit code
# salt --versions
Salt Version:
           Salt: 2015.8.8.2

Dependency Versions:
         Jinja2: 2.7.3
       M2Crypto: 0.21.1
           Mako: 1.0.0
         PyYAML: 3.11
          PyZMQ: 14.4.0
         Python: 2.7.9 (default, Mar  1 2015, 12:57:24)
           RAET: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.0.5
           cffi: 0.8.6
       cherrypy: Not Installed
       dateutil: Not Installed
          gitdb: 0.5.4
      gitpython: 0.3.2 RC1
          ioflo: Not Installed
        libgit2: Not Installed
        libnacl: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.4.2
   mysql-python: Not Installed
      pycparser: 2.10
       pycrypto: 2.6.1
         pygit2: Not Installed
   python-gnupg: Not Installed
          smmap: 0.8.2
        timelib: Not Installed

System Versions:
           dist: debian 8.4 
        machine: x86_64
        release: 3.16.0-4-amd64
         system: debian 8.4

@jfindlay jfindlay added the Confirmed Salt engineer has confirmed bug/feature - often including a MCVE label May 11, 2016
cachedout pushed a commit that referenced this issue May 16, 2016
@Kurocon
linux_acl: Allow '-' as a separation character in ACL permissions. Fixes
2f76a2d 
 #31270 (#33172)

This allows using acl states with things like '- perms: r-x' or '- perms: r--', which also works when manually setting ACL's using setfacl.
gitebra pushed a commit to gitebra/salt that referenced this issue May 16, 2016
@jojohans
Merge commit '319a4d8288697de13b52b6f9e8ccf680820ea60f' into develop
584e2dc 
* commit '319a4d8288697de13b52b6f9e8ccf680820ea60f':
  Files without pkg.owner are not skipped (saltstack#33202)
  Fix two pure python errors causing UnboundLocalErrors (saltstack#33268)
  postgres.db_create: fix handling of empty string (saltstack#33261)
  new runner for vistara (saltstack#33263)
  linux_acl: Allow '-' as a separation character in ACL permissions. Fixes saltstack#31270 (saltstack#33172)
  Unbreak passwd change/expire reading on OpenBSD (saltstack#33227)
@timwsuqld
Copy link

Any chance of this being backported to 2015.8?

@jfindlay
Copy link
Contributor

Ping @rallytime.

rallytime pushed a commit to rallytime/salt that referenced this issue May 17, 2016
@Kurocon
linux_acl: Allow '-' as a separation character in ACL permissions. Fixes
87d02eb 
 saltstack#31270 (saltstack#33172)

This allows using acl states with things like '- perms: r-x' or '- perms: r--', which also works when manually setting ACL's using setfacl.
@rallytime
Copy link
Contributor

rallytime commented May 17, 2016
edited
Loading

Back-ported to 2015.8 in #33305.

cachedout pushed a commit that referenced this issue May 17, 2016
linux_acl: Allow '-' as a separation character in ACL permissions. Fixes
22c4331 
 #31270 (#33172) (#33305)

This allows using acl states with things like '- perms: r-x' or '- perms: r--', which also works when manually setting ACL's using setfacl.
gitebra pushed a commit to gitebra/salt that referenced this issue May 18, 2016
@jojohans
Merge remote-tracking branch 'upstream/develop' into develop
383597b 
* upstream/develop: (23 commits)
  Don't merge-forward the change to salt/scripts.py
  Cleanup comments in smbios.get output (fixes saltstack#33266) (saltstack#33306)
  Back-port saltstack#32993 to 2016.3 (saltstack#33304)
  Fix iptables --match-set (saltstack#23643) (saltstack#33314)
  Improve package verification documentation
  Accept verify_options and ignore_types as a comma-separated list
  Fix minion start retry on Windows (2016.3) (saltstack#33285)
  update 2015.8.9 release notes (saltstack#33310)
  Added some more docs for master and minion config settings (saltstack#33292)
  linux_acl: Allow '-' as a separation character in ACL permissions. Fixes saltstack#31270 (saltstack#33172) (saltstack#33305)
  Server Density agentv2 support (saltstack#32772) (saltstack#33303)
  man pages updated (saltstack#33307)
  Fix iptables --match-set (saltstack#23643) (saltstack#33301)
  Handle more ipv6 error as an exception saltstack#33299 (saltstack#33300)
  Ignore retcode when checking service's status (saltstack#33294)
  fix "loose" typo (saltstack#33290)
  Fix minion start retry on Windows
  Add auth_tries config option to minion.rst docs (saltstack#33287)
  Document new master and minion config opts for 2016.3.0
  Document minion_id_caching config value (saltstack#33282)
  ...
@timwsuqld timwsuqld mentioned this issue Jun 10, 2016
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug broken, incorrect, or confusing behavior Confirmed Salt engineer has confirmed bug/feature - often including a MCVE P2 Priority 2 Platform Relates to OS, containers, platform-based utilities like FS, system based apps severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around State-Module
Projects
None yet
Milestone
Approved
Development

Successfully merging a pull request may close this issue.

linux_acl: Allow '-' as a separation character in ACL permissions. Fi… Kurocon/salt
4 participants
@jfindlay @4001982248998 @timwsuqld @rallytime