The web-interface dose not handle smart class parameters that contain templates correctly
I found that in my installation (Foreman 1.9, RHEL/CentOS 7.1 with the web dashboard used on a Windows 7 computer with Chrome) Foreman will allow for smart parameters with <%= %> escaped variable lookup. However, once they are saved using the web-interface, the entire smart parameter will be displayed with escape sequences. For example, new lines will be replaced by \n\r and quotation marks will be replaced with \". However, if the form is saved a second time, Foreman will treat these escape characters of part of the value. If the user is lucky, Foreman will detect a syntax error and stop the form from being saved. If the user is unlucky, the form will be saved and the user will be stuck wondering what went wrong the next time Puppet is run. If the user is really unlucky, he or she could edit another item on the same form, override the value, and not even know the value was changed, making it hard to debug.
Please note that while the bug is easy to replicate it is not 100% consistent. I have run into it mostly when editing default values. I don't know if it is limited to those default values. Also, I have ran into this bug when setting string values in yamel in the form "2351-5839" (i.e. ranges of ports). So the bug may be more widespread then when templates are used.
In terms of fixes, I hope the (undocumented?) feature that escaped variable lookup can be added to smart parameter values will remain. It is very useful in some cases. Also, while I understand the need to escape some smart parameters, I do find the escaped values harder to edit. As such, I hope the bug can be fixed by giving the user the text after the escapes were processed (although it is more important that the load and save is consistent)
One Smart Parameter I use is a Hash with the value:
inject: true inject_as_id: mon. inject_keyring: "/var/lib/ceph/mon/ceph-<%= @host.shortname %>/keyring"
This works well. However, when I save it and reload the form, Foreman displays
--- ! "inject: true\r\ninject_as_id: mon.\r\ninject_keyring: \"/var/lib/ceph/mon/ceph-<%= @host.shortname %>/keyring\""
which Foreman will treat as the verbatim value (i.e. will not escape the values with '\', I have not checked if it processes the <%= @host.shortname %>). Needless to say, the new value dose not work.
p.s. This is my first time reporting a bug. I was unable to find guidelines as to how to set the Priority. Due to the possible corruption of server settings that I discussed above, I have set it to Urgent. However, I would understand if the admins wish to set it to a lower value.
#3 Updated by Dominic Cleal over 6 years ago
- Status changed from New to Duplicate
Thanks for the report. I'm going to mark this as a dupe of #12095 which was filed yesterday, and continue tracking it there - it seems to cover the same, that when using ERB (<%=) inside of a parameter, it's causing the extra escaping. I think #11375 only applies to overrides from a host or host group, but this issue seems to affect the default value and Puppet class edit form too.