awx-operator icon indicating copy to clipboard operation
awx-operator copied to clipboard

Published 20 hours ago • verified publisher icon ansible

extra_settings does not add quotes around string values

Open HarishaAmeen opened this issue 3 years ago • 9 comments

ISSUE TYPE
  • Bug Report
SUMMARY

Using extra_settings its not possible to set string values to AWX setting keys as it does not encompass the string value in quotes resulting in python error as settings.py treats it as variable name hence resulting in failure to bring up web and task containers.

ENVIRONMENT
  • AWX version: 19.2.2
  • Operator version: 0.13.0
  • Kubernetes version: 1.20
  • AWX install method: kubernetes based installation using awx-operator
STEPS TO REPRODUCE

Set below extra_settings in operator template,

spec:
    extra_settings:
      - setting: AUTH_LDAP_BIND_DN
        value: "cn=admin,dc=example,dc=com"

Apply the template to deploy AWX into kubenetes namespace. kubectl apply -f <template_name.yml> -n

EXPECTED RESULTS

Operator should safely parse the extra_settings to add below line into /etc/tower/settings.py AUTH_LDAP_BIND_DN = "cn=admin,dc=example,dc=com"

And AWX containers should be able to read this key and come up fine without any errors.

ACTUAL RESULTS

Operator does not add quotes around the DN string hence causing the python execution to fail with below error.

File "/var/lib/awx/venv/awx/lib64/python3.8/site-packages/awx/asgi.py", line 12, in prepare_env() # NOQA File "/var/lib/awx/venv/awx/lib64/python3.8/site-packages/awx/init.py", line 103, in prepare_env if not settings.DEBUG: # pragma: no cover File "/var/lib/awx/venv/awx/lib64/python3.8/site-packages/django/conf/init.py", line 79, in getattr self._setup(name) File "/var/lib/awx/venv/awx/lib64/python3.8/site-packages/django/conf/init.py", line 66, in _setup self._wrapped = Settings(settings_module) File "/var/lib/awx/venv/awx/lib64/python3.8/site-packages/django/conf/init.py", line 157, in init mod = importlib.import_module(self.SETTINGS_MODULE) File "/usr/lib64/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import File "", line 991, in _find_and_load File "", line 975, in _find_and_load_unlocked File "", line 671, in _load_unlocked File "", line 783, in exec_module File "", line 219, in _call_with_frames_removed File "/var/lib/awx/venv/awx/lib64/python3.8/site-packages/awx/settings/production.py", line 62, in include(settings_file, optional(settings_files), scope=locals()) File "/var/lib/awx/venv/awx/lib64/python3.8/site-packages/split_settings/tools.py", line 107, in include exec(compiled_code, scope) # noqa: S102, WPS421 File "/etc/tower/settings.py", line 75, in AUTH_LDAP_BIND_DN = cn=admin,dc=example,dc=com NameError: name 'com' is not defined

ADDITIONAL INFORMATION
AWX-OPERATOR LOGS

No error in operator logs as config map evaluation goes through fine without any issues - https://github.com/ansible/awx-operator/blob/0.13.0/roles/installer/templates/config.yaml.j2#L93

HarishaAmeen avatar Aug 25 '21 05:08 HarishaAmeen

This seems to be an unintended side-effect of #432. If nothing else, the documentation (README) should be updated to show correctly quoting the values, as the current example doesn't work.

philipsd6 avatar Aug 25 '21 13:08 philipsd6

The example in the pr description doesn't seem to be valid yaml. I am guessing there is some better type-checking we could do here.

shanemcd avatar Aug 27 '21 17:08 shanemcd

You mean the example in the issue description? Yes, there's a typo in there, without the extra `, it should be:

spec:
    extra_settings:
      - setting: AUTH_LDAP_BIND_DN
        value: "cn=admin,dc=example,dc=com"

For the record, although using YAML block quoting works:

spec:
    extra_settings:
      - setting: AUTH_LDAP_BIND_DN
        value: >-
          "cn=admin,dc=example,dc=com"

…that's not really intuitive, as the value in the first example is already a string — we shouldn't need to quote the quotes.

philipsd6 avatar Aug 27 '21 19:08 philipsd6

You mean the example in the issue description? Yes, there's a typo in there, without the extra `, it should be:

spec:
    extra_settings:
      - setting: AUTH_LDAP_BIND_DN
        value: "cn=admin,dc=example,dc=com"

For the record, although using YAML block quoting works:

spec:
    extra_settings:
      - setting: AUTH_LDAP_BIND_DN
        value: >-
          "cn=admin,dc=example,dc=com"

…that's not really intuitive, as the value in the first example is already a string — we shouldn't need to quote the

The example in the pr description doesn't seem to be valid yaml. I am guessing there is some better type-checking we could do here.

Corrected the typo, thanks @shanemcd

HarishaAmeen avatar Aug 31 '21 06:08 HarishaAmeen

You mean the example in the issue description? Yes, there's a typo in there, without the extra `, it should be:

spec:
    extra_settings:
      - setting: AUTH_LDAP_BIND_DN
        value: "cn=admin,dc=example,dc=com"

For the record, although using YAML block quoting works:

spec:
    extra_settings:
      - setting: AUTH_LDAP_BIND_DN
        value: >-
          "cn=admin,dc=example,dc=com"

…that's not really intuitive, as the value in the first example is already a string — we shouldn't need to quote the quotes.

Thanks, this works. May be its good if we update the README for the time being so that others wont encounter the same issue.

HarishaAmeen avatar Aug 31 '21 06:08 HarishaAmeen

You mean the example in the issue description? Yes, there's a typo in there, without the extra `, it should be:

spec:
    extra_settings:
      - setting: AUTH_LDAP_BIND_DN
        value: "cn=admin,dc=example,dc=com"

For the record, although using YAML block quoting works:

spec:
    extra_settings:
      - setting: AUTH_LDAP_BIND_DN
        value: >-
          "cn=admin,dc=example,dc=com"

…that's not really intuitive, as the value in the first example is already a string — we shouldn't need to quote the quotes.

Thank you, it works for string. Do you how to make it work with list of strings like below:

    - setting: AUTH_LDAP_USER_SEARCH
      value: [ "DC=abc,DC=xyz,DC=net","(sAMAccountName=%(user)s)"]

Turn into

['DC=abc,DC=xyz,DC=net', '(sAMAccountName=%(user)s)']

How can i protect the double quotes?

Thanks

hungtran84 avatar Sep 26 '21 08:09 hungtran84

@hungtran84 have you tried to escape the "?:

    - setting: AUTH_LDAP_USER_SEARCH
      value: [ '\"DC=abc,DC=xyz,DC=net\"','\"(sAMAccountName=%(user)s)\"']

locmai avatar Sep 26 '21 08:09 locmai

@hungtran84 you can still use the yaml block escaping in list form:

spec:
  extra_settings:
    - setting: AUTH_LDAP_USER_SEARCH
      value:
        - >-
          "DC=abc,DC=xyz,DC=net"
        - >- 
          "(sAMAccountName=%(user)s)"

Although I will be the first to admit that that looks pretty funky. But you also could have just wrapped your double quoted strings in single quotes. I'm just talking about how this works in YAML -- I don't know how lists get interpolated in the template in the extra_settings context without diving back into the code.

philipsd6 avatar Oct 04 '21 16:10 philipsd6

Hello,

I have a problem with AUTH_LDAP_BIND_DN, i have a special char in my CN (special char is @ ...) It's cause crash of AWX, how to protect this char ?

Regards,

JSGUYOT avatar Jun 24 '22 16:06 JSGUYOT

What is the reason behind allowing a value for extra_settings to be something else than a string? I don't see anything like that in the docs. When using pulumi to deploy the awx CRD, I get into trouble because I want to set the value to a string, but reading the CRD, pulumi tells me that a dictionary-like variable is needed. Since I'm using python, this only results in a warning but a more type-sensitive language would not allow me to proceed any further.

mlkiefer avatar Jan 18 '23 15:01 mlkiefer