salt icon indicating copy to clipboard operation
salt copied to clipboard

Published 20 hours ago verified publisher icon saltstack

[BUG] 3006.1 failing to retrieve data using `pass` text renderer

Open webdeploy-davoli-alessio opened this issue 1 year ago • 5 comments

Description Salstack pass text renderer is failing to return data as in 3006.1 from a master and a minion with the same version.

Setup I'm using salstack master on a arch linux, installed with onedir packaging following this guide.

This is the salt master config:

interface: <redacted_ip>
file_recv: True
file_roots:
  base:
    - /srv/salt
    - /srv/pillar

fileserver_backend:
  - roots
  - gitfs

gitfs_provider: pygit2
gitfs_remotes:
  - <redacted>:
    - mountpoint: salt://repos/drive

Master debug logs

[DEBUG   ] compile template: /srv/pillar/drive/secrets.sls
[DEBUG   ] The functions from module 'pass' are being loaded by dir() on the loaded module
[DEBUG   ] LazyLoaded pass.render
[PROFILE ] Time (in seconds) to render '/srv/pillar/drive/secrets.sls' using 'yaml' renderer: 0.0001838207244873047
[DEBUG   ] Fetching secret: /usr/bin/pass show <redacted_path>/password
[CRITICAL] Rendering SLS 'drive.secrets' failed, render error:
a bytes-like object is required, not 'str'
Traceback (most recent call last):
  File "/usr/lib/python3.11/site-packages/salt/pillar/__init__.py", line 919, in render_pstate
    state = compile_template(
            ^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/salt/template.py", line 99, in compile_template
    ret = render(input_data, saltenv, sls, **render_kwargs)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/salt/loader/lazy.py", line 149, in __call__
    return self.loader.run(run_func, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/salt/loader/lazy.py", line 1232, in run
    return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/salt/loader/lazy.py", line 1247, in _run_as
    return _func_or_method(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/salt/renderers/pass.py", line 192, in render
    return _decrypt_object(pass_info)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/salt/renderers/pass.py", line 181, in _decrypt_object
    obj[pass_key] = _decrypt_object(pass_path)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/salt/renderers/pass.py", line 178, in _decrypt_object
    return _fetch_secret(obj)
           ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/salt/renderers/pass.py", line 170, in _fetch_secret
    return pass_data.rstrip("\r\n")
           ^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: a bytes-like object is required, not 'str'
[CRITICAL] Pillar render error: Rendering SLS 'drive.secrets' failed. Please see master log for details.

Expected behavior In the previous version 3005.1, pass was returning secrets correctly.

Versions Report

Salt Version:
          Salt: 3006.1
 
Python Version:
        Python: 3.11.3 (main, Apr  5 2023, 15:52:25) [GCC 12.2.1 20230201]
 
Dependency Versions:
          cffi: 1.15.1
      cherrypy: Not Installed
      dateutil: Not Installed
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 3.1.2
       libgit2: 1.6.4
  looseversion: 1.1.2
      M2Crypto: 0.38.0
          Mako: Not Installed
       msgpack: 1.0.5
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     packaging: 23.1
     pycparser: 2.21
      pycrypto: Not Installed
  pycryptodome: 3.12.0
        pygit2: 1.12.1
  python-gnupg: Not Installed
        PyYAML: 6.0
         PyZMQ: 25.0.2
        relenv: 0.12.3
         smmap: Not Installed
       timelib: Not Installed
       Tornado: 4.5.3
           ZMQ: 4.3.4
 
System Versions:
          dist: arch  
        locale: utf-8
       machine: x86_64
       release: 6.3.2-arch1-1
        system: Linux
       version: Arch Linux

salt-call --local pip.list (ran from the master)

local:
    ----------
    Jinja2:
        3.1.2
    M2Crypto:
        0.38.0
    MarkupSafe:
        2.1.2
    PyYAML:
        6.0
    attrs:
        22.2.0
    cffi:
        1.15.1
    chardet:
        5.1.0
    click:
        8.1.3
    cryptography:
        40.0.2
    distro:
        1.8.0
    idna:
        3.4
    importlib-metadata:
        5.0.0
    jmespath:
        1.0.1
    looseversion:
        1.1.2
    msgpack:
        1.0.5
    packaging:
        23.1
    passwordstore:
        1.1.0
    pip:
        23.1.2
    ply:
        3.11
    psutil:
        5.9.5
    pycparser:
        2.21
    pycryptodomex:
        3.12.0
    pygit2:
        1.12.1
    pyperclip:
        1.8.2
    pyzmq:
        25.0.2
    relenv:
        0.12.3
    requests:
        2.28.2
    salt:
        3006.1
    setuptools:
        67.7.2
    systemd-python:
        235
    urllib3:
        1.26.15
    wheel:
        0.40.0
    zipp:
        3.15.0

secrets.sls

#!jinja|yaml|pass

postgresql_password: <redacted_path>/password

Thanks in advance to whoever takes care of the issue!

webdeploy-davoli-alessio avatar May 19 '23 14:05 webdeploy-davoli-alessio

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey. Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. If you have additional questions, email us at [email protected]. We’re glad you’ve joined our community and look forward to doing awesome things with you!

welcome[bot] avatar May 19 '23 14:05 welcome[bot]

installed with onedir packaging

Just a note, /usr/lib/python3.11/site-packages/salt/... suggests this is a classic installation using the system Python.

This regression seems to have been introduced by https://github.com/saltstack/salt/pull/62120. Since Python 3, subprocess.Popen().communicate() returns bytes. This is not accounted for, neither in the unit test nor the actual function.

Edit: I submitted a PR that should fix this issue, would you be able to test if the patch works for you?

lkubb avatar May 19 '23 18:05 lkubb

Just a note, /usr/lib/python3.11/site-packages/salt/... suggests this is a classic installation using the system Python.

Woops, I'll rebuild the whole configuration installing it with onedir

Edit: I submitted a PR that should fix this issue, would you be able to test if the patch works for you?

Yes!

webdeploy-davoli-alessio avatar May 19 '23 19:05 webdeploy-davoli-alessio

Woops, I'll rebuild the whole configuration installing it with onedir

I'm not sure if there are any onedir packages for Arch – afaik only the official ones are built as onedir. I don't run Arch though, so take this with a grain of salt. =)

Yes!

Perfect!

lkubb avatar May 19 '23 19:05 lkubb

Perfect!

Tested, and everything is working correctly! Thanks a lot!

I'm not sure if there are any onedir packages for Arch – afaik only the official ones are built as onedir. I don't run Arch though, so take this with a grain of salt. =)

Ooook, thanks again!

webdeploy-davoli-alessio avatar May 19 '23 19:05 webdeploy-davoli-alessio

@webdeploy-davoli-alessio Closing this based on your last comment. Thanks.

dwoz avatar Jun 22 '24 08:06 dwoz