Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipset with comment is broken in 3004 #61122

Closed
cod88 opened this issue Oct 25, 2021 · 2 comments · Fixed by #63065
Closed

ipset with comment is broken in 3004 #61122

cod88 opened this issue Oct 25, 2021 · 2 comments · Fixed by #63065
Assignees
@Ch3LL
Labels
Bug broken, incorrect, or confusing behavior Regression The issue is a bug that breaks functionality known to work in previous releases. severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around
Milestone
Sulfur v3006.0

Comments

@cod88
Copy link

cod88 commented Oct 25, 2021
edited
Loading

Description
ipset with comment is broken in 3004

Setup

Linux CentOS 7.9

Steps to Reproduce the behavior
salt-call state.single ipset.present name=salt-3004 set_name=ssh_allow_ip entry='1.1.1.1' comment='cloudflare test'

Expected behavior

local:
----------
          ID: salt-3004
    Function: ipset.present
      Result: True
     Comment: entry 1.1.1.1 comment "cloudflare test" added to set ssh_allow_ip for family ipv4
     Started: 13:08:17.972071
    Duration: 45.026 ms
     Changes:   
              ----------
              locale:
                  salt-3004

Summary for local
------------
Succeeded: 1 (changed=1)

Actual behavior

salt-call state.single ipset.present name=salt-3004 set_name=ssh_allow_ip entry='1.1.1.1' comment='cloudflare test'
local:
----------
          ID: salt-3004
    Function: ipset.present
      Result: False
     Comment: Failed to add to entry 1.1.1.1 comment "cloudflare test" to set ssh_allow_ip for family ipv4.
              Error: ipset v7.1: Syntax error: cannot parse 1.1.1.1 comment "cloudflare test": resolving to IPv4 address failed
     Started: 13:09:48.364796
    Duration: 31.464 ms
     Changes:   

Summary for local
------------
Succeeded: 0
Failed:    1

same for ipset.set_present:

# salt-call state.single ipset.set_present name=salt-3004 set_type=hash:net comment=True

local:
----------
          ID: salt-3004
    Function: ipset.set_present
      Result: False
     Comment: Failed to create set salt-3004 for ipv4: ipset v7.1: Syntax error: unknown inet family ['/usr/sbin/ipset', 'create', 'salt-3004', 'hash:net', 'family', [...], 'inet', 'comment']
     Started: 07:35:08.999186
    Duration: 25.849 ms
     Changes:

Versions Report

salt --versions-report

Salt Version:
Salt: 3004

Dependency Versions:
cffi: Not Installed
cherrypy: Not Installed
dateutil: 2.4.2
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
Jinja2: 2.11.1
libgit2: Not Installed
M2Crypto: 0.35.2
Mako: Not Installed
msgpack: 0.6.2
msgpack-pure: Not Installed
mysql-python: Not Installed
pycparser: Not Installed
pycrypto: Not Installed
pycryptodome: Not Installed
pygit2: Not Installed
Python: 3.6.8 (default, Nov 16 2020, 16:55:22)
python-gnupg: Not Installed
PyYAML: 3.13
PyZMQ: 17.0.0
smmap: Not Installed
timelib: Not Installed
Tornado: 4.5.3
ZMQ: 4.1.4

System Versions:
dist: centos 7 Core
locale: UTF-8
machine: x86_64
release: 3.10.0-1127.el7.x86_64
system: Linux
version: CentOS Linux 7 Core

Additional context
I am pretty sure it was broken in commit 0e46c14.

cmd is list now, not string and ipset binary doesn't work

commit 0e46c14907f1c63c9bd7206ed3a7dd59e59e0800
Author: Pedro Algarvio <***@***.**>
Date:   Mon Sep 13 14:59:47 2021 +0100

    Fix and migrate ``tests/unit/modules/test_ipset.py`` to PyTest

diff --git a/salt/modules/ipset.py b/salt/modules/ipset.py
index 4191932aa1..c93c28f487 100644
--- a/salt/modules/ipset.py
+++ b/salt/modules/ipset.py
.
.
.
.
@@ -483,7 +483,7 @@ def add(name=None, entry=None, family="ipv4", **kwargs):
 
     settype = setinfo["Type"]
 
-    cmd = "{}".format(entry)
+    cmd = [_ipset_cmd(), "add", "-exist", name, entry]
 
     if "timeout" in kwargs:
         if "timeout" not in setinfo["Header"]:
@@ -505,14 +505,13 @@ def add(name=None, entry=None, family="ipv4", **kwargs):
 
     for item in _ADD_OPTIONS[settype]:
         if item in kwargs:
-            cmd = "{} {} {}".format(cmd, item, kwargs[item])
+            cmd.extend([item, kwargs[item]])
 
     current_members = _find_set_members(name)
-    if cmd in current_members:
-        return "Warn: Entry {} already exists in set {}".format(cmd, name)
+    if entry in current_members:
+        return "Warn: Entry {} already exists in set {}".format(entry, name)
 
     # Using -exist to ensure entries are updated if the comment changes
-    cmd = "{} add -exist {} {}".format(_ipset_cmd(), name, cmd)
     out = __salt__["cmd.run"](cmd, python_shell=False)
 
     if not out:
@cod88 cod88 added Bug broken, incorrect, or confusing behavior needs-triage labels Oct 25, 2021
@welcome
Copy link

welcome bot commented Oct 25, 2021

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at [email protected]. We’re glad you’ve joined our community and look forward to doing awesome things with you!

@OrangeDog OrangeDog added Regression The issue is a bug that breaks functionality known to work in previous releases. severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around Silicon v3004.0 Release code name and removed needs-triage labels Oct 26, 2021
@OrangeDog OrangeDog added this to the Approved milestone Oct 26, 2021
@anilsil anilsil modified the milestones: Approved, Phosphorus v3005.0 Oct 26, 2021
@anilsil anilsil removed the Silicon v3004.0 Release code name label Oct 26, 2021
@Ch3LL Ch3LL assigned Ch3LL and unassigned krionbsd Nov 7, 2022
@Ch3LL Ch3LL mentioned this issue Nov 15, 2022
Merged
@Ch3LL
Copy link
Contributor

Ch3LL commented Nov 15, 2022

Can you test this fix please: #63065

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Ch3LL Ch3LL

Labels
Bug broken, incorrect, or confusing behavior Regression The issue is a bug that breaks functionality known to work in previous releases. severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around
Projects
None yet
Milestone
Sulfur v3006.0
Development

Successfully merging a pull request may close this issue.

Fix ipset state when the comment kwarg is set. Ch3LL/salt
5 participants
@OrangeDog @anilsil @Ch3LL @krionbsd @cod88