Jira (PUP-6978) Distinguish errors in ClassInformationService response for class located in improper manifest file

0 views
Skip to first unread message

Jeremy Barlow (JIRA)

unread,
Dec 6, 2016, 3:34:03 PM12/6/16
to puppe...@googlegroups.com
Jeremy Barlow created an issue
 
Puppet / Improvement PUP-6978
Distinguish errors in ClassInformationService response for class located in improper manifest file
Issue Type: Improvement Improvement
Assignee: Unassigned
Created: 2016/12/06 12:33 PM
Priority: Normal Normal
Reporter: Jeremy Barlow

Currently, if a manifest file includes the name of a class which would not actually be included in an agent's catalog because the class name does not match the file hierarchy on disk, a call to Puppet::InfoService::ClassInformationService.classes_per_environment will return all of the information for the class without indicating any sort of an error.

For example, I might have a class named "mymodule::myclass" which resides under /etc/puppetlabs/code/environments/production/modules/mymodule/somedir/myclass.pp. If I were to have an "include" for that class in the site.pp, /etc/puppetlabs/code/environments/production/manifests/site.pp, a catalog compilation wouldn't find the class - because of the intermediate "somedir" subdirectory in the module. The ClassInformationService.classes_per_environment call, however, will still return information for the "mymodule::myclass" class with no indication of a problem (assuming the manifest is otherwise well-formed).

The most common consumer for this data, the PE Node Manager, does not have any special knowledge in it about whether a class could be included in a catalog based on its manifest location and, therefore, would inappropriately end up displaying the class to a user in the PE console. It would be better to somehow filter these classes out from the UI. If a response from the ClassInformationService.classes_per_environment were to instead somehow mark the class as having an error, the Node Manager would have more flexibility to know how to filter it out – or maybe, even better, notify the user about the existence of the class but highlight the error.

We could apply the error logic at different levels - Node Manager, Puppet Server (behind the environment_classes HTTP API), or core Puppet (behind the ClassInformationService). I tend to think, though, that doing this behind the ClassInformationService would be best in that it would encapsulate the knowledge about manifest processing closer to the code that handles catalog compilation.

Assuming we go with the approach of adding some error handling logic to the ClassInformationService.classes_per_environment call for this case, I think it might be best to still include at least the class name (and possibly its parameters as well) in the information for the parsed manifest but introduce a new optional "error" key under the class with some sort of message about how the class name was unexpected for the manifest file in which it was found. Including all of the other information which was successfully parsed for the offending manifest could open up some possibilities later on for however we might want to message the error to users.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe)
Atlassian logo

Jeremy Barlow (JIRA)

unread,
Dec 6, 2016, 3:38:04 PM12/6/16
to puppe...@googlegroups.com
Jeremy Barlow commented on Improvement PUP-6978
 
Re: Distinguish errors in ClassInformationService response for class located in improper manifest file

Henrik Lindberg, I'd be interested in getting your take on this one. Note that this came up in a support escalation recently. /CC Patrick Carlisle and Erik Hansen.

Jeremy Barlow (JIRA)

unread,
Dec 6, 2016, 3:43:03 PM12/6/16
to puppe...@googlegroups.com
Jeremy Barlow updated an issue
 
Change By: Jeremy Barlow
Component/s: Puppet Server

Henrik Lindberg (JIRA)

unread,
Dec 6, 2016, 3:51:02 PM12/6/16
to puppe...@googlegroups.com
Henrik Lindberg commented on Improvement PUP-6978
 
Re: Distinguish errors in ClassInformationService response for class located in improper manifest file

yeah, so puppet does not have a strict name/container rule because it is sometimes used to load different versions of classes (in lieu of having actual modularity and ability to alias). This means that you may need to include one class first in order to get other included as they cannot be autoloaded directly.

This is not something everyone does, and such "inner aliases classes" would typically be private to a module and should if we had private classes implemented not be seen in the info API.

So if we skip those classes that so to say break the rule on purpose, it is possible to validate if definitions (classes) are defined in an autoloadable way.
I can imagine issuing a warning for that (and those are included in the return in the info API IIRC). We do not have such a validator implemented so it is a bit more work than simply turning something on.

Jeremy Barlow (JIRA)

unread,
Dec 6, 2016, 5:29:03 PM12/6/16
to puppe...@googlegroups.com
Jeremy Barlow commented on Improvement PUP-6978

Henrik Lindberg thanks for that. Yeah, I think if we could somehow add some logic behind the ClassInformationService to see if a class found in a manifest is defined such that it could be autoloaded during a catalog compilation and return back an error/warning if not (so that the Classifier could avoid presenting it to the user as something that can be associated with a node) that we would meet the need here. I definitely understand how that could be a fair bit of work.

In terms of the API, I know we reserved an :error key in the hash associated with each individual file name. Not sure if we already reserved an :error or :warning at the level of a class within a filename? Do you think it would make sense to add the message at the class level for the case that a non-autoloadable class is being returned in the response?

Jeremy Barlow (JIRA)

unread,
Dec 6, 2016, 7:02:02 PM12/6/16
to puppe...@googlegroups.com
Jeremy Barlow updated an issue
Change By: Jeremy Barlow
Component/s: Puppet Server

Henrik Lindberg (JIRA)

unread,
Dec 7, 2016, 5:08:02 AM12/7/16
to puppe...@googlegroups.com
Henrik Lindberg commented on Improvement PUP-6978
 
Re: Distinguish errors in ClassInformationService response for class located in improper manifest file

Right now, the :error key is either "file not found", or the final message produce by validation (the standard validation). Since a file can contain both autoloadable and non autoloadable content it is best if the information is associated with the class - that is next to the name and params information under the class.
While we could use some kind of warnings_or_errors related to each class it seems like an overkill.

As an alternative we could return a separate array with the names of classes that are not autoloadable. This would save space since we assume all classes to be autoloadable. For those you may want to include file and line as well, so a hash by class with file and line as information.

An even fancier option would be to also indicate what needs to be loaded (another class) for the class to become available.

Jeremy Barlow (JIRA)

unread,
Dec 12, 2016, 12:29:02 PM12/12/16
to puppe...@googlegroups.com
Jeremy Barlow commented on Improvement PUP-6978

Having the :error key next to the offending class would seem reasonable to me, assuming that maybe for space-saving purposes that we'd only need to include the key if one or more errors had been encountered. I'm also open to the approach of having a separate array with the names of the offending classes, if you'd prefer to go that way, so long as it will be feasible for the ultimate consumer of the info - e.g., the Node Classifier - to be able to clearly associate the error to the corresponding class without having to do any special manipulation of the payload.

I also wanted to take a step back to make sure that the motivation for this ticket is clear. The user who encountered this problem had the same class name in two different manifests but with differing parameters in each. Using the mymodule::myclass example from the description again, let's say that the class was in the following manifests:

  • /etc/puppetlabs/code/environments/production/modules/mymodule/manifests/myclass.pp
  • /etc/puppetlabs/code/environments/production/modules/mymodule/manifests/somedir/myclass.pp

Currently, Puppet Server will discover both of these manifests and ask the ClassInformationService to parse them. The ClassInformationService would return information for the mymodule::myclass in both manifests, along with the corresponding parameter information found for each. No indication of a problem with the duplication is included in the response payload today.

If an include mymodule::myclass were to appear in the /etc/puppetlabs/code/environments/production/manifests/site.pp file, the class definition which would be used would, I believe, always be the one from the .../mymodule/manifests/myclass.pp and never the one from the .../mymodule/manifests/somedir/myclass.pp file. If one were to remove the .../mymodule/manifests/myclass.pp file, leaving the .../mymodule/manifests/somedir/myclass.pp file in place, I believe the include command would fail because the compiler would still not consider .../mymodule/manifests/somedir to be an appropriate location in which to find a class named mymodule::myclass.

For the case that both of the classes with the same name were present in different manifests, I think it would be useful to have the ClassInformationService response continue to include information for both classes, per manifest in which the classes were found. If an error could be tagged onto the response for the class which exists at .../mymodule/manifests/somedir and the Node Classifier could then use that to prevent the parameters for the class definition which could not be used during an actual catalog compilation from being used in the classification UI, I think we'd satisfy the initial request which led to this ticket being created.

It sounds good to me if we wanted to going further than this duplicate class definition case and tag errors for other cases - like where a class could be loaded but only if another class were defined and loaded first. But maybe it would be good to do that as a separate ticket depending upon how involved that may end up being.

Jeremy Barlow (JIRA)

unread,
Dec 12, 2016, 12:30:03 PM12/12/16
to puppe...@googlegroups.com
Jeremy Barlow updated an issue
Change By: Jeremy Barlow
CS Priority: Needs Priority

Jeremy Barlow (JIRA)

unread,
Dec 12, 2016, 12:31:03 PM12/12/16
to puppe...@googlegroups.com
Jeremy Barlow commented on Improvement PUP-6978
 
Re: Distinguish errors in ClassInformationService response for class located in improper manifest file

I don't have any recommendations for this ticket in terms of urgency. I tagged this as "Needs Priority" to see what the "CS" team thinks about this issue.

Maggie Dreyer (JIRA)

unread,
May 16, 2017, 3:02:17 PM5/16/17
to puppe...@googlegroups.com
Maggie Dreyer updated an issue
 
Change By: Maggie Dreyer
Labels: triaged

Moses Mendoza (JIRA)

unread,
May 18, 2017, 1:54:02 PM5/18/17
to puppe...@googlegroups.com

Moses Mendoza (JIRA)

unread,
May 18, 2017, 1:55:01 PM5/18/17
to puppe...@googlegroups.com
Moses Mendoza updated an issue
 
Change By: Moses Mendoza
Team: Agent

Henrik Lindberg (JIRA)

unread,
May 19, 2017, 8:54:02 AM5/19/17
to puppe...@googlegroups.com
Henrik Lindberg commented on Improvement PUP-6978
 
Re: Distinguish errors in ClassInformationService response for class located in improper manifest file

I believe we have a ticket in the "5.y Validation" epic about not accepting classes that are defined where they are forbidden (main focus on top scope). Details not worked out. When we have that, the things discussed here would be solved by that ticket since there would be errors from regular validation.

It is however complex as users want to be able to validate a file out of context, and want to be able to experiment with snippets in a simple .pp file and use apply to figure out how things work.

In any case, "5.y Validation" is a suitable epic - so I added this there.

Henrik Lindberg (JIRA)

unread,
May 19, 2017, 8:57:02 AM5/19/17
to puppe...@googlegroups.com

An option for the use cases here would be to include information if the class is autoloadable or not. Only those where there is a mapping from name to file can be autoloaded. (But the rules are more complex than a 1:1 name <=> file, as there is a search).

Josh Cooper (Jira)

unread,
Jun 10, 2021, 3:11:01 PM6/10/21
to puppe...@googlegroups.com
Josh Cooper commented on Improvement PUP-6978

Due to the validation ticket Henrik Lindberg mentioned the environment classes endpoint no longer returns class information:

# curl -sf -k --cert /etc/puppetlabs/puppet/ssl/certs/big-swarm.delivery.puppetlabs.net.pem --key /etc/puppetlabs/puppet/ssl/private_keys/big-swarm.delivery.puppetlabs.net.pem -X GET -H 'Accept: application/json' 'https://big-swarm.delivery.puppetlabs.net:8140/puppet/v3/environment_classes?environment=production'
 
{"files":[{"classes":[],"path":"/etc/puppetlabs/code/environments/production/manifests/site.pp"}],"name":"production"}

which is consistent with the agent run (since the class-to-be-included can't be found):

# puppet agent -t
 
Info: Using configured environment 'production'
 
Info: Retrieving pluginfacts
 
Info: Retrieving plugin
 
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, Could not find class ::mymodule::myclass for big-swarm.delivery.puppetlabs.net (file: /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 1, column: 1) on node big-swarm.delivery.puppetlabs.net
 
...

If we wanted to surface error information via the environment_classes endpoint, then as Jeremy Barlow said, "it'd be good to do that as a separate ticket"
This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages