Bug 2137364

Summary: composer-cli blueprints show command fails when firewall customization is included in a blueprint
Product: Red Hat Enterprise Linux 9 Reporter: Mario Cattamo <mcattamo>
Component: osbuild-composerAssignee: Brian Lane <bcl>
Status: CLOSED ERRATA QA Contact: Release Test Team <release-test-team-automation>
Severity: low Docs Contact:
Priority: unspecified    
Version: 9.1CC: atodorov, idiez, obudai, thozza
Target Milestone: rcKeywords: Patch, Triaged, Upstream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: osbuild-composer-67-2.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-09 07:32:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mario Cattamo 2022-10-24 15:22:16 UTC 
Description of problem:
After including firewall customization in a blueprint, composer-cli blueprints show  <blueprint-name> command fails with a EOF error.

[admin@rhel-9-1-221024 rhel-edge]$ cat firewall.toml 
name = "ostree"
description = "A base ostree image TEST"
version = "0.0.1"
modules = []
groups = []
[[packages]]
name = "python3"
version = "*"
[customizations.firewall]
ports = ["22:tcp", "80:tcp", "imap:tcp", "53:tcp", "53:udp"]
[customizations.firewall.services]
enabled = ["ftp", "ntp", "dhcp"]
disabled = ["telnet"]
[admin@rhel-9-1-221024 rhel-edge]$ sudo composer-cli blueprints push firewall.toml 
[admin@rhel-9-1-221024 rhel-edge]$ sudo composer-cli blueprints show ostree
ERROR: Show Error: Get "http://localhost/api/v1/blueprints/info/ostree?format=toml": EOF


Version-Release number of selected component (if applicable):
[admin@rhel-9-1-221024 rhel-edge]$ rpm -qa | grep osbuild
osbuild-composer-dnf-json-62.1-1.el9.x86_64
osbuild-composer-core-62.1-1.el9.x86_64
python3-osbuild-65-1.el9.noarch
osbuild-selinux-65-1.el9.noarch
osbuild-65-1.el9.noarch
osbuild-luks2-65-1.el9.noarch
osbuild-lvm2-65-1.el9.noarch
osbuild-ostree-65-1.el9.noarch
osbuild-composer-worker-62.1-1.el9.x86_64
osbuild-composer-62.1-1.el9.x86_64


How reproducible:
100%

Steps to Reproduce:
1. Create a blueprint with firewall customization
2. Push blueprint using "composer-cli blueprints push" command
3. Try showing the content of blueprint using "composer-cli blueprints show" command

Actual results:
ERROR: Show Error: Get "http://localhost/api/v1/blueprints/info/ostree?format=toml": EOF

Expected results:
No error at showing the contents of the blueprint

Additional info:
- The composer-cli blueprints depsolve <blueprint-name> works as expected.
- The experiment has been repeated with a RHEL 9.0 VM and throws no error
[admin@rhel-9-0-221024 rhel-edge]$ cat firewall.toml 
name = "ostree"
description = "A base ostree image TEST"
version = "0.0.1"
modules = []
groups = []
[[packages]]
name = "python3"
version = "*"
[customizations.firewall]
ports = ["22:tcp", "80:tcp", "imap:tcp", "53:tcp", "53:udp"]
[customizations.firewall.services]
enabled = ["ftp", "ntp", "dhcp"]
disabled = ["telnet"]
[admin@rhel-9-0-221024 rhel-edge]$ sudo composer-cli blueprints push firewall.toml 
[admin@rhel-9-0-221024 rhel-edge]$ sudo composer-cli blueprints show ostree
name = "ostree"
description = "A base ostree image TEST"
version = "0.0.1"
modules = []
groups = []
distro = ""

[[packages]]
name = "python3"
version = "*"

[customizations]
[customizations.firewall]
ports = ["22:tcp", "80:tcp", "imap:tcp", "53:tcp", "53:udp"]
[customizations.firewall.services]
enabled = ["ftp", "ntp", "dhcp"]
disabled = ["telnet"]
Comment 1 Brian Lane 2022-10-24 22:37:46 UTC 
I can also reproduce this on the upstream version running on Fedora 36, it looks like the toml library is having some problems with the blueprint. The server panics with:

Oct 24 15:29:22 fedora osbuild-composer[556]: 2022/10/24 15:29:22 GET /api/v1/blueprints/info/ostree
Oct 24 15:29:22 fedora osbuild-composer[556]: 2022/10/24 15:29:22 http: panic serving @: runtime error: comparing uncomparable type blueprint.FirewallCustomization
Oct 24 15:29:22 fedora osbuild-composer[556]: goroutine 58 [running]:
Oct 24 15:29:22 fedora osbuild-composer[556]: net/http.(*conn).serve.func1()
Oct 24 15:29:22 fedora osbuild-composer[556]:         /usr/lib/golang/src/net/http/server.go:1825 +0xbf
Oct 24 15:29:22 fedora osbuild-composer[556]: panic({0x55d51babc800, 0xc00034e1f0})
Oct 24 15:29:22 fedora osbuild-composer[556]:         /usr/lib/golang/src/runtime/panic.go:844 +0x258
Oct 24 15:29:22 fedora osbuild-composer[556]: github.com/osbuild/osbuild-composer/vendor/github.com/BurntSushi/toml.(*Encoder).safeEncode.func1()
Oct 24 15:29:22 fedora osbuild-composer[556]:         /home/bcl/Red_Hat/projs/osbuild-composer/rpmbuild/BUILD/osbuild-composer-f42da31362f8f100ac4ad92e470eb2ab6891f48f/_build/src/github.com/osbuild/osbuild-comp>
Oct 24 15:29:22 fedora osbuild-composer[556]: panic({0x55d51babc800, 0xc00034e1f0})
Comment 2 Ondřej Budai 2022-10-25 12:19:18 UTC 
I think this is a new "feature" of the BurntSushi/toml library. See this commit for the first case when it broke us: https://github.com/osbuild/osbuild-composer/pull/2925/commits/b6297c9c12cd1ec38405ea4b1b81326c016f1b3e

Brian, can you have a look, please?
Comment 7 Alexander Todorov 2023-02-13 10:47:53 UTC 
# rpm -q osbuild-composer
osbuild-composer-73-1.el9.x86_64


# cat firewall.toml 
name = "ostree"
description = "A base ostree image TEST"
version = "0.0.1"
modules = []
groups = []
[[packages]]
name = "python3"
version = "*"
[customizations.firewall]
ports = ["22:tcp", "80:tcp", "imap:tcp", "53:tcp", "53:udp"]
[customizations.firewall.services]
enabled = ["ftp", "ntp", "dhcp"]
disabled = ["telnet"]

^^^ no newline at the end but that shouldn't matter.

# composer-cli blueprints push firewall.toml

# composer-cli blueprints list
ostree


# composer-cli blueprints show ostree
name = "ostree"
description = "A base ostree image TEST"
version = "0.0.1"
modules = []
groups = []
distro = ""

[[packages]]
name = "python3"
version = "*"

[customizations]
[customizations.firewall]
ports = ["22:tcp", "80:tcp", "imap:tcp", "53:tcp", "53:udp"]
[customizations.firewall.services]
enabled = ["ftp", "ntp", "dhcp"]
disabled = ["telnet"]


No errors. Moving to VERIFIED.
Comment 8 Ondřej Budai 2023-03-30 11:52:15 UTC 
*** Bug 2178206 has been marked as a duplicate of this bug. ***
Comment 10 errata-xmlrpc 2023-05-09 07:32:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Image Builder security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:2204