Open iahmad-khan opened 5 years ago
That's weird - looks like a bug to me. @iahmad-khan can you check if this is a terraform issue by attempting to post the same body directly to the REST API?
@ndavidson-pulse currently i have fixed it by sending u0026
instead which is the correct &
in traffic manager. I wonder why is it doing the conversion.
I'm seeing the same issue on the ldap_group_filter property of the vtm_user_authenticator resource.
I was reading about this method https://golang.org/pkg/encoding/json/#HTMLEscape which is described as:
"String values encode as JSON strings coerced to valid UTF-8, replacing invalid bytes with the Unicode replacement rune. The angle brackets "<" and ">" are escaped to "\u003c" and "\u003e" to keep some browsers from misinterpreting JSON output as HTML. Ampersand "&" is also escaped to "\u0026" for the same reason. This escaping can be disabled using an Encoder that had SetEscapeHTML(false) called on it."
Does this need to be set in the go-vtm (https://github.com/pulse-vadc/go-vtm/blob/master/7.0/config_user_authenticator.go) code where the json is marshalled in the "Apply" method?
We need to properly escape the JSON in order for certain unicode code-points to work at all - so far your description makes it sound like some double encoding issue, I believe you've said the following two things:
http_path = "/solr/citations/admin/ping?wt=json&distrib=true
the REST back-end gets http_path = "/solr/citations/admin/ping?wt=jsonu0026distrib=true
and breaks.http_path = "/solr/citations/admin/ping?wt=jsonu0026distrib=true
the REST back-end works, but you've not described what it gets?
Can you please try both requests directly to the REST API and report the behavior here.I tested the rest API directly using curl and json. The api seems to work as expected and is not encoding the "&".
Working:
{"properties":{"basic":{"description":"","enabled":true,"type":"ldap"},"ldap":{"base_dn":"cn=accounts,dc=example,dc=com","bind_dn":"","dn_method":"search","fallback_group":"admin","filter":"uid=%u","group_attribute":"member","group_field":"","group_filter":"(&(&(objectClass=posixgroup)(member=uid=%u,cn=users,cn=accounts,dc=example,dc=com))(cn=zxtm_access)","port":389,"search_dn":"","search_password":"","server":"localhost","timeout":30}}}
curl -vk -X PUT -H 'Content-Type: application/json' -d $(cat working) 'https://vtm.example.com:9070/api/tm/6.2/config/active/user_authenticators/working/' -u admin
Broken:
{"properties":{"basic":{"description":"","enabled":true,"type":"ldap"},"ldap":{"base_dn":"cn=accounts,dc=example,dc=com","bind_dn":"","dn_method":"search","fallback_group":"admin","filter":"uid=%u","group_attribute":"member","group_field":"","group_filter":"(u2600(u2600(objectClass=posixgroup)(member=uid=%u,cn=users,cn=accounts,dc=example,dc=com))(cn=zxtm_access)","port":389,"search_dn":"","search_password":"","server":"localhost","timeout":30}}}
curl -vk -X PUT -H 'Content-Type: application/json' -d $(cat broken) 'https://vtm.example.com:9070/api/tm/6.2/config/active/user_authenticators/broken/' -u admin
@pdabel does putting in the backslash work properly? e.g. does \u2600
work correctly?
We see this issue of string encoding with few more special characters that include the tags like: <, /, ", >.
Strange , have a look at this body regex:
http_body_regex = "<app-root></app-root>"
after terrafrom push itlooks this on traffic manager:
http_body_regex = "\u003capp-root\u003e\u003c/app-root\u003e"
and if I push this one from terrafrom to traffic manager:
http_body_regex = "\u003capp-root\u003e\u003c/app-root\u003e"
then it looks this on the problematic one ( corrected )
http_body_regex = "<app-root></app-root>"
but on the normal one , which is ok othervise , it is:
http_body_regex = "\u003capp-root\u003e\u003c/app-root\u003e"
so if we are going to fix one , the other is broken , both vtms are using same version 18.2
There are actually two related issues:
These issues may be addressed in a future release. If you have a current support contract and have an urgent need for this issue, please contact us via https://support.pulsesecure.net to request prioritization.
Here is my monitor configuration:
when I push this through terraform , the http_path is not correct in the VTM , the resultant configuration done by terraform is with http_path:
& is replaced by u0026 , how can i fix this,
thanks