Jira (FACT-1346) Provide Environment Variables as a Structured Fact

[Rob Reynolds (JIRA)]

Rob Reynolds updated an issue

Facter / FACT-1346 Provide Environment Variables as a Structured Fact Change By: Rob Reynolds Summary: Provide Environment Variables as  Facts  a Structured Fact Add Comment

This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc)

[Rob Reynolds (JIRA)]

Rob Reynolds updated an issue

Facter / FACT-1346 Provide Environment Variables as a Structured Fact

Change By: Rob Reynolds Sprint: Windows Triage

Add Comment

[Rob Reynolds (JIRA)]

Rob Reynolds updated an issue

Facter / FACT-1346 Provide Environment Variables as a Structured Fact

Change By: Rob Reynolds Scrum Team: Client Platform Windows

Add Comment

[Rob Reynolds (JIRA)]

Rob Reynolds commented on FACT-1346

Re: Provide Environment Variables as a Structured Fact This could also be focused on just the environment variables that are necessary for Puppet to work, we already provide Path as a variable, but not things like SystemDir, TEMP, etc. Those would be beneficial to provide.

Add Comment

[Steve Barlow (JIRA)]

Steve Barlow assigned an issue to Kenaz Kwa

Facter / FACT-1346

Provide Environment Variables as a Structured Fact

Change By: Steve Barlow Assignee: Kenaz Kwa Sprint: Windows Client  Triage Scrum Team: Windows Client Platform

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Facter / FACT-1346 Provide Environment Variables as a Structured Fact

Change By: Josh Cooper Sprint: Client Triage

Add Comment

This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9)

[Josh Cooper (JIRA)]

Josh Cooper commented on FACT-1346

Re: Provide Environment Variables as a Structured Fact Kenaz Kwa Eric Sorenson we need more definition about which environment variables to include because including all environment facts can raise security issues. Can you provide guidance about which should be included in core facter (as opposed to windows specific module?)

Add Comment

[Kenaz Kwa (JIRA)]

Kenaz Kwa commented on FACT-1346

Re: Provide Environment Variables as a Structured Fact

+Nate McCurdy for additional facts he may have had to author. Some that recently came up (that required custom facts) include: PageFile information (where it is & whether it's automanaged) Directory locations for AppData, ProgramData, SystemRoot, ProgramFiles, PSModulePath etc. User info (domain, user account) I don't think any of that data should be security-impacting. These are general things that most Windows admins will use that today require custom facter-ing. The PageFile one may be a bit module specific, but I think the others are module-agnostic. Kenaz

Add Comment

[Eric Sorenson (JIRA)]

Eric Sorenson commented on FACT-1346

Re: Provide Environment Variables as a Structured Fact

I'm having a hard time thinking of equivalents to those Kenaz Kwa mentioned in the Unix/Linux world. Since you would not want to maintain an ever-expanding blacklist of env vars which should not be put into facts due to security exposure, and there's not an obvious set to start with besides "everything, just in case", I'd suggest not including any. If a module wants to add them as an external fact, that's easy to do.

Add Comment

[Rob Reynolds (JIRA)]

Rob Reynolds commented on FACT-1346

Re: Provide Environment Variables as a Structured Fact

These would be beneficial to provide: SystemRoot WinDir TEMP SystemDrive They may not have *nix equivalents, but they are very helpful for those on Windows.

Add Comment

[Maggie Dreyer (JIRA)]

Maggie Dreyer commented on FACT-1346

Re: Provide Environment Variables as a Structured Fact

Now that FACT-718 has been completed, I'd like to note that it is unlikely to help with blocking only certain environment variables, unless each one is collected independently (i.e. has its own resolver in Facter), because FACT-718 blocks collection, not reporting. It also cannot currently be used for external facts. But it sounds like the important part is to not report variables that might be sensitive, so I think the relevant ticket is now FACT-1462.

Add Comment

This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe)

[Maggie Dreyer (JIRA)]

Maggie Dreyer commented on FACT-1346

Re: Provide Environment Variables as a Structured Fact

Glenn Sarti Ethan Brown since we don't want to just report ALL environment variables on the system, what do you think of the list in the above comment, for useful ones to report? Are there any others you can think of?

Add Comment

[Ethan Brown (JIRA)]

Ethan Brown commented on FACT-1346

Re: Provide Environment Variables as a Structured Fact

I agree with the security implications - you wouldn't want, for instance, AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY propagated everywhere. My list would include the following: ALLUSERSPROFILE - sample value: C:\ProgramData APPDATA - sample value: C:\Users\Administrator\AppData\Roaming CommonProgramFiles - sample value: C:\Program Files\Common Files CommonProgramFiles(x86) - sample value: C:\Program Files (x86)\Common Files (not present on 32-bit) HOME - sample value: C:\Users\Administrator HOMEDRIVE - sample value: C: HOMEPATH - sample value: \Users\Administrator LOCALAPPDATA - sample value: C:\Users\Administrator\AppData\Local PATHEXT - sample value: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.RB;.RBW;.CPL PROCESSOR_IDENTIFIER - sample value: Intel64 Family 6 Model 70 Stepping 1, GenuineIntel - probably better to amend processors fact PROCESSOR_LEVEL - sample value: 6 - probably better to amend processors fact PROCESSOR_REVISION - sample value: 4601 - probably better to amend processors fact ProgramData - sample value: C:\ProgramData ProgramFiles - sample value: C:\Program Files ProgramFiles(x86) - sample value: C:\Program Files (x86) (not present on 32-bit I don't believe) PSModulePath - sample value: C:\Users\Administrator\Documents\WindowsPowerShell\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\ Windows\system32\WindowsPowerShell\v1.0\Modules\;C:\Program Files\WindowsPowerShell\Modules\;C:\Program F iles (x86)\Microsoft SDKs\Azure\PowerShell\ResourceManager\AzureResourceManager\;C:\Program Files (x86)\M icrosoft SDKs\Azure\PowerShell\ServiceManagement (arguably belongs in the PowerShell module) PUBLIC - sample value: C:\Users\Public SystemDrive - sample value: C: SystemRoot - sample value: C:\Windows TEMP - sample value: C:\Users\ADMINI~1\AppData\Local\Temp\1 TMP - sample value: C:\Users\ADMINI~1\AppData\Local\Temp\1 USERPROFILE - sample value: C:\Users\Administrator windir - sample value: C:\Windows - probably better to amend os.windows fact to include this value The following would have been useful as well, except that Facter includes them elsewhere already: COMPUTERNAME - same as hostname fact NUMBER_OF_PROCESSORS - sample value: 2 - processors fact contains this OS - env var is Windows_NT but os fact basically includes same info Path - same as path fact PROCESSOR_ARCHITECTURE - sample value: AMD64 - processors fact has isa => "x64" USERNAME - sample value: Administrator - fact identity.user has value VAGRANT-2008R2\Administrator

Add Comment

[Glenn Sarti (JIRA)]

Glenn Sarti commented on FACT-1346

Re: Provide Environment Variables as a Structured Fact

I assume these would be a structure fact as well?

Add Comment

[Geoff Nichols (JIRA)]

Geoff Nichols updated an issue

Facter / FACT-1346

Provide Environment Variables as a Structured Fact

Change By: Geoff Nichols Sprint: Agent Needs Information

Add Comment

[Geoff Nichols (JIRA)]

[Maggie Dreyer (JIRA)]

Maggie Dreyer updated an issue

Facter / FACT-1346 Provide Environment Variables as a Structured Fact

Change By: Maggie Dreyer Labels: triaged

Add Comment

[Sean McDonald (JIRA)]

Sean McDonald assigned an issue to Unassigned

Facter / FACT-1346 Provide Environment Variables as a Structured Fact

Change By: Sean McDonald Assignee: Kenaz Kwa

Add Comment

[Moses Mendoza (JIRA)]

Moses Mendoza updated an issue

Facter / FACT-1346 Provide Environment Variables as a Structured Fact

Change By: Moses Mendoza Labels: triaged

Add Comment

[Sean McDonald (JIRA)]

Sean McDonald updated an issue

Facter / FACT-1346 Provide Environment Variables as a Structured Fact

Change By: Sean McDonald Labels: triaged windows

Add Comment

This message was sent by Atlassian JIRA (v7.5.1#75006-sha1:7df2574)

[Brett Jacobson (JIRA)]

Brett Jacobson commented on FACT-1346

Re: Provide Environment Variables as a Structured Fact Is there a good reason why this feature request died? Did everyone just go home and decide it was easier to write your own custom facts to get the Windows temp folder from an environment variable instead of Puppet building it in as a fact?

Add Comment

This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)

[Michael Fyffe (JIRA)]

Michael Fyffe commented on FACT-1346

Re: Provide Environment Variables as a Structured Fact

Yea, I'm still surprised this isn't built into core facter.

Add Comment

[Glenn Sarti (JIRA)]

Glenn Sarti commented on FACT-1346

Re: Provide Environment Variables as a Structured Fact

As a stop gap, I've added these facts to the windows_env module https://github.com/voxpupuli/puppet-windows_env/pull/54

Add Comment

[Sean McDonald (JIRA)]

Sean McDonald commented on FACT-1346

Re: Provide Environment Variables as a Structured Fact

Since this seems solved in modules we would prefer to keep actual fact implementation out of the core facter implementation and inside modules. If we can build the important windows env vars in to a module we could even include that module with the core set of modules that ship 'batteries included' with the agent. If anyone disagrees, please feel free to re-open this ticket with reasoning on why it's important that this stay in core facter. /cc Branan Riley

Add Comment

[Claudia Petty (Jira)]

Claudia Petty updated an issue

Facter / FACT-1346

Provide Environment Variables as a Structured Fact

Change By: Claudia Petty Labels: new-feature windows

Add Comment

This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8)