| Currently, if an epp template contains a sensitive value that is not explicitly unwrapped, then the redacted value is part of the rendered output. Is there ever a case where the user actually wants that, for example?
$ bx puppet apply -e 'notice(inline_epp("This string should be redacted: <%= Sensitive.new(\"sesame\") %>"))' |
Notice: Scope(Class[main]): This string should be redacted: Sensitive [value redacted]
|
Reid Vandewiele, Charlie Sharpsteen, Gene Liverman do you have thoughts about this? Have you ever seen a situation where someone wants to render an epp template and they want the output to contain output like above? My inclination is that it's a bug and they forgot to call Sensitive.new("sesame").unwrap in the template. If we need to preserve the behavior, then we could either 1) add an optional parameter to epp, inline_epp to control if the output is rewrapped or 2) make this change in Puppet 7. I'm not 100% sure the first option is feasible given epp already takes an optional hash of parameters, and the function would need to accept another optional argument, but maybe that is possible following the lookup_1, lookup_2, etc example. |