Jira (PUP-9249) Backport sensitive DSL method PUP-8514

22 views
Skip to first unread message

Josh Cooper (JIRA)

unread,
Oct 18, 2018, 8:08:02 PM10/18/18
to puppe...@googlegroups.com
Josh Cooper created an issue
 
Puppet / Bug PUP-9249
Backport sensitive DSL method PUP-8514
Issue Type: Bug Bug
Assignee: Unassigned
Created: 2018/10/18 5:07 PM
Fix Versions: PUP 5.5.8
Priority: Normal Normal
Reporter: Josh Cooper

To use the sensitive DSL method introduced in PUP-8514, you need to be on Puppet 6 or later. This is a problem if you're a module author and want to support pre-6 agents. For example the puppet_agent module used to upgrade agents relies on the yumrepo resource type, but the yumrepo_core module cannot be run on pre-6 agents.

This ticket is to backport the PUP-8514 to 5.5.x.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Atlassian logo

Josh Cooper (JIRA)

unread,
Oct 18, 2018, 8:08:02 PM10/18/18
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Team: Coremunity

Josh Cooper (JIRA)

unread,
Oct 18, 2018, 8:10:01 PM10/18/18
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Sprint: Coremunity Grooming

Kenn Hussey (JIRA)

unread,
Oct 29, 2018, 11:30:02 AM10/29/18
to puppe...@googlegroups.com
Kenn Hussey updated an issue
Change By: Kenn Hussey
Fix Version/s: PUP 5.5.8
Fix Version/s: PUP 5.5.9

Josh Cooper (JIRA)

unread,
Jan 7, 2019, 4:39:04 PM1/7/19
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Fix Version/s: PUP 5.5.9
Fix Version/s: PUP 6.0.z
Fix Version/s: PUP 5.5.z

Jorie Tappa (JIRA)

unread,
Jun 12, 2019, 4:42:02 PM6/12/19
to puppe...@googlegroups.com
Jorie Tappa updated an issue
Change By: Jorie Tappa
Acceptance Criteria: Should have the same behavior as the 6.0.0+ versions.

Josh Cooper (JIRA)

unread,
Jul 17, 2019, 4:48:03 PM7/17/19
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Acceptance Criteria:
Should have the same behavior as the 6.0.0+ versions.


Install 1.0.1 yumrepo_core on the master
Add yumrepo resource:

{code:puppet}
yumrepo { 'puppetrepo-products':
  ensure    => 'present',
  name      => 'puppetrepo-products',
  password => 'password',
  descr     => 'Puppet Labs Products El 7 - $basearch',
  baseurl   => 'http://myownmirror',
  gpgkey    => 'http://myownmirror',
  enabled   => '1',
  gpgcheck  => '1',
  target    => '/etc/yum.repo.d/puppetlabs.repo',
}
{code}

Run redhat/centos agent
Make sure yumrepo resource is created in /etc/yum
Make sure password is set correctly in the repo config, and is not written to the console (even at debug level)

Josh Cooper (JIRA)

unread,
Jul 17, 2019, 4:48:03 PM7/17/19
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Fix Version/s: PUP 6.0.z

Kris Bosland (JIRA)

unread,
Jul 18, 2019, 8:24:03 PM7/18/19
to puppe...@googlegroups.com
Kris Bosland commented on Bug PUP-9249
 
Re: Backport sensitive DSL method PUP-8514

Password does not show up in debug output, but is properly placed in repo:

[root@q07qxr48tcvm5v2 ~]# cat yumrepo.pp
 
yumrepo { 'puppetrepo-products':
 
  ensure    => 'present',
 
  name      => 'puppetrepo-products',
 
  password => 'mypw123',
 
  descr     => 'Puppet Labs Products El 7 - $basearch',
 
  baseurl   => 'http://myownmirror',
 
  gpgkey    => 'http://myownmirror',
 
  enabled   => '1',
 
  gpgcheck  => '1',
 
  target    => '/etc/yum.repo.d/puppetlabs.repo',
 
}
 
[root@q07qxr48tcvm5v2 ~]# puppet apply yumrepo.pp --debug | tee apply.log
 
[removed for brevity]
 
[root@q07qxr48tcvm5v2 ~]# grep mypw123 apply.log
 
[root@q07qxr48tcvm5v2 ~]# grep mypw123 /etc/yum.repos.d/puppetrepo-products.repo
 
password=mypw123

Kris Bosland (JIRA)

unread,
Jul 18, 2019, 8:52:02 PM7/18/19
to puppe...@googlegroups.com
Kris Bosland commented on Bug PUP-9249

During an agent run:

[root@q07qxr48tcvm5v2 ~]# puppet agent -t --debug | tee agent.log
 
[removed for brevity]
 
[root@q07qxr48tcvm5v2 ~]# grep password agent.log
 
Notice: /Stage[main]/Main/Yumrepo[puppetrepo-products]/password: changed [redacted] to [redacted]
 
[root@q07qxr48tcvm5v2 ~]# grep password /etc/yum.repos.d/puppetrepo-products.repo
 
password=mypw123

Jorie Tappa (JIRA)

unread,
Jul 19, 2019, 4:33:04 PM7/19/19
to puppe...@googlegroups.com
Jorie Tappa commented on Bug PUP-9249

merged to 5.5.x at 5d1048d 

Jorie Tappa (JIRA)

unread,
Jul 19, 2019, 4:36:03 PM7/19/19
to puppe...@googlegroups.com
Jorie Tappa assigned an issue to Kris Bosland
 
Change By: Jorie Tappa
Assignee: Kris Bosland

Josh Cooper (JIRA)

unread,
Jul 19, 2019, 7:12:03 PM7/19/19
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Sprint: Coremunity Grooming Platform Core KANBAN

Kris Bosland (JIRA)

unread,
Jul 22, 2019, 2:21:02 PM7/22/19
to puppe...@googlegroups.com
Kris Bosland commented on Bug PUP-9249
 
Re: Backport sensitive DSL method PUP-8514

Passed CI in 032e9da8598d8cc74e204eeba3ed06a328fbeee7.

Kris Bosland (JIRA)

unread,
Jul 22, 2019, 2:22:03 PM7/22/19
to puppe...@googlegroups.com
Kris Bosland updated an issue
 
Change By: Kris Bosland
Release Notes Summary: Parameters can now be marked sensitive at the class level rather then just the instance level.
Release Notes: New Feature

George Mrejea (JIRA)

unread,
Oct 3, 2019, 7:21:03 AM10/3/19
to puppe...@googlegroups.com
George Mrejea updated an issue
Change By: George Mrejea
Fix Version/s: PUP 5.5.z
Fix Version/s: PUP 6.4.4
Fix Version/s: PUP 5.5.17

Jorie Tappa (JIRA)

unread,
Oct 3, 2019, 1:00:03 PM10/3/19
to puppe...@googlegroups.com
Jorie Tappa updated an issue
Change By: Jorie Tappa
Fix Version/s: PUP 6.4.4
Reply all
Reply to author
Forward
0 new messages