Jira (BOLT-1269) Prompt for sensitive data from inventory.

[Alex Dreyer (JIRA)]

Alex Dreyer created an issue

Puppet Task Runner / BOLT-1269 Prompt for sensitive data from inventory. Issue Type: New Feature Assignee: Unassigned Created: 2019/04/24 1:20 PM Priority: Normal Reporter: Alex Dreyer Add Comment

This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)

[Alex Dreyer (JIRA)]

Alex Dreyer updated an issue

Puppet Task Runner / BOLT-1269 Prompt for sensitive data from inventory.

Change By: Alex Dreyer Sprint: Bolt Ready for Grooming

Add Comment

[Alex Dreyer (JIRA)]

Alex Dreyer updated an issue

Puppet Task Runner / BOLT-1269 Prompt for sensitive data from inventory. Change By: Alex Dreyer

In scope: Have a single generalized inventory plugin hook. allow plugins to be used at arbitrary locations in inventory whenever an object with a {{_plugin}} key is encountered. implement a prompt plugin that accepts a single {{name}} parameter. support lazily evaluating the "prompt plugin" when fetching config for a node or group. Out of scope: worrying about inventory plugins outside of config.(ie for names, targets, facts, or vars) making a decision on whether target-lookups are special. {{noformat}} groups:   - name: first_group     targets: [ .... ]     config:        ssh:          password:            _plugin: prompt            message: "Password for group pass           {{nofrmat}}

Add Comment

[Alex Dreyer (JIRA)]

Alex Dreyer updated an issue

Puppet Task Runner / BOLT-1269 Prompt for sensitive data from inventory. Change By: Alex Dreyer

In scope: * Have a single generalized inventory plugin hook. * allow plugins to be used at arbitrary locations in inventory whenever an object with a {{_plugin}} key is encountered. * implement a prompt plugin that accepts a single {{name}} parameter. support lazily evaluating the " * Do not prompt plugin" when fetching config until something to {{update_target}} for a node or group target which needs this information .

Out of scope: worrying about inventory plugins outside of config.(ie for names, targets, facts, or vars) making a decision on whether target-lookups are special. {{noformat}}

nodes:    - uri: my_node      config:        ssh:          password: { _plugin: prompt, message: "Password for my_node"}d

groups:   - name: first_group     targets: [ .... ]     config:        ssh:          password:            _plugin: prompt

message: "Password for first group pass "           {{ nofrmat noformat }}

Add Comment

[Alex Dreyer (JIRA)]

Alex Dreyer updated an issue

Puppet Task Runner / BOLT-1269 Prompt for sensitive data from inventory. Change By: Alex Dreyer

In scope: * Have a single generalized inventory plugin hook. * allow plugins to be used at arbitrary locations in inventory whenever an object with a {{_plugin}} key is encountered. * implement a prompt plugin that accepts a single {{name}} parameter.

* Do not prompt until something to {{update_target}} for a target which needs this information. Out of scope: * worrying about inventory plugins outside of config.(ie for names, targets, facts, or vars) * making a decision on whether target-lookups are special.

{noformat} nodes:    - uri: my_node      config:        ssh:          password: { _plugin: prompt, message: "Password for my_node"}d groups:   - name: first_group     targets: [ .... ]     config:        ssh:          password:            _plugin: prompt            message: "Password for first group"

{noformat}

Add Comment

[Alex Dreyer (JIRA)]

Alex Dreyer updated an issue

Puppet Task Runner / BOLT-1269 Prompt for sensitive data from inventory. Change By: Alex Dreyer

In scope: * Have a single generalized inventory plugin hook. * allow plugins to be used at arbitrary locations in inventory whenever an object with a {{_plugin}} key is encountered. * implement a prompt plugin that accepts a single {{name}} parameter. * Do not prompt until something to {{update_target}} for a target which needs this information. Out of scope:

worrying about inventory plugins outside of config.(ie for names, targets, facts, or vars)

making a decision on whether target-lookups are special. {

{ noformat} }

nodes:    - uri: my_node      config:        ssh:          password: { _plugin: prompt, message: "Password for my_node"}d groups:   - name: first_group     targets: [ .... ]     config:        ssh:          password:            _plugin: prompt            message: "Password for first group" {

{ noformat} }

Add Comment

[Lucy Wyman (JIRA)]

Lucy Wyman updated an issue

Puppet Task Runner / BOLT-1269 Prompt for sensitive data from inventory.

Change By: Lucy Wyman Sprint: Bolt Ready for Grooming Kanban

Add Comment

[Lucy Wyman (JIRA)]

Lucy Wyman assigned an issue to Lucy Wyman

Puppet Task Runner / BOLT-1269 Prompt for sensitive data from inventory.

Change By: Lucy Wyman Assignee: Lucy Wyman

Add Comment

[Lucy Wyman (JIRA)]

Lucy Wyman assigned an issue to Unassigned

[Cas Donoghue (JIRA)]

Cas Donoghue assigned an issue to Cas Donoghue

Puppet Task Runner / BOLT-1269 Prompt for sensitive data from inventory.

Change By: Cas Donoghue Assignee: Cas Donoghue

Add Comment

[Lucy Wyman (JIRA)]

Lucy Wyman updated an issue

Puppet Task Runner / BOLT-1269 Prompt for sensitive data from inventory.

Change By: Lucy Wyman

In scope: * Have a single generalized inventory plugin hook. * allow plugins to be used at arbitrary locations in inventory whenever an object with a {{_plugin}} key is encountered. * implement a prompt plugin that accepts a single {{name}} parameter.

* Do not prompt until something to {{ When update_target }} for a is called to update target which needs this information config, that indicates the target is actually being used and should be prompted . Don't prompt for targets that aren't used. Out of scope: * worrying about inventory plugins outside of config.(ie for names, targets, facts, or vars) * making a decision on whether target-lookups are special.

{noformat} nodes:    - uri: my_node      config:        ssh:          password: { _plugin: prompt, message: "Password for my_node"}d groups:   - name: first_group     targets: [ .... ]     config:        ssh:          password:            _plugin: prompt            message: "Password for first group" {noformat}

Add Comment

[Cas Donoghue (JIRA)]

Cas Donoghue commented on BOLT-1269

Re: Prompt for sensitive data from inventory. Limit to config only for now. The `prompt` plugin will only return a string. Later _plugin could return other data (hash etc). Hook will be inventory_config_lookup

Add Comment

[Cas Donoghue (JIRA)]

Cas Donoghue updated an issue

Puppet Task Runner / BOLT-1269

Prompt for sensitive data from inventory.

Change By: Cas Donoghue Labels: docs

Add Comment

[Cas Donoghue (JIRA)]

Cas Donoghue updated an issue

Puppet Task Runner / BOLT-1269 Prompt for sensitive data from inventory.

Change By: Cas Donoghue Fix Version/s: BOLT Next

Add Comment

[Cas Donoghue (JIRA)]

Cas Donoghue updated an issue

Puppet Task Runner / BOLT-1269 Prompt for sensitive data from inventory.

Change By: Cas Donoghue Release Notes Summary: A new plugin in inventory v2 allows setting configuration values via a prompt. Release Notes: New Feature

Add Comment

[Melissa Amos (JIRA)]

Melissa Amos updated an issue

Puppet Task Runner / BOLT-1269 Prompt for sensitive data from inventory.

Change By: Melissa Amos Labels: docs docs_reviewed

Add Comment