Puppet Version: 6.15.0, 5.5.20 Puppet Server Version: N/A OS Name/Version: RedHat 7 When multiple resources are declared using an array of titles, the type information for Sensitive parameters is lost. This results in type validation errors if a resource declares a data type such as Sensitive[String] Install Puppet 6 on CentOS 7 and create a defined type with a password parameter declared to be Sensitive[String]:
cat <<'EOF' > /etc/puppetlabs/code/environments/production/modules/test_mod/manifests/service.pp |
define test_mod::service( |
Sensitive[String] $password, |
){ |
notify{"${title} ${password}": } |
} |
EOF
|
Attempt to apply the following manifest:
test_mod::service { ["ServiceA","ServiceB"]: |
password => Sensitive("password") |
}
|
Desired Behavior: Output matches individual resources declared in a loop:
# puppet apply <<'EOF' |
each(["ServiceA","ServiceB"] ) |String $svc_name| { |
test_mod::service { $svc_name: |
password => Sensitive("password") |
} |
} |
EOF |
|
Notice: Compiled catalog for olde-pacemaker.delivery.puppetlabs.net in environment production in 0.02 seconds |
Notice: ServiceA Sensitive [value redacted] |
Notice: /Stage[main]/Main/Test_mod::Service[ServiceA]/Notify[ServiceA Sensitive [value redacted]]/message: defined 'message' as 'ServiceA Sensitive [value redacted]' |
Notice: ServiceB Sensitive [value redacted] |
Notice: /Stage[main]/Main/Test_mod::Service[ServiceB]/Notify[ServiceB Sensitive [value redacted]]/message: defined 'message' as 'ServiceB Sensitive [value redacted]' |
Notice: Applied catalog in 0.01 seconds
|
Actual Behavior: Compilation fails when defining the second resource as password has been coerced to a String:
# puppet apply <<'EOF' |
test_mod::service { ["ServiceA","ServiceB"]: |
password => Sensitive("password") |
} |
EOF |
|
Error: Test_mod::Service[ServiceB]: parameter 'password' expects a Sensitive[String] value, got String on node olde-pacemaker.delivery.puppetlabs.net
|
|