Jira (PUP-10525) puppet apply should set trusted['external']

[Enis Inan (Jira)]

Enis Inan created an issue

Puppet / PUP-10525 puppet apply should set trusted['external'] Issue Type: Task Assignee: Unassigned Created: 2020/05/20 3:03 PM Priority: Normal Reporter: Enis Inan This way, if I set {trusted_external_command} in {puppet.conf} , then I can easily test that {trusted['external']} is set via something like {puppet apply -e notify { "$trusted['external']": }}. It also maintains consistency with facts and other trusted facts, since those are set in {puppet apply} . Add Comment

This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)

[Enis Inan (Jira)]

Enis Inan updated an issue

Puppet / PUP-10525 puppet apply should set trusted['external']

Change By: Enis Inan

This way, if I set {{trusted_external_command}} in {{puppet.conf}}, then I can easily test that {{trusted['external']}} is set via something like {{puppet apply -e notify \{ "$trusted['external']": \} }}. It also maintains consistency with facts and other trusted facts, since those are set in {{puppet apply}}. Add Comment

[Enis Inan (Jira)]

[Enis Inan (Jira)]

[Enis Inan (Jira)]

[Enis Inan (Jira)]

Enis Inan updated an issue

Puppet / PUP-10525 puppet apply should set trusted['external'] Change By: Enis Inan

This way, if I set {{trusted_external_command}} in {{puppet.conf}}, then I can easily test that {{trusted['external']}} is set via something like { { code} puppet apply -e notify \{ "$trusted['external']": \} {code } } .

It also maintains consistency with facts and other trusted facts, since those are set in {{puppet apply}}.

Add Comment

[Enis Inan (Jira)]

[Enis Inan (Jira)]

Enis Inan updated an issue

Puppet / PUP-10525 puppet apply should set trusted['external'] Change By: Enis Inan

This way, if I set {{trusted_external_command}} in {{puppet.conf}}, then I can easily test that {{trusted['external']}} is set via something like {code} puppet apply -e 'notify { "$trusted['external']": }' {code}

It also maintains consistency with facts and other trusted facts, since those are also set in {{puppet apply}}.

Add Comment

[Enis Inan (Jira)]

Enis Inan updated an issue

Puppet / PUP-10525 puppet apply should set trusted['external'] Change By: Enis Inan

This way, if I set {{trusted_external_command}} in {{puppet.conf}}, then I can easily test that {{trusted['external']}} is set via something like {code}puppet apply -e notify \ { "$trusted['external']": \ }{code}. It also maintains consistency with facts and other trusted facts, since those are set in {{puppet apply}}.

Add Comment

[Enis Inan (Jira)]

Enis Inan updated an issue

Puppet / PUP-10525 puppet apply should set trusted['external'] Change By: Enis Inan

This way, if I set {{trusted_external_command}} in {{puppet.conf}}, then I can easily test that {{trusted['external']}} is set properly fetched via something like

{code} puppet apply -e 'notify { "$trusted['external']": }' {code}

It also maintains consistency with facts and other trusted facts, since those are also set in {{puppet apply}}.

Add Comment

[Josh Cooper (Jira)]

Josh Cooper commented on PUP-10525

Re: puppet apply should set trusted['external'] puppet apply will run the command if it's set in the main section or passed on the command line: $ /Users/josh/work/puppet/trusted.sh {"key":"value"} $ bx puppet apply --trusted_external_command /Users/josh/work/puppet/trusted.sh -e 'notice($trusted['external']['key'])' Notice: Scope(Class[main]): value Notice: Compiled catalog for localhost in environment production in 0.02 seconds Notice: Applied catalog in 0.01 seconds I'm guessing you have trusted_external_command set in the [master] section?

Add Comment

[Enis Inan (Jira)]

Enis Inan commented on PUP-10525

Re: puppet apply should set trusted['external']

Yes, as part of https://github.com/puppetlabs/puppetlabs-servicenow_integration where we have a servicenow.rb script that returns the external data.

Add Comment

[Josh Cooper (Jira)]

Josh Cooper commented on PUP-10525

Re: puppet apply should set trusted['external']

Can you change https://github.com/puppetlabs/puppetlabs-servicenow_integration/blob/master/manifests/trusted_external_command.pp#L77 to use the main section instead of master?

Add Comment

[Reid Vandewiele (Jira)]

Reid Vandewiele commented on PUP-10525

Re: puppet apply should set trusted['external']

Enis Inan interesting, sounds like that should support the dev/test use case. Either set trusted_external_command in the user/main section, or pass it on the CLI. For the servicenow_integration specifically I don't at first blush believe we should move it from the master section... I kind of feel like it shouldn't happen for manual invocations of apply unless intentionally invoked.

Add Comment

[Enis Inan (Jira)]

Enis Inan commented on PUP-10525

Re: puppet apply should set trusted['external']

Reid Vandewiele Is there a practical reason why we can't move it over to main? Something like "if we move it to main, then it won't work in this scenario"?

Add Comment

[Josh Cooper (Jira)]

Josh Cooper commented on PUP-10525

Re: puppet apply should set trusted['external']

Moving to main means the command will be executed for all other puppet applications that try to load a Node object. I'd expect that to affect puppet device and maybe puppet resource.

Add Comment

[Josh Cooper (Jira)]

Josh Cooper commented on PUP-10525

Re: puppet apply should set trusted['external']

We have the same issue with node_terminus/external_nodes as well. If you put them in the [main] section then they affect all puppet subcommands, so we typically put them in [master]. But then puppet apply doesn't "see" those settings, and they must be specified on the CLI. Although the behavior isn't ideal, I think it's preferable for trusted_external_command and node_terminus/external_nodes to behave consistently, so I'm going to close this as won't do.

Add Comment