Jira (HI-628) convert_to: Sensitive only unless undef

Cocker (Jira)

unread,

Feb 9, 2022, 7:11:02 AM2/9/22

to puppe...@googlegroups.com

Cocker created an issue

Hiera /

HI-628

convert_to: Sensitive only unless undef

Issue Type:	Improvement
Assignee:	Unassigned
Created:	2022/02/09 4:10 AM
Priority:	Normal
Reporter:	Cocker

Context:

Hiera provides the Convert-Function

lookup_options:
}}{{{}blubb::my_variable1:
}}{{ convert_to: Sensitive
}}{{{}blubb::my_variable2:
}}{{ convert_to: Sensitive
{{}}
blubb::my_variable1: MY_PASSWORD

# Variable intentionally left empty
blubb::my_variable2:{}
{{}}

With blubb::my_variable2 this leads to Sensitive[undef], and this makes...

class blubb(
Optional[Variant[String, Sensitive[String]]] $my_variable2,
) {}

... not accepting the Variable:

Class[Blubb]: parameter 'my_variable2' expects a value of type String or Sensitive[String], got Sensitive[Undef]

Improvement:

The Convert-Function should leave undef unconverted, and return just undef instead of Sensitive[undef].

References:

https://github.com/theforeman/puppet-katello/pull/436#discussion_r802535218
.

Add Comment

This message was sent by Atlassian Jira (v8.20.2#820002-sha1:829506d)

Cocker (Jira)

unread,

Feb 9, 2022, 7:17:02 AM2/9/22

to puppe...@googlegroups.com

Cocker updated an issue

Hiera /

HI-628

convert_to: Sensitive only unless undef

Change By:	Cocker

h2. Context:

Hiera provides the Convert-Function

{ { noformat}

lookup_options: }}
{{ }}{{{} blubb:: {}}}{{{} my_variable1: {}}}
{{}}{{ convert_to: Sensitive }}
{{ }}{{{} blubb:: {}}}{{{} my_variable2: {}}}
{{}}{{ convert_to: Sensitive }}
{{}}
{{{} blubb::my_variable1 {}}}{{{} : MY_PASSWORD {}}}

{{ # Variable intentionally left empty }}

{{{} blubb:: {}}}{{{} my_variable2: {}}}{{{}{}}}
{ { noformat } }

With {{blubb::my_variable2}} this leads to {{ {} Sensitive[undef] { }} }

, and this makes...

{ { noformat}

class blubb( }}
{{ Optional[Variant[String, Sensitive[String]]] $my_variable2, }}
{{ ) {}

{noformat } }

... not accepting the Variable:

{ { noformat}

Class[Blubb]: parameter 'my_variable2' expects a value of type String or Sensitive[String], got Sensitive[Undef]

{noformat } }

h2. Improvement:

The Convert-Function should leave {{undef}} unconverted, and return just {{undef}} instead of {{{}Sensitive[undef]{}}}.

h2. References:

[https://github.com/theforeman/puppet-katello/pull/436#discussion_r802535218]
.

Add Comment

Cocker (Jira)

unread,

Feb 9, 2022, 7:41:02 AM2/9/22

to puppe...@googlegroups.com

[https://github . com/theforeman/puppet-foreman/pull/1018]
.

Add Comment

Cocker (Jira)

unread,

Feb 9, 2022, 7:44:03 AM2/9/22

to puppe...@googlegroups.com

Cocker updated an issue

Hiera /

HI-628

convert_to: Sensitive only unless undef

Change By:	Cocker

h2. Context:

Hiera provides the Convert-Function
{noformat}lookup_options:
  blubb::my_variable1:
    convert_to: Sensitive
  blubb::my_variable2:
    convert_to: Sensitive

blubb::my_variable1: MY_PASSWORD

# Variable intentionally left empty
blubb::my_variable2:
{noformat}

With {{blubb::my_variable2}} this leads to {{{}Sensitive[undef]{}}}, and this makes...
{noformat}class blubb(
  Optional[Variant[String, Sensitive[String]]] $my_variable2,
) {}
{noformat}
... not accepting the Variable:

{noformat}Class[Blubb]: parameter 'my_variable2' expects a value of type Undef, String or Sensitive[String], got Sensitive[Undef]

{noformat}

h2. Improvement:

The Convert-Function should leave {{undef}} unconverted, and return just {{undef}} instead of {{{}Sensitive[undef]{}}}.

h2. References:

[https://github.com/theforeman/puppet-katello/pull/436]
[https://github.com/theforeman/puppet-foreman/pull/1018]
.

Add Comment

Cocker (Jira)

unread,

Jul 29, 2022, 12:07:02 PM7/29/22

to puppe...@googlegroups.com

Cocker commented on

HI-628

Re: convert_to: Sensitive only unless undef

Can someone please look at this Improvement, which I rather consider as a Bug?

Add Comment

This message was sent by Atlassian Jira (v8.20.11#820011-sha1:0629dd8)

Henrik Lindberg (Jira)

unread,

Jul 29, 2022, 4:50:03 PM7/29/22

to puppe...@googlegroups.com

Henrik Lindberg commented on

HI-628

Re: convert_to: Sensitive only unless undef

Kind of difficult to quick fix since a Sensitive.new should always return a Sensitive instance (or error). Also, it makes sense that an undef value could be sensitive (i.e you don't want to leak the information that a value is explicitly undef).

It would be more coherent if it was possible to specify convert_to: Optional[Sensitive] (which IIRC isn't supported). It could be implemented such that Optional's new function checks if the value it is converting is undef, and then returning undef, otherwise delegating the call to new for the type it decorates. Then, no internal protocols would be broken and it is totally clear what is wanted.

Add Comment

Henrik Lindberg (Jira)

unread,

Jul 29, 2022, 4:53:01 PM7/29/22

to puppe...@googlegroups.com

Henrik Lindberg commented on

HI-628

Re: convert_to: Sensitive only unless undef

Another implementation option is to add an optionally_convert_to feature that does what is requested.

Add Comment

Reply all

Reply to author

Forward