Binary file in eyaml breaking use of Deferred due to pson

[Bob Negri]

We were trying to migrate the secrets we store in eyaml to HashiCorp Vault and use vault_lookup with Deferred to retrieve them. My team owns the base profile. Turns out one of our business partners is storing a key tab binary file in eyaml and writing it out to the file system using the File resource type. This results in pson being used to retrieve the catalog instead of json, which breaks the use of Deferred objects.

Is there anyway or suggestions on how to fix this? (We are using puppet agent 7.24.)

Currently our business partner is using something like:

$mykeytab = lookup('mymodule::mykeytab')

file { '/path/to/mykeytab':

  ensure => file,

  content => $mykeytab,

}

[Josh Cooper]

$mykeytab = lookup('mymodule::mykeytab')

file { '/path/to/mykeytab':

  ensure => file,

  content => $mykeytab,

}

Replace "content => $mykeytab" with "content => Binary($mykeytab)" so that the data is serialized to the agent correctly. See https://www.puppet.com/docs/puppet/7/lang_data_binary.html#reference_template-create-binary-typed-content for more details.

Also note PSON has been removed in Puppet 8.

Josh