PuppetDB exported resources with hiera-eyaml
115 views
Skip to first unread message
Jocelyn Thode
Jan 10, 2019, 1:00:20 PM1/10/19
to Puppet Users
Hey,
I'm trying to use exported resources where one of the parameter of the resource is a variable from hiera. This variable is retrieved using automatic lookup and is encrypted in hiera using hiera-eyaml.
However when the ressource is exported insted of the clear password being exported, I get the base64 encoded version of the clear password as argument. This does not happen if I don't use a hiera-eyaml encrypted password.
Any idea why ?
Puppet version: 6.0.4
Puppetdb version: 6.1.0
Puppetserver version: 6.0.2
Henrik Lindberg
Jan 10, 2019, 4:43:52 PM1/10/19
to puppet...@googlegroups.com
On 2019-01-10 10:56, Jocelyn Thode wrote:
> Hey,
>
> I'm trying to use exported resources where one of the parameter of the
> resource is a variable from hiera. This variable is retrieved using
> automatic lookup and is encrypted in hiera using hiera-eyaml.
>
> However when the ressource is exported insted of the clear password
> being exported, I get the base64 encoded version of the clear password
> as argument. This does not happen if I don't use a hiera-eyaml encrypted
> password.
>
> Any idea why ?
I think that is because hiera-eyaml ends up returning ASCII-8bit encoded
> Hey,
>
> I'm trying to use exported resources where one of the parameter of the
> resource is a variable from hiera. This variable is retrieved using
> automatic lookup and is encrypted in hiera using hiera-eyaml.
>
> However when the ressource is exported insted of the clear password
> being exported, I get the base64 encoded version of the clear password
> as argument. This does not happen if I don't use a hiera-eyaml encrypted
> password.
>
> Any idea why ?
clear text strings which is then interpreted as potentially being binary
and non UTF-8 compliant and therefore sent as a Binary (which gets
encoded as Base64 text).
This problem should be fixed in hiera-eyaml as it should return Strings
with UTF8 encoding. This may depend on the encoding of the original yaml
file that hiera-eyaml read.
It is a bit difficult to check if what I suspect is true. I would write
a function (or call a simple function such as "with()"), do a lookup and
pass the value to the function, I would then use a debugger, set a
breakpoint in the function, and check the encoding
of the string given to the function. To test what hiera-eyaml does
requires debugging hiera-eyaml.
Some background:
Before puppet 6 the default format was JSON with fallback to PSON if
strings were ascii-8bit. Since puppet 6, we use "rich-data encoding" by
default and handle ascii-8bit as being Binary - and by not using PSON.
We did work on issues related to export to PDB from puppet and it may be
that a newer puppet versions does a better job with ascii-8bit that can
be converted to UTF-8 without problems.
In summary, I think this should be logged as a ticket for hiera-eyaml.
Feel free to ping me on that ticket if the maintainers of hiera-eyaml
needs a hand with figuring things out.
Best,
- henrik
>
> Puppet version: 6.0.4
>
> Puppetdb version: 6.1.0
>
> Puppetserver version: 6.0.2
>
Visit my Blog "Puppet on the Edge"
http://puppet-on-the-edge.blogspot.se/
Jocelyn Thode
Jan 14, 2019, 11:31:32 AM1/14/19
to Puppet Users
Thanks for the detailed answer Erik. I was not able to @ you in the github issue as I did not know your username however you seem to have found it alone.
Best
Jocelyn
Best
Jocelyn
Reply all
Reply to author
Forward
0 new messages