Jira (PUP-10317) hiera-eyaml should print helpful error message when decryption fails

17 views
Skip to first unread message

Alexander Fisher (JIRA)

unread,
Feb 27, 2020, 4:10:04 AM2/27/20
to puppe...@googlegroups.com
Alexander Fisher created an issue
 
Puppet / New Feature PUP-10317
hiera-eyaml should print helpful error message when decryption fails
Issue Type: New Feature New Feature
Affects Versions: PUP 6.13.0
Assignee: Unassigned
Components: Hiera & Lookup
Created: 2020/02/27 1:09 AM
Priority: Normal Normal
Reporter: Alexander Fisher

Currently, if decryption in a backend fails, it is non obvious where the problem originates.

For example, when using hiera-eyaml-gpg, with multiple keys you might get

failed with: gpg: decryption failed: No secret key

if hiera is trying to decrypt part of the hierarchy it doesn't have the private key for.  See

https://github.com/voxpupuli/hiera-eyaml-gpg/issues/41

hiera-eyaml is a bit of an odd one in that https://github.com/voxpupuli/hiera-eyaml is the gem with most of the decryption code and support for multiple decryption plugins.  But the entry point for hiera 5 lookups is lib/puppet/functions/eyaml_lookup_key.rb in core puppet and this is where changes to improve logging would have to be made.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Atlassian logo

Henrik Lindberg (JIRA)

unread,
Feb 27, 2020, 4:30:04 AM2/27/20
to puppe...@googlegroups.com
Henrik Lindberg commented on New Feature PUP-10317
 
Re: hiera-eyaml should print helpful error message when decryption fails

Note that the function in question is in puppet because of backwards compatibility support for hiera 3 where hiera 5 hijacks and improves on the hiera 3 backends for yaml, json, and eyaml. Once hiera 3 is no longer supported and the hiera 3 to hiera 5 "lifting features" are removed from puppet, then the function can (and probably should) move to the eyaml gem.

Alexander Fisher (JIRA)

unread,
Feb 27, 2020, 5:24:03 AM2/27/20
to puppe...@googlegroups.com

Jorie Tappa (Jira)

unread,
Mar 2, 2020, 2:27:03 PM3/2/20
to puppe...@googlegroups.com
Jorie Tappa updated an issue
 
Change By: Jorie Tappa
Labels: community
This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Atlassian logo

Jorie Tappa (Jira)

unread,
Mar 2, 2020, 2:27:04 PM3/2/20
to puppe...@googlegroups.com
Jorie Tappa updated an issue
Change By: Jorie Tappa
Sprint: Community PRs

Jorie Tappa (Jira)

unread,
Mar 2, 2020, 2:35:03 PM3/2/20
to puppe...@googlegroups.com
Jorie Tappa commented on New Feature PUP-10317
 
Re: hiera-eyaml should print helpful error message when decryption fails

merged to master at b1dd42b2b0c5a57cd5939cc00c23220fddae8e8f

Josh Cooper (Jira)

unread,
Mar 2, 2020, 5:22:04 PM3/2/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
 
Change By: Josh Cooper
Fix Version/s: PUP 6.14.0

Josh Cooper (Jira)

unread,
Mar 2, 2020, 5:27:03 PM3/2/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Release Notes: Enhancement
Release Notes Summary: If puppet fails to decrypt a value stored in hiera-eyaml, then include the name of the key whose lookup failed in the error message.

Josh Cooper (Jira)

unread,
Mar 2, 2020, 5:27:03 PM3/2/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Issue Type: New Feature Improvement

Josh Cooper (Jira)

unread,
Mar 3, 2020, 12:37:03 PM3/3/20
to puppe...@googlegroups.com

Josh Cooper (Jira)

unread,
Mar 3, 2020, 12:37:04 PM3/3/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Sprint: Community PRs Platform Core KANBAN
Reply all
Reply to author
Forward
0 new messages