Jira (PUP-10961) Add option to declare parameters and properties as sensitive without the set_sensitive_parmeters

9 views
Skip to first unread message

Sheena Tharakanparampil (Jira)

unread,
Mar 11, 2021, 4:02:03 AM3/11/21
to puppe...@googlegroups.com
Sheena Tharakanparampil created an issue
 
Puppet / New Feature PUP-10961
Add option to declare parameters and properties as sensitive without the set_sensitive_parmeters
Issue Type: New Feature New Feature
Assignee: Unassigned
Created: 2021/03/11 1:01 AM
Priority: Normal Normal
Reporter: Sheena Tharakanparampil

Add option to declare parameters and properties as sensitive without the set_sensitive_parmeters

Now following options are available to mark the parameter as sensitive

option 1

override the set_sensitive_parameters method and mark the parameter as sensitive. https://github.com/puppetlabs/puppet/commit/abd866a648a32d3895011d25af5d4b3d994669c8#diff-7b346a4c9ed8ffeefe92b019c36ca30c8e3cf1cbfef09fc45485df64075adcc0R607-R614

option 2

call the sensitive DSL method like the user's password logonpassword parameter: https://github.com/puppetlabs/puppet/blob/12401c3af42cfbae41b48621f5b42336db1ace1d/lib/puppet/type/service.rb#L180. This option requires puppet 6 or greater that supports the sensitive DSL method. 

It will be nice to have a feature which will help the module authors to declare parameters and properties as sensitive

For example

newparam(..., sensitive: true)

 
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Atlassian logo

Josh Cooper (Jira)

unread,
Mar 11, 2021, 1:52:03 PM3/11/21
to puppe...@googlegroups.com
Josh Cooper commented on New Feature PUP-10961
 
Re: Add option to declare parameters and properties as sensitive without the set_sensitive_parmeters

The main problem with option 2 is the sensitive DSL method was added in PUP-8514 (in 6.0.0), but if your module's type is loaded on an agent that doesn't support it, then your type will fail to load. Passing sensitive in the options hash will work on old puppet versions, because the `newparam` method takes an options hash and ignores parameters it doesn't know about:

  def self.newparam(name, options = {}, &block)

Josh Cooper (Jira)

unread,
Nov 30, 2021, 4:16:02 PM11/30/21
to puppe...@googlegroups.com
Josh Cooper updated an issue
 
Change By: Josh Cooper
Epic Link: PUP-11371
This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97)
Atlassian logo

Josh Cooper (Jira)

unread,
Nov 30, 2021, 4:21:01 PM11/30/21
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Epic Link: PUP- 11371 11372
Reply all
Reply to author
Forward
0 new messages