Jira (PUP-8946) Return all eyaml encrypted values from hiera as Sensitive

6 views
Skip to first unread message

Gene Liverman (JIRA)

unread,
Jun 15, 2018, 9:28:03 AM6/15/18
to puppe...@googlegroups.com
Gene Liverman created an issue
 
Puppet / Improvement PUP-8946
Return all eyaml encrypted values from hiera as Sensitive
Issue Type: Improvement Improvement
Assignee: Unassigned
Created: 2018/06/15 6:27 AM
Priority: Normal Normal
Reporter: Gene Liverman

It seems to me that it would be logical to assume that if a value is encrypted via eyaml in hiera that it is sensitive. Based on this, I think all such values should be returned wrapped in the Sensitive type. The result would be that if a String is looked up that a Sensitive[String] would be returned. The same kind of wrapping would hold true for Array, Hash, and Integer too.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Atlassian logo

Gene Liverman (JIRA)

unread,
Jun 15, 2018, 9:55:02 AM6/15/18
to puppe...@googlegroups.com
Gene Liverman updated an issue
Change By: Gene Liverman
Labels: customer0

Henrik Lindberg (JIRA)

unread,
Jun 15, 2018, 10:03:03 AM6/15/18
to puppe...@googlegroups.com
Henrik Lindberg commented on Improvement PUP-8946
 
Re: Return all eyaml encrypted values from hiera as Sensitive

This is a good idea, I think it can be implemented as a parameter to the eyaml_lookup_key function. That would make it backwards compatible, and users that want this can opt in and set an option in their hiera.yaml (by default for all eyaml, or for some paths individually).

Henrik Lindberg (JIRA)

unread,
Jun 15, 2018, 10:26:03 AM6/15/18
to puppe...@googlegroups.com
Henrik Lindberg updated an issue
 
Change By: Henrik Lindberg
Sub-team: Language
Team: Platform Core

Henrik Lindberg (JIRA)

unread,
Jun 15, 2018, 10:26:03 AM6/15/18
to puppe...@googlegroups.com
 
Re: Return all eyaml encrypted values from hiera as Sensitive

This probably requires an orchestrated effort with changes to both the function and the eyaml gem.

Nick Walker (JIRA)

unread,
Jun 15, 2018, 11:47:03 AM6/15/18
to puppe...@googlegroups.com
Nick Walker commented on Improvement PUP-8946

Henrik Lindberg this could be optional in puppet 5 and the new default behavior in 6 yes?

Henrik Lindberg (JIRA)

unread,
Jun 16, 2018, 5:24:02 AM6/16/18
to puppe...@googlegroups.com

It would break everyone's code if default is changed and they use data types for the class parameters as they have to be declared to accept Sensitive.

Adam Gardner (JIRA)

unread,
Dec 13, 2018, 2:32:05 PM12/13/18
to puppe...@googlegroups.com
Adam Gardner commented on Improvement PUP-8946

I know this has been marked "Accepted" already, but please consider implementing PUP-8947 instead, it seems much friendlier, and provides a much easier transition for existing codebases.

Reid Vandewiele (JIRA)

unread,
Dec 13, 2018, 4:10:03 PM12/13/18
to puppe...@googlegroups.com

I suggest we close this ticket "Won't Do" in favor of PUP-8947.

Josh Cooper (Jira)

unread,
Nov 30, 2021, 4:15:02 PM11/30/21
to puppe...@googlegroups.com
Josh Cooper updated an issue
 
Change By: Josh Cooper
Epic Link: PUP-11371
This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97)
Atlassian logo

Josh Cooper (Jira)

unread,
Dec 1, 2021, 4:59:02 PM12/1/21
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Team: Froyo

Josh Cooper (Jira)

unread,
Apr 27, 2022, 12:52:01 AM4/27/22
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Component/s: Hiera & Lookup
This message was sent by Atlassian Jira (v8.20.2#820002-sha1:829506d)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages