Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-10967

puppetlabs/postgresql : password parameter does not accept Sensitive

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: postgresql
    • Labels:
      None
    • Template:
      MODULES Bug Template
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      Module Version: 7.0.0
      Puppet Version: 2021.0
      OS Name/Version: RHEL 7.4

      Desired Behavior:

      **When using a Sensitive[String] to ensure redaction, postgresql::postgresql_escape throws an error expecting only a String. This is insecure for the postgres_password parameter in the postgresql::server class.

      class db_server {

        $pgpassword = azure_key_vault::secret('da-kv-20210308', 'PGPASSWORD', {
          metadata_api_version => '2018-04-02',
          vault_api_version => '2016-10-01',
        })

        class { 'postgresql::server':
          postgres_password => $pgpassword,
      {{  }}}

      }

      Actual Behavior:

      [root@da-postgres-02 /]# puppet agent -t
      Info: Using configured environment 'production'
      Info: Retrieving pluginfacts
      Info: Retrieving plugin
      Info: Loading facts
      Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Function Call, 'postgresql::postgresql_escape' parameter 'input_string' expects a String value, got Sensitive[String] (file: /etc/puppetlabs/code/environments/production/modules/postgresql/manifests/server/passwd.pp, line: 23, column: 16) on node da-postgres-02.5homrrniynlu5m3btfpmjugsef.px.internal.cloudapp.net
      Warning: Not using cache on failed catalog
      Error: Could not retrieve catalog; skipping run

      Using .unwrap results in a successful Puppet run.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            david.alexander David Alexander
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support