Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10139

Deferring template rendering is awkward

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.12.0
    • Component/s: None
    • Labels:
      None
    • Template:
      PUP Bug Template
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Method Found:
      Needs Assessment
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      This makes it easier users to render templates on the agent, meaning that
      they can use secret values resolved by deferred functions directly with
      e.g. Vault. That means that the master no longer needs keys to the kingdom.
      Show
      This makes it easier users to render templates on the agent, meaning that they can use secret values resolved by deferred functions directly with e.g. Vault. That means that the master no longer needs keys to the kingdom.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Currently users have to jump through awkward hoops to render secrets agent side:

      $variables = {
        'password' => Deferred('vault_lookup::lookup',
                        ["secret/test", 'https://vault.docker:8200']),
      }
       
      # compile the template source into the catalog
      file { '/etc/secrets.conf':
        ensure  => file,
        content => Deferred('inline_epp',
                     [file('mymodule/secrets.conf.epp'), $variables]),
      }
      

      The problem with the solution is that the template file has to be stored in the files directory and that's super unintuitive.

      After some conversation in Slack, I'm proposing a find_template() function that would make this make a lot more sense in that the template source is still stored in the traditional templates directory.

      $variables = {
        'password' => Deferred('vault_lookup::lookup',
                        ["secret/test", 'https://vault.docker:8200']),
      }
       
      # compile the template source into the catalog
      file { '/etc/secrets.conf':
        ensure  => file,
        content => Deferred('inline_epp',
                     [find_template('mymodule/secrets.conf.epp').file, $variables]),
      }
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              ben.ford Ben Ford
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support