[PUP-10317] hiera-eyaml should print helpful error message when decryption fails - Puppet Jira Server

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Normal
Resolution: Fixed
Affects Version/s: PUP 6.13.0
Fix Version/s: PUP 6.14.0
Component/s: Hiera & Lookup
Labels:
- community

Sprint:
Platform Core KANBAN

Release Notes:
Enhancement
Release Notes Summary:
If puppet fails to decrypt a value stored in hiera-eyaml, then include the name of the key whose lookup failed in the error message.

QA Risk Assessment:
Needs Assessment

Description

Currently, if decryption in a backend fails, it is non obvious where the problem originates.

For example, when using hiera-eyaml-gpg, with multiple keys you might get

failed with: gpg: decryption failed: No secret key

if hiera is trying to decrypt part of the hierarchy it doesn't have the private key for. See

https://github.com/voxpupuli/hiera-eyaml-gpg/issues/41

hiera-eyaml is a bit of an odd one in that https://github.com/voxpupuli/hiera-eyaml is the gem with most of the decryption code and support for multiple decryption plugins. But the entry point for hiera 5 lookups is lib/puppet/functions/eyaml_lookup_key.rb in core puppet and this is where changes to improve logging would have to be made.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Alexander Fisher

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2020/02/27 1:09 AM

Updated:: 2020/03/03 9:36 AM

Resolved:: 2020/03/03 9:36 AM