Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10317

hiera-eyaml should print helpful error message when decryption fails

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: PUP 6.13.0
    • Fix Version/s: PUP 6.14.0
    • Component/s: Hiera & Lookup
    • Labels:
    • Template:
    • Sprint:
      Platform Core KANBAN
    • Release Notes:
      Enhancement
    • Release Notes Summary:
      If puppet fails to decrypt a value stored in hiera-eyaml, then include the name of the key whose lookup failed in the error message.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Currently, if decryption in a backend fails, it is non obvious where the problem originates.

      For example, when using hiera-eyaml-gpg, with multiple keys you might get

      failed with: gpg: decryption failed: No secret key
      

      if hiera is trying to decrypt part of the hierarchy it doesn't have the private key for.  See

      https://github.com/voxpupuli/hiera-eyaml-gpg/issues/41

      hiera-eyaml is a bit of an odd one in that https://github.com/voxpupuli/hiera-eyaml is the gem with most of the decryption code and support for multiple decryption plugins.  But the entry point for hiera 5 lookups is lib/puppet/functions/eyaml_lookup_key.rb in core puppet and this is where changes to improve logging would have to be made.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            alexjfisher Alexander Fisher
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support