Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10511

Sensitive data type is lost when declaring multiple resources using title arrays

    XMLWordPrintable

Details

    • Night's Watch
    • 3
    • NW - 2020-06-10, NW - 2020-06-24
    • Needs Assessment
    • Bug Fix
    • This commit is fixing support of sensitive data type parameters when declaring multiple resources using title arrays
    • Needs Assessment

    Description

      Puppet Version: 6.15.0, 5.5.20
      Puppet Server Version: N/A
      OS Name/Version: N/A

      When multiple resources are declared using an array of titles, the type information for Sensitive parameters is lost. This results in type validation errors if a resource declares a data type such as Sensitive[String]

      Install Puppet 6 on CentOS 7 and create a defined type with a password parameter declared to be Sensitive[String]:

      mkdir -p /etc/puppetlabs/code/environments/production/modules/test_mod/manifests
      		 
       
      		 
      cat <<'EOF' > /etc/puppetlabs/code/environments/production/modules/test_mod/manifests/service.pp
      		 
      define test_mod::service(
      		 
        Sensitive[String] $password,
      		 
      ){
      		 
        notify{"${title} ${password}": }
      		 
      }
      		 
      EOF

      Attempt to apply the following manifest:

      test_mod::service { ["ServiceA","ServiceB"]:
      		 
        password => Sensitive("password")
      		 
      }

      Desired Behavior:

      Output matches individual resources declared in a loop:

      # puppet apply <<'EOF'
      		 
      each(["ServiceA","ServiceB"] ) |String $svc_name| {
      		 
        test_mod::service { $svc_name:
      		 
          password => Sensitive("password")
      		 
        }
      		 
      }
      		 
      EOF
      		 
       
      		 
      Notice: Compiled catalog for olde-pacemaker.delivery.puppetlabs.net in environment production in 0.02 seconds
      		 
      Notice: ServiceA Sensitive [value redacted]
      		 
      Notice: /Stage[main]/Main/Test_mod::Service[ServiceA]/Notify[ServiceA Sensitive [value redacted]]/message: defined 'message' as 'ServiceA Sensitive [value redacted]'
      		 
      Notice: ServiceB Sensitive [value redacted]
      		 
      Notice: /Stage[main]/Main/Test_mod::Service[ServiceB]/Notify[ServiceB Sensitive [value redacted]]/message: defined 'message' as 'ServiceB Sensitive [value redacted]'
      		 
      Notice: Applied catalog in 0.01 seconds

      Actual Behavior:

      Compilation fails when defining the second resource as password has been coerced to a String:

      # puppet apply <<'EOF'
      		 
      test_mod::service { ["ServiceA","ServiceB"]:
      		 
        password => Sensitive("password")
      		 
      }
      		 
      EOF
      		 
       
      		 
      Error: Test_mod::Service[ServiceB]: parameter 'password' expects a Sensitive[String] value, got String on node olde-pacemaker.delivery.puppetlabs.net

      Attachments

        Issue Links

          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Activity

            People

              ciprian.badescu Ciprian Badescu
              chuck Charlie Sharpsteen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support