Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10950

unless should support sensitive data for any type

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Incomplete
    • None
    • None
    • None
    • None
    • PUP Bug Template
    • Needs Assessment
    • Needs Assessment

    Description

      Puppet Version:6.22.0 (was able to reproduce the problem on puppet6-nightly and puppet7-nightly)
      OS Name/Version:Ubuntu 18.04 (*on all OSes)*

      Sensitive masking is not implemented in core puppet at the points where the module needs it:

      Using 'Sensitive' in 'unless' throws the following error

      Unable to mark 'unless' as sensitive: unless is a parameter and not a property, and cannot be automatically redacted.

      Steps to reproduce the problem

      Install the latest version of postgresql module (v6.10.2 and above) which we uses sensitive for security fixes.

      puppet module install puppetlabs-postgresql --version 7.0.0

      Apply the following manifest

       

      test.pp
      class { 'postgresql::server': }
       postgresql::server::role { testuser:
       password_hash => postgresql::postgresql_password('testuser', 'testpw'),
       }
       
      puppet apply test.pp
      Notice: Compiled catalog for oval-secrecy.delivery.puppetlabs.net in environment production in 0.37 seconds
      Warning: /Postgresql_psql[ALTER ROLE testuser ENCRYPTED PASSWORD ****]: Unable to mark 'unless' as sensitive: unless is a parameter and not a property, and cannot be automatically redacted.
      Notice: /Stage[main]/Main/Postgresql::Server::Role[testuser]/Postgresql_psql[CREATE ROLE testuser ENCRYPTED PASSWORD ****]/command: changed [redacted] to [redacted]
      Notice: Applied catalog in 1.01 seconds
      root@oval-secrecy:~#
      

       

      Desired Behavior:

      unless should support sensitive data

      Actual Behavior:

      Throws the below error on unless 

      Unable to mark 'unless' as sensitive: unless is a parameter and not a property, and cannot be automatically redacted.

      Found similar tickets for exec type: PUP-8399

      Please let us know if you need more information.

       

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              sheena Sheena Tharakanparampil
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support