Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-5833

Add Sensitive Type to the typesystem



    • New Feature
    • Status: Closed
    • Normal
    • Resolution: Duplicate
    • None
    • None
    • None
    • None
    • Not Needed
    • This is an enabler for a larger feature. Only using the type alone does not help in Catalogs as it on its own is only useful in toy applications.


      Add a new type; Sensitive[T, chipher], a subtype of Binary where T represents the unencrypted value type, and chiper a chipher reference as in OpenSSL::Chipher. A runtime object maintains both the encrypted and unencrypted value, or just the encrypted value. Also add a new runtime class as defined by this struct type:

        value => T, 
        chipher => String,
        data => Binary,
        clear_value => Boolean

      The 'clear_value' attribute is used to denote if the value attribute is available. This boolean is needed as the value T may accept Undef.

      When creating an instance of Sensitive, the data may come from a data source where the value is already encrypted. Data sources that supports this, should return an instance of Sensitive instead of the String representation. The data source will have some way of representing the Cipher as well as the encrypted value. When a Sensitive is created from unencrypted source enough information must be given to enable encryption.

      The most common case would be to encrypt for a node - the clear data is only readable by the node, but other scenarios may apply (a certificate shared by a group etc.). The method that creates a sensitive must therefore be able to handle these various options.

      In this proposal, the keyname is assumed to uniquely identify a name, and that a node's fqdn is such a suitable key.

      Sensitive.new(String $cipher, String $keyname, T $data)

      Here is a description of the most flexible way of handling Sensitive[T].

      A Sensitive[T] is equivalent to a T in all cases. Operations on the value produces new instances that are also Sensitive. e.g

      Sensitive[Integer[1,1]] + Sensitive[Integer[1,1]] => Sensitive[Integer[2,2]]
      Sensitive[Integer[1,1]] + 1 => Sensitive[Integer[2,2]]
      Sensitive[Integer[1,1]] + 3.14 => Sensitive[Float[3.14,3.14]]

      When operations are performed the value is not encrypted until the value is serialized as it would be wasteful to compute this for temporary variables.

      This ticket is for the most basic handling of the Sensitive Type. See the Epic for background and the intended operations/handling of this data type.

      The initial type algebra can treat sensitive as its own separate type. And the more advanced form when the evaluator can handle the operations.

      An alternative to the Sensitive name is Classified.

      It is expected that the runtime Sensitive value decrypts and caches the value the first time the value is accessed. If encryption is not possible (not having the key, etc.) the operation fails with an error.


        Issue Links



              Unassigned Unassigned
              henrik.lindberg Henrik Lindberg
              0 Vote for this issue
              2 Start watching this issue



                Zendesk Support