Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-7359

hiera5 doesn't interpolate in encrypted eyaml data

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: PUP 4.9.4
    • Fix Version/s: PUP 4.10.0
    • Component/s: None
    • Labels:
    • Template:
    • Epic Link:
    • Team:
      Puppet Developer Experience
    • Story Points:
      1
    • Sprint:
      PDE 2017-03-08, PDE 2017-03-22, PDE 2017-04-05
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      The hiera 5 {{eyaml_lookup_key}} function did not evaluate
      interpolation expressions that were embedded in encrypted data.
      It now does.
      Show
      The hiera 5 {{eyaml_lookup_key}} function did not evaluate interpolation expressions that were embedded in encrypted data. It now does.
    • QA Risk Assessment:
      Automate
    • QA Risk Assessment Reason:
      regression. test in branch in comment.

      Description

      [root@vi3cckc8ez3nwsu environments]# cat eyaml_backend2_1jvdmn6q/hieradata/common.yaml
      ---
      enclair: "i see you"
      test_hiera: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAhv8GjtqL4qmKoLp7QMuc6gdLaDa44rbedyiS+2WPfjG2c9rJ5tQBVmfCHw/Q/gSLCiKSwU9N5XfJ7o8iPAU9MciB5ZraZ90lbbTA8N+7ooor+DabwHEPyd6FfohndSmnphUfriDv9UWpoK9dAX0VULOUEA/t3j7GrXpiskNlzHaYyM/eKmbAgu4CSF5EyNLFf4Erj/Qxmn+lb0EkWPebIzfFZQzIm4BVhwOjww9/eJ4ydWW76GgTJTOGqmp/YM3eS8QJ6TzXAGBKQV3P4FSvDWFyZbBAnqBZPc6C00gxBNAgqEa64+1PVAtFaDqx/LTZmKdprGOjoLWut9WSlkngmjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDCJwtT7eIr5Z0ESO8wfIYmgDBoP+U3GbwDlc38aHfFKiAEZDUX0pde8xlZOhmBZGoj7ds9nvhtGD6x1b90HwTBGh4=]
      test_lookup: ENC[PKCS7,MIIBqQYJKoZIhvcNAQcDoIIBmjCCAZYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAlNuG340KhfR4SODMIztaMUH9BF7a44KTboiNugYNWhesdGRDwc0Hj4Au+YZa0EnNpG70MmIEjdAOqMijGudv6cRR2sixI0NGdryVv2Hc8b9yQtNYKCTwHp5I2k2sTyJF+Eppjmy6h268rYERrQpIEqP8Ia1/4dDo/M7sWsKfyP/BUTzgjBEcrjRGFUgsGKKJEr6gQId32KS3dWH8/+/L+WXrVp979Fp0TrdvYCEKJgFIuWSMXrxyE+RWQ2qt4+y03npbcgoBpVUTSWfeJlAhao5N3Z7va9/uOc/oEqZdv3TDQK6fsaixJsKwo+1UV0LUiKy+f1FX2w1Jn6Z76y0L6DBsBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDC33gi3AidF28icqddIiVFgECtXrSPeJKV7LcSGP4NH6RDqCAGYKBjCySD46SJuo4BszlQeWCayLj8cJXvshHXOBB9WtkQZ2bdJ0e9sCG2+t6Y]
      a: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEACimJBAyaj5U4p759lk3ue8hVznTER71LvGxW/BANhXJYpp2WpEPmPU1btVnpL4LrB91gajnDbX9CxR+W3kIUzJfbhnTmJug+oiOwZMtiTVxNx/NEslTbWSthue8WoVe56xQqbA7t9JZK3GHmui7yRKYMzUc7gs9zX6cSizmIsqt8qn8RaRmzMTF2BDYbZ0hlBjWqM/7/g8Ci0PsyKJcDdJRov7bQWZVZDbrUqs9oQqUiter0oHVyG7Y35N8gek8bOnKEXkr9KhsQhCTV2UQckehWj0vBZRAkFElHU61b+mABT1VtoF/62ke0ao0xREN+CINBaskD1cU+qMOl75s81jA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAWHhUsXVnc+3xsjgcbMoi6gBBe/zpK1VWLh4AGOa7hqLGs]
      [root@vi3cckc8ez3nwsu environments]# puppet lookup a --environment eyaml_backend2_1jvdmn6q
      --- a_value
      ...
      [root@vi3cckc8ez3nwsu environments]# puppet lookup test_hiera --environment eyaml_backend2_1jvdmn6q
      --- test value with hiera interpolation %{hiera(a)}
      ...
      [root@vi3cckc8ez3nwsu environments]# ls /tmp/keys/private_key.pkcs7.pem
      ls: cannot access /tmp/keys/private_key.pkcs7.pem: No such file or directory
      [root@vi3cckc8ez3nwsu environments]# cat eyaml_backend2_hzxytfvi/hieradata/common.yaml
      ---
      enclair: "i see you"
      test_hiera: ENC[PKCS7,MIIBqQYJKoZIhvcNAQcDoIIBmjCCAZYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAob9W0b/BMfa2JYZhXrTxHXsM++YgvCqungx7nlqxY+2WtnVnpSZf6UaNAOrWD+etXGGVqO7cLBlkEEOU7mfNGbE6eu6uIu6hTdX6w9NtY3rEKT8Wjbgzs+Ig7FP1/5KR4rrCv6nEkhlmopK2fxKJZ8H5fZDZvl4Y1y7ozWN/YwRjWNx2dJjpjsM8/COsWkQykclvsTTgUQwFFkP/NWph8+0umV/UhbEBrYtcWLdEHyQ+gCNlGJFQ1eeB9EZd0bnr46vD49Icb6HpP3u5MofxTS6HbbmJPCjYW4hfzXTs6lrMiuggeFI2M3jSLZpsfcghf6OmVPb3EHlVEuKb7ohosTBsBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBApsllLIrkTZPJaEcQ+vsXkgEDhHvGIJXk+Wy4Ie0HkBCF6XukUY+zUY9f4JTXucCT2AP2aMAP71t464sz/SRQR2F1dTii/OBtgpF17E9xfajM3]
      test_lookup: ENC[PKCS7,MIIBqQYJKoZIhvcNAQcDoIIBmjCCAZYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAAqJSNWSGlC/nFUU+gZIylGjF2QWrFYnxv7wJAugp0CBULaCyuoE5jhFpSyxq51BuM7ZP+LM4noeLDOycl7LbmMpBWR7YPKNmuTb4Tn7eQyfgVOW4gn2HbJWWidZgGTjRl+hNGrlOGvFOJdwqZ9c7J5eZfs3xkkJUFclVHYylr9nbIEtCW0VynxWB5pCwNnvBz4iYRclbIq2Rr1kq7qngagahavQ9oHrVFHaA5ndcVHPZzuNo8KwY+cXhYmmxDe25odkPSfIVJTJlFNarckxroaYhdNhozEktllnQ9F8vuDQfmhjjbiD0r8+a2QqdGkafToLALrigAA2lqUE3+heStzBsBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCpsGEnaV6kS8fEfOW5R+2xgECgXyVAMVvOdtqKX15SHjZADzTOxx7ZC2GEx0r6OtEEDASc2ys8iMAJbRZEL0tRW5auWVGV2BhTgBnEYh79f+wV]
      a: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEATrH/t1PCki/fRmncjSP1ZIEWORtfAVDGfKyRfBb30Y0TpVbGWDW1bOz0N9aHDKSf5EuaPQiL47BjBLZhSFiL0xWHltT7ttXO0hTwuCAq8uu397MrnI2WvNkFVE5f3QGb8+Wt45yWiGUYrp3YWIRo9C04FeJNtqxCnJC6pr43GTAJxHz+NRZTwZQNMCb6TAB6FDJJSzfgNGZqxoTTFmERzajZ2wIG4D1g2qBXHSmASUYHP6KLDBajVlZQUkQGTGo3mOP9LDi1Ui7WPTRslQXfyPcCNRRzLxEb0aU/mUVXzPoxFjg9UaMa8ej+lHRtROfHEz6BV6WOvJpML5N0+rt2+DA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBZD2lwDoR6ohoBSorOnzr0gBB+cgnAJ6RQTXZ4nuIh5PEU]
      [root@vi3cckc8ez3nwsu environments]#
      [root@vi3cckc8ez3nwsu environments]# cat eyaml_backend2_kvc8fyx4/hiera.yaml
      ---
      version: 5
      hierarchy:
        - name: "common"
          lookup_key: eyaml_lookup_key
          datadir: hieradata
          path: "common.yaml"
          options:
            pkcs7_private_key: "/tmp/keys/private_key.pkcs7.pem"
            pkcs7_public_key: "/tmp/keys/public_key.pkcs7.pem"
      [root@vi3cckc8ez3nwsu environments]# cat eyaml_backend2_kvc8fyx4/hieradata/common.yaml
      ---
      enclair: "i see you"
      test_hiera: ENC[PKCS7,MIIBqQYJKoZIhvcNAQcDoIIBmjCCAZYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAVAvZnONpBjO1PeLEeoGBvnHgHqeaBau7IINXjpSSbMIBFzBUmHGChVxl6NIfnxJeZSf3c6sgUhphh67cPFQSXOreuWyWoxutD71++yP1rQlg8SEgTKbRtm9OeFfzXP4abAnIodmbVM2tvrcp9YtVJIoj4cEtbeI5kCgAaZc88eQt9oG8H3HxkvmJkkn/BG/BXQMIOWPXL23DMfTMfpdyS2naIcVC7IP2bUkXrA/gwjSDo5L5n+xmszmgW67Jvdj5oac9Aj3MdsP15x5xt7pyyFFgp9n78cqeZuW4jqRJKtIrQojiOY1cCAQxHboomjdUzksBDF8eVxIB4mhRWdhbLjBsBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDI3EXpPE7LvjxTKbbQH4NZgEDxumxiA6Rh/AjccpmQ+FG2aw6GBMd2HKV7n2Z1hX+L9l9/mjNlSgBL5SjiUzcp8izSb57dJ70lilyJZQsjyXMl]
      test_lookup: ENC[PKCS7,MIIBqQYJKoZIhvcNAQcDoIIBmjCCAZYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAZSShL7CtKW0fLbRDvM74EB0FOmdV4YNDzq8U7tHm5YGPLQn+5ZLfhe0BvHZSUW95DCgSiJiwSMq9kBe6mBxx2U70Jbu87w7Kv3QzbN1c6GW8BavJitATs6dYYY3byfmrvvPv7MC5TswNJvhPx1Os3jE+R4z0gWTgOF+QwXOua4Z1no4bpGOHjrtxWowLwdktDmGESvs/g/H8rpA3CO873bjzRj33NaKRFNraA2by9K2/nkfRNHCeMP5K/z0t8OBZXoqR9HtVVvwcIeM5HUMfmAg1hjsuAXrwY+I3Q9M2PgebzX4orC8XOMIp9n3e4bpkimSP211+ot++FJiiUzB4GTBsBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAt5SN7oOgZRaFWbIdRohungED3mpE5hvHd+2nECGMXlJxPjp2730ip+mcrMA271rWEHIeBvQMzmWPLIDHhQDVYAN+f4ZXomUPfxTw/Z6ItUMVl]
      a: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAGAYLe28feCFW8z8IdYyU3aws0S7caZgKP9xw47bOnETEmTLAyEbSRgz/c9WKmDVGb66l10wiVT4reCcENPHTQBgDLhRmLqFdcNIRWhkZIuCV2lddJbnsc/r33lIwJ8y88hfnGWJOhHPIoT6foucdId8oS/40qlGaZAY0ylz2hvQHxk+vmCMVOnk59DXCToMqdBM8YFKGiHzqJx9+HR+gE/A6zTDBQo8WD4W7D/SBWdNc6p2VRLamXWlphifp9xIr11vvWrwq5IdZblKzKLa762zcN3YYTvyfPAQwFC++KCm8TpKFjCP9VLNKTZrBY75TTvFpA5XeVr33XPXwwOBrwzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAXv3L3YJj57cyLPcAylQiUgBBhGu5F0uJbrYByZ7PdiMiE]
      [root@vi3cckc8ez3nwsu environments]# puppet lookup a --environment eyaml_backend2_kvc8fyx4
      --- a_value
      ...
      [root@vi3cckc8ez3nwsu environments]# puppet lookup test_hiera --environment eyaml_backend2_kvc8fyx4
      --- test value with hiera interpolation %{hiera("a")}
      ...
      [root@vi3cckc8ez3nwsu environments]# puppet lookup test_lookup --environment eyaml_backend2_kvc8fyx4
      --- test value with hiera interpolation %{lookup("a")}
      ...
      [root@vi3cckc8ez3nwsu environments]# cat eyaml_backend2_kvc8fyx4/manifests/site.pp
      notify { "lookup_clair2: ${lookup('enclair')}": }
      notify { "a2: ${lookup('a')}": }
      notify { "lookup2: ${lookup('test_lookup')}": }
      notify { "hiera2: ${hiera('test_hiera')}": }
      notify { "lookup_hiera2: ${lookup('test_hiera')}": }
      notify { "hiera_lookup2: ${hiera('test_lookup')}": }
      [root@vi3cckc8ez3nwsu environments]# puppet agent -t --environment eyaml_backend2_kvc8fyx4 --server $(hostname -f)
      Info: Using configured environment 'eyaml_backend2_kvc8fyx4'
      Info: Retrieving pluginfacts
      Info: Retrieving plugin
      Info: Caching catalog for vi3cckc8ez3nwsu.delivery.puppetlabs.net
      Info: Applying configuration version '1489622729'
      Notice: lookup_clair2: i see you
      Notice: /Stage[main]/Main/Notify[lookup_clair2: i see you]/message: defined 'message' as 'lookup_clair2: i see you'
      Notice: a2: a_value
      Notice: /Stage[main]/Main/Notify[a2: a_value]/message: defined 'message' as 'a2: a_value'
      Notice: lookup2: test value with hiera interpolation %{lookup("a")}
      Notice: /Stage[main]/Main/Notify[lookup2: test value with hiera interpolation %{lookup("a")}]/message: defined 'message' as 'lookup2: test value with hiera interpolation %{lookup("a")}'
      Notice: hiera2: test value with hiera interpolation %{hiera("a")}
      Notice: /Stage[main]/Main/Notify[hiera2: test value with hiera interpolation %{hiera("a")}]/message: defined 'message' as 'hiera2: test value with hiera interpolation %{hiera("a")}'
      Notice: lookup_hiera2: test value with hiera interpolation %{hiera("a")}
      Notice: /Stage[main]/Main/Notify[lookup_hiera2: test value with hiera interpolation %{hiera("a")}]/message: defined 'message' as 'lookup_hiera2: test value with hiera interpolation %{hiera("a")}'
      Notice: hiera_lookup2: test value with hiera interpolation %{lookup("a")}
      Notice: /Stage[main]/Main/Notify[hiera_lookup2: test value with hiera interpolation %{lookup("a")}]/message: defined 'message' as 'hiera_lookup2: test value with hiera interpolation %{lookup("a")}'
      Notice: Applied catalog in 0.02 seconds
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              erict Eric Thompson
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support