On 30/08/16 15:15, R.I.Pienaar wrote:
hello,
I've been trying to figure out what these Sensitive types are all about based
on
https://github.com/puppetlabs/puppet-specifications/blob/master/language/types_values_variables.md#sensitivet
Best I can tell there isn't yet docs on docs.puppet.com for these
First I don't actually find usable examples in the spec docs, like what is it
for? Whats a typical use case here?
The most basic example works:
$secret = Sensitive(42)
$processed = $secret.unwrap |$sensitive| { $sensitive * 2 }
notice $secret
notice $processed
This gives:
Notice: Scope(Class[main]): Sensitive [value redacted]
Notice: Scope(Class[main]): 84
Now I guess you want to be able to pass the sensitive one into a class, and it
should not automatically unwrap but remain sensitive:
class x(Sensitive $foo) {
notice($foo)
}
class{"x": foo => Sensitive("bar")}
This fails:
Error: Evaluation Error: Error while evaluating a Resource Statement,
Class[X]: parameter 'foo' expects a Sensitive value, got String
Changing the "Sensitive $foo" to "Sensitive[String] $foo" as well:
Error: Evaluation Error: Error while evaluating a Resource Statement,
Class[X]: parameter 'foo' expects a Sensitive value, got String
Yes if I do:
notice(type_of(Sensitive("bar")))
I get "Sensitive[String]" so surely it should be passable into the class
You found a bug. PUP-6662 was logged earlier today and progress have
been made on fixing this. Expect to be able to get this in to Puppet
4.6.2, but it is tight.
Basically, before PUP-6662 is fixed it is only possible to use Sensitive
values directly in native resources.
- henrik
Ok, so this is where it gets really weird, the docs says:
There is no automatic unwrapping of sensitive values. As a consequence
it is not possible to perform operations on sensitive values other than
interpolating it as a String. When such interpolation takes place, the
value is shown as "[redacted]".
So ok, we have to specifically do like $foo.unwrap, but here's the really weird
thing, once I
failed to pass a Sensitive type into the class I decided to do this:
class x(String $foo) {
notice("Value of \$foo: ${foo}")
notice("Size of \$foo: ${foo.size}")
notify{$foo: }
}
$x = Sensitive("bar")
notice("Type of \$x: ${type_of($x)}")
notice("Value of \$x: ${x}")
class{"x":
foo => $x
}
This gives me:
Notice: Scope(Class[main]): Type of $x: Sensitive[String]
Notice: Scope(Class[main]): Value of $x: Sensitive [value redacted]
Notice: Scope(Class[X]): Value of $foo: bar
Notice: Scope(Class[X]): Size of $foo: 3
Notice: Compiled catalog for dev3.devco.net in environment production in 0.13
seconds
Error: /X: Unable to mark 'foo' as sensitive: the property itself is not
defined on component.
Notice: bar
Notice: /Stage[main]/X/Notify[bar]/message: defined 'message' as 'bar'
So here it gets unwrapped automatically by just passing the Sensitive[String]
into a variable
of String on a class? Does not seem like this is intended behaviour, and
basically I have not been
able to do anything useful with these
Whats the intended purpose and how do you use this?
---
R.I.Pienaar
--
Visit my Blog "Puppet on the Edge"
http://puppet-on-the-edge.blogspot.se/
--
You received this message because you are subscribed to the Google Groups "Puppet
Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-dev/nq4vmv%2482q%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.
