Jira (PUP-9956) Exec logs output of Sensitive unless and onlyif checks at debug
Title: Message Title Josh Cooper commented on PUP-9956 Re: Exec logs output of Sensitive unless and onlyif checks at debug Looks related to PUP-8399 Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.320444.1565385879000.51237.1565411700112%40Atlassian.JIRA.
Jira (BOLT-1469) Support remote state for terraform inventory plugin
Title: Message Title Tom Beech assigned an issue to Tom Beech Puppet Task Runner / BOLT-1469 Support remote state for terraform inventory plugin Change By: Tom Beech Assignee: Tom Beech Release Notes Summary: The Terraform inventory plugin now supports reading from remote state files. Summary: SPIKE: Support remote state for terraform inventory plugin Release Notes: Enhancement Issue Type: Task Improvement Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Jira (PUP-9043) Downloaded files are sometimes truncated
Title: Message Title
Josh Cooper commented on PUP-9043
Re: Downloaded files are sometimes truncated
We could protect against the ruby bug for file sources (either puppet or http*):
diff --git a/lib/puppet/type/file/source.rb b/lib/puppet/type/file/source.rb
index df8fa95751..8f48f9865b 100644
--- a/lib/puppet/type/file/source.rb
+++ b/lib/puppet/type/file/source.rb
@@ -323,7 +323,25 @@ module Puppet
def chunk_file_from_source
get_from_source do |response|
case response.code
-when /^2/; uncompress(response) { |uncompressor| response.read_body { |chunk| yield uncompressor.uncompress(chunk) } }
+when /^2/
+ truncated = false
+ uncompress(response) do |uncompressor|
+response.read_body do |data|
Jira (PUP-9956) Exec logs output of Sensitive unless and onlyif checks at debug
Title: Message Title
Steve Marlow updated an issue
Puppet / PUP-9956
Exec logs output of Sensitive unless and onlyif checks at debug
Change By:
Steve Marlow
*Puppet Version:* 6.7.2 *Puppet Server Version:* N/A *OS Name/Version:* macOS 10.14, Ubuntu 18.10I have been working on implementing support for Sensitive in a module that contains many execs. When I use Sensitive in the command parameter it redacts the command and does not show any command output in debug mode. However, when I use Sensitive in the unless or onlyif parameters it redacts the command and logs the output at debug.This is problematic for me because some of the commands being used in the unless statements are leaking passwords into reports when running in debug.I would expect that if I mark a command as Sensitive that I wouldn't get logged output from the command as it would have a higher likelihood of containing sensitive information.The following manifest can reproduce the issue:{code:puppet}# test.ppexec { 'Sensitive command': command => Sensitive('/bin/echo "secret0"'),}exec { 'Sensitive unless': command => '/bin/echo Pass', unless => Sensitive('/bin/echo "secret1"'),}exec { 'Sensitive onlyif': command => '/bin/echo Pass', onlyif => Sensitive('/bin/echo " secret3 secret2 '),}{code} When I run puppet apply test.pp --debug I get the following output:{noformat}puppet apply test.pp --debugDebug: Runtime environment: puppet_version=6.7.2, ruby_version=2.4.5, run_mode=user, default_encoding=UTF-8...Info: Applying configuration version '1565384722'Debug: Exec[Sensitive command](provider=posix): Executing '[redacted]'Debug: Executing: '[redacted]'Notice: /Stage[main]/Main/Exec[Sensitive command]/returns: executed successfullyDebug: /Stage[main]/Main/Exec[Sensitive command]: The container Class[Main] will propagate my refresh eventDebug: Exec[Sensitive unless](provider=posix): Executing check '[redacted]'Debug: Executing: '[redacted]'Debug: /Stage[main]/Main/Exec[Sensitive unless]/unless: secret1Debug: /Stage[main]/Main/Exec[Sensitive unless]: '[command redacted]' won't be executed because of failed check 'unless'Debug: Exec[Sensitive onlyif](provider=posix): Executing check '[redacted]'Debug: Executing: '[redacted]'Debug: /Stage[main]/Main/Exec[Sensitive onlyif]/onlyif: secret2Debug: Exec[Sensitive onlyif](provider=posix): Executing '[redacted]'Debug: Executing: '[redacted]'Notice: /Stage[main]/Main/Exec[Sensitive onlyif]/returns: executed successfullyDebug: /Stage[main]/Main/Exec[Sensitive onlyif]: The container Class[Main] will propagate my refresh eventDebug: Class[Main]: The container Stage[main] will propagate my refresh eventDebug: Finishing transaction 70240057109900Debug: Storing stateDebug: Pruned old state cache entries in 0.00 secondsDebug: Stored state in 0.01 secondsNotice: Applied catalog in 0.07 seconds{noformat}It's a bit verbose, but you can see secret1 and secret2 leaked above on the following lines:{noformat}Debug: /Stage[main]/Main/Exec[Sensitive unless]/unless: secret1Debug:
Jira (PUP-5934) Updated fact values should be submitted after each Puppet run
Title: Message Title Charlie Sharpsteen commented on PUP-5934 Re: Updated fact values should be submitted after each Puppet run PR up with an implementation: https://github.com/puppetlabs/puppet/pull/7666 Targeted Puppet 5.5.z as this feels like something that will be useful to folks on PE 2018.1. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.117656.1455921098000.50616.1565386444952%40Atlassian.JIRA.
Jira (PUP-5934) Updated fact values should be submitted after each Puppet run
Title: Message Title Charlie Sharpsteen updated an issue Puppet / PUP-5934 Updated fact values should be submitted after each Puppet run Change By: Charlie Sharpsteen Fix Version/s: PUP 6.8.0 Fix Version/s: PUP 6.4.z Fix Version/s: PUP 5.5.z Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.117656.1455921098000.50672.1565386445204%40Atlassian.JIRA.
Jira (PUP-9956) Exec logs output of Sensitive unless and onlyif checks at debug
Title: Message Title
Steve Marlow created an issue
Puppet / PUP-9956
Exec logs output of Sensitive unless and onlyif checks at debug
Issue Type:
Bug
Affects Versions:
PUP 6.7.2
Assignee:
Unassigned
Components:
Types and Providers
Created:
2019/08/09 2:24 PM
Priority:
Normal
Reporter:
Steve Marlow
Puppet Version: 6.7.2 Puppet Server Version: N/A OS Name/Version: macOS 10.14, Ubuntu 18.10 I have been working on implementing support for Sensitive in a module that contains many execs. When I use Sensitive in the command parameter it redacts the command and does not show any command output in debug mode. However, when I use Sensitive in the unless or onlyif parameters it redacts the command and logs the output at debug. This is problematic for me because some of the commands being used in the unless statements are leaking passwords into reports when running in debug. I would expect that if I mark a command as Sensitive that I wouldn't get logged output from the command as it would have a higher likelihood of containing sensitive information. The following manifest can reproduce the issue:
# test.pp
exec { 'Sensitive command':
Jira (PUP-9944) Catalog Compilation Fails on Empty Class String
Title: Message Title Henrik Lindberg commented on PUP-9944 Re: Catalog Compilation Fails on Empty Class String Classes must be an array and an empty string is certainly not an array. You need to change your data file. --- classes: [] Is how to make the classes key have an empty array value Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.320219.1565295943000.50558.1565385720209%40Atlassian.JIRA.
Jira (PUP-9719) Cannot run Puppet Agent as Administrator if first PA run is done as System
Title: Message Title John O'Connor commented on PUP-9719 Re: Cannot run Puppet Agent as Administrator if first PA run is done as System PR is pending merge that addresses the issue. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.310162.1558726819000.50239.1565375580338%40Atlassian.JIRA.
Jira (PUP-9719) Cannot run Puppet Agent as Administrator if first PA run is done as System
Title: Message Title John O'Connor updated an issue Puppet / PUP-9719 Cannot run Puppet Agent as Administrator if first PA run is done as System Change By: John O'Connor Release Notes Summary: TBD - Will provide these Release Notes: Bug Fix Acceptance Criteria: TBD Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.310162.1558726819000.50230.1565375520436%40Atlassian.JIRA.
Jira (PUP-7197) make type aliases from modules available on the agent
Title: Message Title Josh Cooper commented on PUP-7197 Re: make type aliases from modules available on the agent David Schmitt could you provide more detail around how having access to type aliases on the agent "avoid duplication and drift in my code"? How would the provider running on the agent use the type aliases? Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.174775.1486632721000.50216.1565374560271%40Atlassian.JIRA.
Jira (PUP-9955) Update Public-facing Puppet docs to include winfips-2012r2-x64
Title: Message Title Rob Braden created an issue Puppet / PUP-9955 Update Public-facing Puppet docs to include winfips-2012r2-x64 Issue Type: Task Assignee: Unassigned Created: 2019/08/09 10:22 AM Priority: Normal Reporter: Rob Braden Update Public-facing Puppet docs to include this platform Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Jira (FACT-1967) Unable to compile libwhereami 0.2.2 on latest Archlinux
Title: Message Title Branan Riley commented on FACT-1967 Re: Unable to compile libwhereami 0.2.2 on latest Archlinux It's static so that it gets inlined into facter.so, since that's its only consumer. There's no reason not to build it shared, especially if you're packaging it for a distro Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.318292.1564323614000.50046.1565369040253%40Atlassian.JIRA.
Jira (FACT-1967) Unable to compile libwhereami 0.2.2 on latest Archlinux
Title: Message Title Michael Smith commented on FACT-1967 Re: Unable to compile libwhereami 0.2.2 on latest Archlinux I don't know, Casey Williams or Branan Riley would have historical context. It can easily be switched to a dynamic library with the CMake -DBUILD_SHARED_LIBS=ON flag. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.318292.1564323614000.49988.1565368260326%40Atlassian.JIRA.
Jira (FACT-1967) Unable to compile libwhereami 0.2.2 on latest Archlinux
Title: Message Title Gabriel Nagy commented on FACT-1967 Re: Unable to compile libwhereami 0.2.2 on latest Archlinux > Is libwhereami static on purpose? I'm not sure about that... Michael Smith, do you have any idea? Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.318292.1564323614000.49787.1565362140843%40Atlassian.JIRA.
Jira (FACT-1967) Unable to compile libwhereami 0.2.2 on latest Archlinux
Title: Message Title
Tim Meusel commented on FACT-1967
Re: Unable to compile libwhereami 0.2.2 on latest Archlinux
I actually discovered something which needs clarification. The lib is built static. This is a bit problematic because it's hard to determine which runtime dependencies exist and a security update for a dependency forces us to recompile libwhereami. On Archlinux, we modified the built config to link it dynamically:
sed 's|add_library(lib${PROJECT_NAME}|add_library(lib${PROJECT_NAME} SHARED|' -i lib/CMakeLists.txt
Is libwhereami static on purpose? Otherwise I could provide a PR to link it dynamically.
Add Comment
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
--
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.318292.1564323614000.49774.1565361540160%40Atlassian.JIRA.
Jira (FACT-1968) Unable to compile facter 3.14.2 on latest Archlinux
Title: Message Title
Tim Meusel commented on FACT-1968
Re: Unable to compile facter 3.14.2 on latest Archlinux
I'm now able to build facter properly with the following commands:
sed -i 's/-source 1.6 -target 1.6/-source 1.8 -target 1.8/' CMakeLists.txt
sed -i 's/rb_data_object_alloc/rb_data_object_wrap/g' lib/src/ruby/*.cc
mkdir release
cd release
JAVA_HOME=/usr/lib/jvm/default cmake -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_CXX_WERROR=OFF ..
make
make test
make install DESTDIR="${pkgdir}"
I unpinned the gems to the testsuite works properly with ruby 2.6: https://github.com/puppetlabs/facter/pull/1818 Also facter has an optional dependency to udev, but there is no cmake file to search for a udev lib. I added this in: https://github.com/puppetlabs/facter/pull/1820
Add Comment
Jira (PUP-7197) make type aliases from modules available on the agent
Title: Message Title Bert Hajee commented on PUP-7197 Re: make type aliases from modules available on the agent +1 Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.174775.1486632721000.49626.1565341320375%40Atlassian.JIRA.
Jira (PUP-9754) Log resident configuration upon daemon launch
Title: Message Title Garrett Guillotte commented on PUP-9754 Re: Log resident configuration upon daemon launch Ciprian Badescu Yes, log on startup is the intent. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.312512.1560543853000.49603.1565339640501%40Atlassian.JIRA.
Jira (PUP-9824) Expand the apt provider to support virtual packages
Title: Message Title
Alexandru Popa updated an issue
Puppet / PUP-9824
Expand the apt provider to support virtual packages
Change By:
Alexandru Popa
Release Notes Summary:
This enables apt and dpkg providers to install virtual packages.There is an attribute named allow_virtual which by default is set to true which enables the functionality to install virtual packages, the same behaviour can be found for rpm provider.If a package that is defined as virtual by default it will search a real package on that system.Example for virtual package named rubygems : {{code}} package { 'rubygems':ensure => 'latest'} {{code}} It will find ruby as the real package and it will be installed instead of rubygems.Note: this also can do unwanted behaviour if someone wants to uninstall a virtual packageExample : {{code}} package {'rubygems':ensure => 'absent'} {{code}} This by default will remove ruby package.If the user don't want this functionality it can be done by setting the attribute allow_virtual to false.Example: {{code}} package {'rubygems':ensure => 'absent'allow_virtual => false} {{code}}
Add Comment
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
--
You received this message because you are subscribed to the Google
Jira (PUP-9824) Expand the apt provider to support virtual packages
Title: Message Title
Alexandru Popa updated an issue
Puppet / PUP-9824
Expand the apt provider to support virtual packages
Change By:
Alexandru Popa
Release Notes Summary:
This enables apt and dpkg providers to install virtual packages.There is an attribute named allow_virtual which by default is set to true which enables the functionality to install virtual packages, the same behaviour can be found for rpm provider. If a package that is defined as virtual by default it will search a real package on that system. Example for virtual package named rubygems{{code}}package { 'rubygems':ensure => 'latest'}{{code}}It will find ruby as the real package and it will be installed instead of rubygems.Note: this also can do unwanted behaviour if someone wants to uninstall avirtual packageExample{{code}}package {'rubygems':ensure => 'absent'}{{code}}This by default will remove ruby package.If the user don't want this functionality it can be done by setting the attribute allow_virtual to false.Example:{{code}}package {'rubygems':ensure => 'absent'allow_virtual => false}{{code}}
Add Comment
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
--
You received this message because you are subscribed to the Google Groups
Jira (FACT-1987) Construct result in JSON and hash format
Title: Message Title Bogdan Irimie assigned an issue to Bogdan Irimie Facter / FACT-1987 Construct result in JSON and hash format Change By: Bogdan Irimie Assignee: Bogdan Irimie Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.320313.1565338321000.49564.1565338380283%40Atlassian.JIRA.
Jira (FACT-1987) Construct result in JSON and hash format
Title: Message Title Bogdan Irimie created an issue Facter / FACT-1987 Construct result in JSON and hash format Issue Type: Task Assignee: Unassigned Created: 2019/08/09 1:12 AM Priority: Normal Reporter: Bogdan Irimie Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit
Jira (PUP-9824) Expand the apt provider to support virtual packages
Title: Message Title Alexandru Popa updated an issue Puppet / PUP-9824 Expand the apt provider to support virtual packages Change By: Alexandru Popa Release Notes Summary: This enables apt and dpkg providers to install virtual packages. There is an attribute named allow_virtual which by default is set to true which enables the functionality to install virtual packages, the same behaviour can be found for rpm provider.Example if a Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.305263.135711000.49560.1565338260307%40Atlassian.JIRA.
