Jira (PUP-10092) Support concatenating sensitive values
Title: Message Title Josh Cooper commented on PUP-10092 Re: Support concatenating sensitive values Ok, it sounds like rewrap is the way to go. I'm going to close this as a dup of PUP-10093 Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.328194.1570226898000.132848.1612400520042%40Atlassian.JIRA.
Jira (PUP-10092) Support concatenating sensitive values
Title: Message Title Josh Cooper updated an issue Puppet / PUP-10092 Support concatenating sensitive values Change By: Josh Cooper Epic Link: PUP- 9637 8587 Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.328194.1570226898000.80629.1591484820111%40Atlassian.JIRA.
Jira (PUP-10092) Support concatenating sensitive values
Title: Message Title Henrik Lindberg commented on PUP-10092 Re: Support concatenating sensitive values That would mean having to encode "sensitive" into each and every value, integers, floats, strings etc. and that could have drastic impact on performance. The trait of being "sensitive" would then need to be handled by all operations on all those types as we need to automatically propagate the sensitive bit to the results of operations. Thus being lots of code that needs to be touched in many places, and would probably result in instabilities and subtle bugs until we manage to sort it out. So no, don't think this is a viable option. I did consider using the "tainted" bit available in Ruby since it handles such propagation, but it is for almost the opposite of what we want and it turned out to be a very bad idea to use it for some other purpose than what it is intended for. I think the best we can do is to have a different function for EPP templates that produces a sensitive result if it interpolates sensitive. For regular string interpolation it is tricky since calling a function would not work since you would like to pass the string with interpolations to it for evaluation and that would mean evaluating it, which would mean getting "redacted" text into the string. It works for EPP since the argument to the epp functions isn't evaluated. For interpolation into a string we would need a special interpolation instruction, or some new keyword / operator in the language that would tell the evaluator that the interpolation should unwrap and wrap the final result in a sensitive if it interpolates a sensitive. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Jira (PUP-10092) Support concatenating sensitive values
Title: Message Title
Josh Cooper commented on PUP-10092
Re: Support concatenating sensitive values
The ship may have already sailed, but would it be better if Sensitive was a trait of a type instead of a type, e.g. Binary.new("foo", sensitive: true), String.new("foo", sensitive: true) That way interpolation could preserve the "sensitive-ness" trait, but always return a String?
Add Comment
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
--
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.328194.1570226898000.15075.1578425700089%40Atlassian.JIRA.
Jira (PUP-10092) Support concatenating sensitive values
Title: Message Title Henrik Lindberg commented on PUP-10092 Re: Support concatenating sensitive values A string interpolation has a contract - it is supposed to produce a String not a Sensitive. I think this is slippery slope of special case handling akin to automatic cast from string to number. You are not supposed to use Sensitive like this and it did exactly what it was suppose to and it resulted in "[redacted]". If using unwrap och rewrap() functions are too difficult, how about adding one more senstive_concatenate() that does that. It would always return Sensitive. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.328194.1570226898000.58847.1575659760135%40Atlassian.JIRA.
Jira (PUP-10092) Support concatenating sensitive values
Title: Message Title Josh Cooper updated an issue Puppet / PUP-10092 Support concatenating sensitive values Change By: Josh Cooper Sprint: Coremunity Grooming Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.328194.1570226898000.58647.1575655740252%40Atlassian.JIRA.
Jira (PUP-10092) Support concatenating sensitive values
Title: Message Title Jorie Tappa updated an issue Puppet / PUP-10092 Support concatenating sensitive values Change By: Jorie Tappa Team: Coremunity Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.328194.1570226898000.132283.1570474620120%40Atlassian.JIRA.
Jira (PUP-10092) Support concatenating sensitive values
Title: Message Title Rob Braden updated an issue Puppet / PUP-10092 Support concatenating sensitive values Change By: Rob Braden Sprint: Coremunity Grooming Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.328194.1570226898000.131781.1570467840138%40Atlassian.JIRA.
Jira (PUP-10092) Support concatenating sensitive values
Title: Message Title
Josh Cooper created an issue
Puppet / PUP-10092
Support concatenating sensitive values
Issue Type:
Improvement
Assignee:
Unassigned
Created:
2019/10/04 3:08 PM
Priority:
Normal
Reporter:
Josh Cooper
The compiler evaluates interpolated sensitive values differently than non-interpolated ones, which is surprising:
$secret = Sensitive('s3cret')
notify { 'a': message => $secret }
notify { 'b': message => "${secret}" }
The first resource evaluates to:
"parameters": {
"message": "s3cret"
