Comments (9)
Hey,
I will attempt to reproduce this locally today and get back with you.
from tragiccode-azure_key_vault.
Hi @TraGicCode, thank you for your fast reply, for some reason, your comment is not here.
Hey @karolina1819 ,
Are you able to share what is being logged in your puppet server logs? This module does extra logging that will show if something is erroring out there.
Puppet is logging a lot and in different files, can you tell me in which file this module is writing the output and if there is some key word to filter out the logs?
from tragiccode-azure_key_vault.
Hey @karolina1819 ,
sorry for responding late. The puppet server logs are the puppet logs on the puppet master/server. This is where the lookup function is executed and the logs there will indicate if any errors occurs ( the code for this module does some level of logging )
https://www.puppet.com/docs/pe/2019.8/log-locations-reference.html
var/log/puppetlabs/puppetserver/puppetserver.log
from tragiccode-azure_key_vault.
Hi @TraGicCode,
No problem at all. I checked that, but I did not find anything related to this module, unfortunately. Any suggestion how to increase level of logging coming from this module?
from tragiccode-azure_key_vault.
Hey @karolina1819 ,
If something blows up there should be something in the logs. Can you try adding Sensitive[String] to the puppet code to see if that makes a difference?
class infra::akv (
Sensitive[String] $password,
)
{
file { '/opt/akv':
ensure => 'directory',
}
file { '/opt/akv/testpass':
content => $password,
ensure => file,
}
}
from tragiccode-azure_key_vault.
Hey @karolina1819 ,
If something blows up there should be something in the logs.
Well, nothing blows up regarding code execution, so there are no errors in log. Only results of using lookup function in manifest and through hiera are different
Can you try adding Sensitive[String] to the puppet code to see if that makes a difference?
class infra::akv ( Sensitive[String] $password, ) { file { '/opt/akv': ensure => 'directory', } file { '/opt/akv/testpass': content => $password, ensure => file, } }
Yes, we did try that. With that there is an error:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, Class[Infra::Akv]: parameter 'password' expects a Sensitive[String] value, got String (file: /etc/puppetlabs/code/environments/infra_qa/site/role/manifests/base.pp, line: 16, column: 3) on node puppetserver-01.qa.hub
It's seems like lookup function is returning string "Sensitive [value redacted]" instead of true value of the secret just masked in Sensitive type, as it does used in manifest.
from tragiccode-azure_key_vault.
Hey @karolina1819 ,
It appears the documentation is incorrect which is what is causing you an issue. When performing interpolation inside your a hiera data file you must use the alias
function instead of the lookup
function. Make the following change, as shown below, and everything should work as expected.
before
infra::akv::password: "%{lookup('azure-secret-password')}"
after
infra::akv::password: "%{alias('azure-secret-password')}"
I have created a PR ( #102 ) which will fix this and cut a new release of the module.
from tragiccode-azure_key_vault.
Please reopen this if you still have issues
from tragiccode-azure_key_vault.
I've tested this, all works as expected, thank you for your help and clarification.
from tragiccode-azure_key_vault.
Related Issues (20)
- Unwrap through hiera HOT 4
- Puppet integration Net::ReadTimeout error HOT 1
- Retrieve the certificates from key vault ? HOT 11
- Failed with Bolt HOT 3
- Getting too many requests when querying the instance metadata service inside azure VM HOT 10
- Add the feature for using multiple Managed Service Identities HOT 5
- azure keyvault integration with puppet HOT 7
- facing issue my puppet integration with key vault HOT 2
- Access token never cached
- Feature suggestion: Automatic parameter lookup - allow list for lookups HOT 9
- Feature suggestion: Implement back-off to avoid throttling HOT 3
- For resource User password setup via key vault HOT 2
- Loading Key Vaults dynamically HOT 4
- SecretNotFound error messages with two KeyVaults HOT 2
- Add Windows Server 2022 support HOT 1
- Add support for pulling secrets via a service principal HOT 1
- Hiera lookup is not wrapping secret in Sensitive datatype HOT 1
- Add create/update functionality HOT 1
- Move API versions and default vault name to a configuration file HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tragiccode-azure_key_vault.