Closed sgnn7 closed 4 years ago
Sensitive(Deferred(conjur::secret, ['...']))
)Notice: Writing secret Sensitive [value redacted] to /tmp/test.pem...
Notice: /Stage[main]/Main/Node[default]/Notify[Writing secret Sensitive [value redacted] to /tmp/test.pem...]/message: defined 'message' as 'Writing secret Sensitive [value redacted] to /tmp/test.pem...'
Notice: Writing secret to /tmp/test.pem...
Notice: /Stage[main]/Main/Node[default]/Notify[Writing secret to /tmp/test.pem...]/message: defined 'message' as 'Writing secret to /tmp/test.pem...'
Sensitive()
is forgotten (Deferred(conjur::secret, ['...'])
)Notice: /Stage[main]/Main/Node[default]/Notify[Grabbing 'inventory/db-password' secret...]/message: defined 'message' as 'Grabbing \'inventory/db-password\' secret...'
Notice: Writing secret Deferred({'name' => 'conjur::secret', 'arguments' => ['inventory/db-password']}) to /tmp/test.pem...
Notice: /Stage[main]/Main/Node[default]/Notify[Writing secret Deferred({'name' => 'conjur::secret', 'arguments' => ['inventory/db-password']}) to /tmp/test.pem...]/message: defined 'message' as 'Writing secret Deferred({\'name\' => \'conjur::secret\', \'arguments\' => [\'inven
tory/db-password\']}) to /tmp/test.pem...'
Notice: Writing secret to /tmp/test.pem...
Notice: /Stage[main]/Main/Node[default]/Notify[Writing secret to /tmp/test.pem...]/message: defined 'message' as 'Writing secret to /tmp/test.pem...'
Deferred()
is forgotten (Sensitive(conjur::secret('...'))
)Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Internal Server Error: org.jruby.exceptions.LoadError: (LoadError) no such file to load -- conjur/puppet_module/config
Error: Could not retrieve catalog; skipping run
Sensitive(Deferred())
are forgotten (conjur::secret('...')
)Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Internal Server Error: org.jruby.exceptions.LoadError: (LoadError) no such file to load -- conjur/puppet_module/config
Error: Could not retrieve catalog; skipping run
This probably warrants a troubleshooting section. CC @izgeri
@sgnn7 it looks like nothing really errors on missing Sensitive
- is that right?
Is there anything we can add to make it fail more gracefully on missing Deferred
?
We can add a Troubleshooting
section to the README.
it looks like nothing really errors on missing Sensitive - is that right?
No errors but value of params is not redacted in logs
Is there anything we can add to make it fail more gracefully on missing Deferred?
Unknown - we may be able to figure out it's a server-side request through some hackery and print an error but I'm not sure it's trivial
We can add a Troubleshooting section to the README.
This is definitely the approach I think we should take for the first handling of these changes.
Stories are now split. The documentation needed for Sensitive
is now in story https://github.com/cyberark/conjur-puppet/issues/198. Closing.
We don't have a good idea what the UX looks like when the user forgets to wrap our
conjur::secret
function withSensitive(Deferred())
block. This issue is to ensure we have acceptable UX for it.AC:
Sensitive()
is forgotten aroundconjur::secret
Deferred()
is forgotten aroundconjur::secret
Sensitive(Deferred())
are forgotten aroundconjur::secret
Original issue: #114