Add support to read Vault paths as Puppet resources (Hashes)

[hajee]

This PR adds the ability to specify a path to be recognized as a (Puppet) resource. All the folders of in the path will be recognized as a folder containing the property values and return the value as a Hash to Puppet.

This is useful for use cases where want Puppet to read the resources fully from Vault and create them using create_resources

[hajee]

Hi,

Is there a timeline for when you have time to start the workflows and review the PR?

[petems]

I'll be honest, I'm pretty reluctant to merge this in because it seems like a pretty bad idea... is there a reason you're using Vault as a CMDB to create resources within a Puppet run?

[hajee]

I understand your reluctance. We had a discussion about this too. This is also the reason why we made it optional and not default. Regarding the use case: We have a variable set of users with properties that we want to store in vault. Not only the password ( or other properties) are (logical)secrets, but also the fact that the user is present or not is something that we want to keep secret. That is why we want to use vault for this.

I hope this explanation helps.

[hajee]

An addition to my previous comment: We use this ONLY for a very select set of resources.

[hajee]

@petems Did you have time to look at our reaction? I hope this is enough to resolve your reluctance.

[hajee]

@petems A response would be highly appreciated.

[petems]

I'll be honest, I dont think this is a good usecase so I'm going to close this as a non-merge. I'd recommend you fork or figure out a way to have it as a plugin/new module for the new functionality.