Open tuxmaster5000 opened 1 year ago
Are you also deferring the call to mysql::password
?
What do you mean? I have used the sample code above.
If the call to mysql::password
itself isn't deferred, how would it produce an output when compiled on the puppet server?
So does something like...
Deferred('mysql::password', [
Deferred('vault_lookup::lookup', ["secret/test", 'https://vault.docker:8200'])
])
work?
I will test it next weekend.
Hi @alexjfisher , to day I tested it, and this works. So it will be nice, when the usage will be noted in the documentation, because Deferred is used more and more, because the puppet code is often hold in git repos, where clear passwords or hashes are big problems. Here my used code for an full example:
mysql_user { "${name}@${host}": password_hash => Deferred('mysql::password', [Deferred('
',[ )]) }
Use Case
The puppet deferred construct allow to get values from outside of puppet. For example Hashicorp Vault using https://forge.puppet.com/modules/puppet/vault_lookup
Describe the Solution You Would Like
That an call to: mysql::password(Deferred('',[])) will work.
Until not only the error:
'mysql::password' parameter 'password' expects a value of type String or Sensitive[String], got Deferred
will reported.