alexjfisher
commented
1 year ago Are you also deferring the call to mysql::password?
Open tuxmaster5000 opened 1 year ago
alexjfisher
commented
1 year ago Are you also deferring the call to mysql::password?
tuxmaster5000
commented
1 year ago What do you mean? I have used the sample code above.
alexjfisher
commented
1 year ago If the call to mysql::password itself isn't deferred, how would it produce an output when compiled on the puppet server?
So does something like...
Deferred('mysql::password', [
Deferred('vault_lookup::lookup', ["secret/test", 'https://vault.docker:8200'])
])work?
tuxmaster5000
commented
1 year ago I will test it next weekend.
tuxmaster5000
commented
1 year ago Hi @alexjfisher , to day I tested it, and this works. So it will be nice, when the usage will be noted in the documentation, because Deferred is used more and more, because the puppet code is often hold in git repos, where clear passwords or hashes are big problems. Here my used code for an full example:
mysql_user { "${name}@${host}": password_hash => Deferred('mysql::password', [Deferred('
',[ )]) }
Use Case
The puppet deferred construct allow to get values from outside of puppet. For example Hashicorp Vault using https://forge.puppet.com/modules/puppet/vault_lookup
Describe the Solution You Would Like
That an call to: mysql::password(Deferred('',[])) will work.
Until not only the error:
'mysql::password' parameter 'password' expects a value of type String or Sensitive[String], got Deferredwill reported.