search

voxpupuli / puppet-splunk

Manage Splunk servers and forwarders using Puppet
https://forge.puppet.com/puppet/splunk
Apache License 2.0
41 stars 123 forks source link

pass4SymmKey not read properly #284

Closed jose-lmax closed 7 months ago

jose-lmax commented 4 years ago

How to reproduce (e.g Puppet code you use)

 @splunkforwarder_output { 'indexer_discovery':
    section => 'indexer_discovery',
    setting => 'pass4SymmKey',
    value   => '$7$QAZMB/tf/Z5QL7qShuZ41FBi8Qko1viQKRFFbltjD/8YtjVED32EUQ==',
  }

What are you seeing

'Notice: /Stage[main]/Splunk::Forwarder::Config/Splunkforwarder_output[indexer_discovery_key]/value: current_value 'QAZMB/tf/Z5QL7qShuZ41FBi8Qko1viQKRFFbltjD/8YtjVED32EUQ==', should be '$7$QAZMB/tf/Z5QL7qShuZ41FBi8Qko1viQKRFFbltjD/8YtjVED32EUQ==' (noop) (corrective)

What behaviour did you expect instead

no changes

Output log

Any additional information you'd like to impart

The key is already in place, somehow it is taking off $7$ in the beginning of the string before the comparison.

fetzerms commented 2 years ago

We already ran into the same problem, but not sure how to fix it properly.

The root cause is: https://github.com/voxpupuli/puppet-splunk/blob/967f96f7d92b89649ed6c3e2b58e62cbe4167425/lib/puppet_x/puppetlabs/splunk/type.rb#L31-L39

There it always decrypts the password and compares it to the target value (which is the encrypted password itself).

To solve this, it would either:

@bastelfreak do you have some opinion on this, what the best solution would be?