Open mafriedel opened 6 years ago
Without a Vault being defined the read-attribute results in:
[standalone@0.0.0.0:9993 /] /core-service=management/ldap-connection=ad_ldap_connection:read-attribute(name=search-credential) { "outcome" => "success", "result" => "bRarm8e0/)R1[eW" }
I am trying to add a vault to an ldap_connection.
wildfly::resource { '/core-service=management/ldap-connection=ad_ldap_connection': content => { 'search-credential' => '${VAULT::jboss-binda::password::1}', 'url' => 'ldaps://ldap.company.com:636', 'search-dn' => "CN=${service_account},OU=Service Accounts,DC=corp,DC=company,DC=com", }, }
This results in a correct standalone.xml, which works with the Vault properly.
However on subsequent puppet runs it produces this:
Notice: /Stage[main]/Profile::Jboss_base/Wildfly::Resource[/core-service=management/ldap-connection=ad_ldap_connection]/Wildfly_resource[/core-service=management/ldap-connection=ad_ldap_connection]/state: state changed '{"search-credential"=>{"EXPRESSION_VALUE"=>"${VAULT::jboss-binda::password::1}"}}' to '{"search-credential"=>"expression \"${VAULT::jboss-binda::password::1}\""}'
Note the "EXPRESSION_VALUE".
I think it's coming from the script trying to find the value and getting the word "expression" in the results set.
[standalone@0.0.0.0:9993 /] /core-service=management/ldap-connection=ad_ldap_connection:read-attribute(name=search-credential) { "outcome" => "success", "result" => expression "${VAULT::jboss-binda::password::1}" }