Problems with EXPRESSION_VALUE when working with Vault parameters.

I am trying to add a vault to an ldap_connection.

wildfly::resource { '/core-service=management/ldap-connection=ad_ldap_connection': content => { 'search-credential' => '${VAULT::jboss-binda::password::1}', 'url' => 'ldaps://ldap.company.com:636', 'search-dn' => "CN=${service_account},OU=Service Accounts,DC=corp,DC=company,DC=com", }, }

This results in a correct standalone.xml, which works with the Vault properly.

    <outbound-connections>
        <ldap name="ad_ldap_connection" url="ldaps://ldap.company.com:636" search-dn="CN=jboss-binda,OU=Service Accounts,DC=corp,DC=company,DC=com" search-credential="${VAULT::jboss-binda::password::1}" security-realm="adSSLRealm"/>
    </outbound-connections>

However on subsequent puppet runs it produces this:

Notice: /Stage[main]/Profile::Jboss_base/Wildfly::Resource[/core-service=management/ldap-connection=ad_ldap_connection]/Wildfly_resource[/core-service=management/ldap-connection=ad_ldap_connection]/state: state changed '{"search-credential"=>{"EXPRESSION_VALUE"=>"${VAULT::jboss-binda::password::1}"}}' to '{"search-credential"=>"expression \"${VAULT::jboss-binda::password::1}\""}'

Note the "EXPRESSION_VALUE".

I think it's coming from the script trying to find the value and getting the word "expression" in the results set.

[standalone@0.0.0.0:9993 /] /core-service=management/ldap-connection=ad_ldap_connection:read-attribute(name=search-credential) { "outcome" => "success", "result" => expression "${VAULT::jboss-binda::password::1}" }

voxpupuli / puppet-wildfly

Problems with EXPRESSION_VALUE when working with Vault parameters. #239