Add Deferred for the mysql::password function

[tuxmaster5000]

Use Case

The puppet deferred construct allow to get values from outside of puppet.
For example Hashicorp Vault using
https://forge.puppet.com/modules/puppet/vault_lookup

Describe the Solution You Would Like

That an call to:
mysql::password(Deferred('',[])) will work.
Until not only the error:
'mysql::password' parameter 'password' expects a value of type String or Sensitive[String], got Deferred
will reported.

[alexjfisher]

Are you also deferring the call to mysql::password?

[tuxmaster5000]

What do you mean? I have used the sample code above.

[alexjfisher]

If the call to mysql::password itself isn't deferred, how would it produce an output when compiled on the puppet server?

So does something like...

Deferred('mysql::password', [
  Deferred('vault_lookup::lookup', ["secret/test", 'https://vault.docker:8200'])
])

work?

[tuxmaster5000]

I will test it next weekend.

[tuxmaster5000]

Hi @alexjfisher , to day I tested it, and this works.
So it will be nice, when the usage will be noted in the documentation, because Deferred is used more and more, because the puppet code is often hold in git repos, where clear passwords or hashes are big problems. Here my used code for an full example:

mysql_user { "${name}@${host}":
password_hash => Deferred('mysql::password', [Deferred('',[)])
}