Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use Puppet-Datatype Sensitive #1400

Merged
merged 1 commit into from Jun 22, 2021
Merged

Use Puppet-Datatype Sensitive #1400

merged 1 commit into from Jun 22, 2021

Conversation

cocker-cc
Copy link
Contributor

  • fix some Puppetlint-Complaints, f.e. use Hash $::facts['blubb'] instead of specific global Variables
  • let Function mysql::password accept Datatype Sensitive for Password
  • let Function mysql_password accept Datatype Sensitive for Password
  • add Parameter "sensitive" to Function mysql::password to decide if its Returnvalue should be of Datatype Sensitive
  • add Parameter "sensitive" to Function mysql_password to decide if its Returnvalue should be of Datatype Sensitive
  • let mysql_user accept Datatype Sensitive for Parameter password_hash
  • let mysql::backup::mysqlbackup accept Datatype Sensitive for Parameter $backuppassword
  • let mysql::backup::mysqldump accept Datatype Sensitive for Parameter $backuppassword
  • let mysql::backup::xtrabackup accept Datatype Sensitive for Parameter $backuppassword
  • let mysql::db accept Datatype Sensitive for Parameter $password
  • let mysql::server accept Datatype Sensitive for Parameter $root_password
  • let mysql::server::backup accept Datatype Sensitive for Parameter $backuppassword
  • let mysql::server::monitor accept Datatype Sensitive for Parameter $mysql_monitor_password
  • let mysql::server::root_password accept Datatype Sensitive for $root_password
  • refactor Logic for unset Password for mysql::server::root_password

@cocker-cc cocker-cc requested a review from a team as a code owner June 16, 2021 21:15
@puppet-community-rangefinder
Copy link

mysql::password is a function

Breaking changes to this file WILL impact these 7 modules (exact match):
Breaking changes to this file MAY impact these 1 modules (near match):

mysql_password is a function

Breaking changes to this file WILL impact these 17 modules (exact match):
Breaking changes to this file MAY impact these 26 modules (near match):

mysql::backup::mysqlbackup is a class

that may have no external impact to Forge modules.

mysql::backup::mysqldump is a class

that may have no external impact to Forge modules.

mysql::backup::xtrabackup is a class

that may have no external impact to Forge modules.

mysql::bindings is a class

Breaking changes to this file WILL impact these 14 modules (exact match):
Breaking changes to this file MAY impact these 17 modules (near match):

mysql::bindings::client_dev is a class

that may have no external impact to Forge modules.

mysql::bindings::daemon_dev is a class

that may have no external impact to Forge modules.

mysql::db is a type

Breaking changes to this file WILL impact these 67 modules (exact match):
Breaking changes to this file MAY impact these 16 modules (near match):

mysql::server is a class

Breaking changes to this file WILL impact these 77 modules (exact match):
Breaking changes to this file MAY impact these 51 modules (near match):

mysql::server::backup is a class

Breaking changes to this file WILL impact these 4 modules (exact match):

mysql::server::monitor is a class

that may have no external impact to Forge modules.

mysql::server::root_password is a class

that may have no external impact to Forge modules.

This module is declared in 143 of 576 indexed public Puppetfiles.


These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

@pmcmaw pmcmaw added the feature label Jun 21, 2021
end

# Test of a Returnvalue of Datatype Sensitive does not work:
# it 'returns Sensitive with sensitive=true' do
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @cocker-cc

Just wondering if you have more information on why this test does not work? I would be inclined to advise if there is a suitable reason, marking this test in the suite as pending and just adding the comment as to why for future reference.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just wondering if you have more information on why this test does not work?

Too bad, I have no Idea how to make this Test work

@@ -32,6 +32,11 @@
$compression_command = undef,
$compression_extension = undef,
) inherits mysql::params {
if $backuppassword =~ Sensitive {
$_backuppassword = $backuppassword.unwrap
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this isn't a big deal but would it be possible to rename this variable? I found when reviewing this PR with a colleague it took us a while to work out what it is doing. I would suggest using something such as plaintext_backuppassword. (this name change will need revisited throughout your codebase changes).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done 👍

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now it's done. I needed a second push.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pmcmaw
Copy link
Contributor

pmcmaw commented Jun 21, 2021

Hey @cocker-cc
I would like to thank you for such an awesome PR!
I have added some minor comments and as soon as they are addressed I will work on getting this PR merged.
🥇

@cocker-cc
Copy link
Contributor Author

I would like to thank you for such an awesome PR!
1st_place_medal

Thanks. Reason for that one is: we switched from Trocla to Vault, and our Function vault_secrets::lookup natively returns a Sensitive, and that's good. My Understanding of Sensitive is, that the unwrap should be done as late as possible. Using EPP instead of ERB, in fact there never has to be an unwrap. Maybe I will spawn another Pullrequest with the relevant EPP-Files.

- fix some Puppetlint-Complaints, f.e. use Hash $::facts['blubb'] instead of specific global Variables
- let Function mysql::password accept Datatype Sensitive for Password
- let Function mysql_password accept Datatype Sensitive for Password
- add Parameter "sensitive" to Function mysql::password to decide if its Returnvalue should be of Datatype Sensitive
- add Parameter "sensitive" to Function mysql_password to decide if its Returnvalue should be of Datatype Sensitive
- let mysql_user accept Datatype Sensitive for  Parameter password_hash
- let mysql::backup::mysqlbackup accept Datatype Sensitive for Parameter $backuppassword
- let mysql::backup::mysqldump accept Datatype Sensitive for Parameter $backuppassword
- let mysql::backup::xtrabackup accept Datatype Sensitive for Parameter $backuppassword
- let mysql::db accept Datatype Sensitive for Parameter $password
- let mysql::server accept Datatype Sensitive for Parameter $root_password
- let mysql::server::backup accept Datatype Sensitive for Parameter $backuppassword
- let mysql::server::monitor accept Datatype Sensitive for Parameter $mysql_monitor_password
- let mysql::server::root_password accept Datatype Sensitive for $root_password
- refactor Logic for unset Password for mysql::server::root_password
@pmcmaw
Copy link
Contributor

pmcmaw commented Jun 22, 2021

What a fantastic addition to our code base @cocker-cc.
Again thank you for such a quick turnaround and such a great feature.

@pmcmaw pmcmaw merged commit 1fb7245 into puppetlabs:main Jun 22, 2021
@pmcmaw
Copy link
Contributor

pmcmaw commented Jun 22, 2021

Changes will be released on our next Community Day (Monday)

@cocker-cc cocker-cc deleted the Use_Puppet-Datatype_Sensitive branch June 22, 2021 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants