-
Notifications
You must be signed in to change notification settings - Fork 612
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passing in a Sensitive to postgresql::server::db as "password" causes broken user #1417
Comments
I am not sure if these warnings during each agent run are related or I should submit a separate bug?
|
I have the same issue |
Duplicate of #1402, or not? |
That's true. I would leave it up to the maintainers to decide which PR will be chosen and close the other issue and PR as duplicate. I'm ok with both. |
Please either remove unusable feature or pull/commit/do something about this. |
Describe the Bug
When passing in a
Sensitive[String]
topostgresql::server::db
, the resulting user has a broken password.Also each Puppet run resets the password to a different, but still broken, string.
This bug surfaced in #1313
Expected Behavior
The password should be set correctly and only once.
Steps to Reproduce
Steps to reproduce the behavior:
Environment
Additional Context
The reason for this problem is, that the above mentioned MR started using the
postgres_password
function to generate the password hash.There the password is returned as a
Sensitive
whenever the input was also aSensitive
(or more precisely: whensensitive
was set to true). Then theALTER ROLE
SQL query gets constructed, converted to aSensitive
(again!!) and passed topostgresql_psql
(see https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/manifests/server/role.pp#L186-L187).Basically the logic constructs a Sensitive inside Sensitive which never gets unwrapped resulting in the following SQL query (yes exactly like that):
The text was updated successfully, but these errors were encountered: