-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature suggestion: Automatic parameter lookup - allow list for lookups #69
Comments
Old module but example of what we are looking for |
Hi, Do you know when this might be available for use? At the moment my lookups are generating 100's of calls to Keyvault with lookups that are being generated by variables outside hiera that I am not interested in. |
Hey @adelany , I can take a stab at this next weekend and let you know how it goes. |
Hey @adelany , Please give v2.0.0 a try with the new Thanks! |
Hi, I am getting the following error (not sure I am doing something wrong or it's my setup) Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, 'azure_key_vault::lookup' expects (Variant[String, Numeric] secret_name, Struct[{'vault_name' => String, 'vault_api_version' => String, 'metadata_api_version' => String, 'confine_to_keys' => Array[Regexp], Optional['key_replacement_token'] => String}] options, Object[{name => 'Puppet::LookupContext', parent => Any, attributes => {'environment_name' => {type => String[1], kind => derived}, 'module_name' => Variant[String[1], Undef]}, functions => {'not_found' => Callable[[0, 0], Undef], 'explain' => Callable[[0, 0, Callable[0, 0]], Undef], 'interpolate' => Callable[1, 1], 'cache' => Callable[Optional[Scalar], Any], 'cache_all' => Callable[[Hash[Optional[Scalar], Any]], Undef], 'cache_has_key' => Callable[[Optional[Scalar]], Boolean], 'cached_value' => Callable[Optional[Scalar]], 'cached_entries' => Variant[Callable[[0, 0, Callable[1, 1]], Undef], Callable[[0, 0, Callable[2, 2]], Undef], Callable[[0, 0], Iterable[Tuple[Optional[Scalar], Any]]]], 'cached_file_data' => Callable[String, Optional[Callable[Array[Integer]]]]}}] context) Line in site.pp is lookup('classes', {merge => unique}).include hiera.yaml : - version: 5 defaults: hierarchy:
Key's I am looking up from a dev.yaml file within hiera data profile::artifactory_app::artifactory_storage_accname: "%{lookup('artifactory-storage-account')}" Any ideas why this isn't working |
Hey @adelany , I know what the issue is. I was hoping this would work but apparently it doesn't. Let me push out a new release. |
Hey @adelany , Please get 2.0.1 which resolves your issue. |
Many thanks this resolved the issue now working perfectly. |
Suggest adding an optional
allowed_keys
to thelookup_options
parameters - when specified, this would prevent lookups for anything that does not match entries (either strings or regular expressions) in the list.Automatic parameter lookup will (by default) look up any variables not found in the hierarchy. Even on relatively small sites, this can mean hundreds or thousands of queries against the KeyVault when using this feature.
As an example, instrumenting
azure_key_vault::lookup
with the following code:Shows that when generating a catalog for a puppet master running Puppet Enterprise v2019.8.5, this results in 776 lookups against Azure KeyVault.
Azure KeyVault service limits allow a maximum of 2,000 lookups every 10 seconds against a key vault: https://docs.microsoft.com/en-us/azure/key-vault/general/service-limits#secrets-managed-storage-account-keys-and-vault-transactions
The text was updated successfully, but these errors were encountered: