hello,
I've been trying to figure out what these Sensitive types are all about based
on
https://github.com/puppetlabs/puppet-specifications/blob/master/language/types_values_variables.md#sensitivet
Best I can tell there isn't yet docs on docs.puppet.com for these
First I don't actually find usable examples in the spec docs, like what is it
for? Whats a typical use case here?
The most basic example works:
$secret = Sensitive(42)
$processed = $secret.unwrap |$sensitive| { $sensitive * 2 }
notice $secret
notice $processed
This gives:
Notice: Scope(Class[main]): Sensitive [value redacted]
Notice: Scope(Class[main]): 84
Now I guess you want to be able to pass the sensitive one into a class, and it
should not automatically unwrap but remain sensitive:
class x(Sensitive $foo) {
notice($foo)
}
class{"x": foo => Sensitive("bar")}
This fails:
Error: Evaluation Error: Error while evaluating a Resource Statement,
Class[X]: parameter 'foo' expects a Sensitive value, got String
Changing the "Sensitive $foo" to "Sensitive[String] $foo" as well:
Error: Evaluation Error: Error while evaluating a Resource Statement,
Class[X]: parameter 'foo' expects a Sensitive value, got String
Yes if I do:
notice(type_of(Sensitive("bar")))
I get "Sensitive[String]" so surely it should be passable into the class
Ok, so this is where it gets really weird, the docs says:
There is no automatic unwrapping of sensitive values. As a consequence
it is not possible to perform operations on sensitive values other than
interpolating it as a String. When such interpolation takes place, the
value is shown as "[redacted]".
So ok, we have to specifically do like $foo.unwrap, but here's the really weird
thing, once I
failed to pass a Sensitive type into the class I decided to do this:
class x(String $foo) {
notice("Value of \$foo: ${foo}")
notice("Size of \$foo: ${foo.size}")
notify{$foo: }
}
$x = Sensitive("bar")
notice("Type of \$x: ${type_of($x)}")
notice("Value of \$x: ${x}")
class{"x":
foo => $x
}
This gives me:
Notice: Scope(Class[main]): Type of $x: Sensitive[String]
Notice: Scope(Class[main]): Value of $x: Sensitive [value redacted]
Notice: Scope(Class[X]): Value of $foo: bar
Notice: Scope(Class[X]): Size of $foo: 3
Notice: Compiled catalog for dev3.devco.net in environment production in 0.13
seconds
Error: /X: Unable to mark 'foo' as sensitive: the property itself is not
defined on component.
Notice: bar
Notice: /Stage[main]/X/Notify[bar]/message: defined 'message' as 'bar'
So here it gets unwrapped automatically by just passing the Sensitive[String]
into a variable
of String on a class? Does not seem like this is intended behaviour, and
basically I have not been
able to do anything useful with these
Whats the intended purpose and how do you use this?
---
R.I.Pienaar
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-dev/460289666.57027.1472562919363.JavaMail.zimbra%40devco.net.
For more options, visit https://groups.google.com/d/optout.
