On 2019-01-10 10:56, Jocelyn Thode wrote:
Hey,
I'm trying to use exported resources where one of the parameter of the
resource is a variable from hiera. This variable is retrieved using
automatic lookup and is encrypted in hiera using hiera-eyaml.
However when the ressource is exported insted of the clear password
being exported, I get the base64 encoded version of the clear password
as argument. This does not happen if I don't use a hiera-eyaml encrypted
password.
Any idea why ?
I think that is because hiera-eyaml ends up returning ASCII-8bit encoded
clear text strings which is then interpreted as potentially being binary
and non UTF-8 compliant and therefore sent as a Binary (which gets
encoded as Base64 text).
This problem should be fixed in hiera-eyaml as it should return Strings
with UTF8 encoding. This may depend on the encoding of the original yaml
file that hiera-eyaml read.
It is a bit difficult to check if what I suspect is true. I would write
a function (or call a simple function such as "with()"), do a lookup and
pass the value to the function, I would then use a debugger, set a
breakpoint in the function, and check the encoding
of the string given to the function. To test what hiera-eyaml does
requires debugging hiera-eyaml.
Some background:
Before puppet 6 the default format was JSON with fallback to PSON if
strings were ascii-8bit. Since puppet 6, we use "rich-data encoding" by
default and handle ascii-8bit as being Binary - and by not using PSON.
We did work on issues related to export to PDB from puppet and it may be
that a newer puppet versions does a better job with ascii-8bit that can
be converted to UTF-8 without problems.
In summary, I think this should be logged as a ticket for hiera-eyaml.
Feel free to ping me on that ticket if the maintainers of hiera-eyaml
needs a hand with figuring things out.
Best,
- henrik
Puppet version: 6.0.4
Puppetdb version: 6.1.0
Puppetserver version: 6.0.2
--
Visit my Blog "Puppet on the Edge"
http://puppet-on-the-edge.blogspot.se/
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/q18e65%24dpn%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.
