Hi Henrik,
You're correct - this sample code precedes getting the Hiera
function/lookup working, I want to be able to do it in Puppet code first.
I've ended up with the following -
```
$secret_lookup = Deferred('vault_lookup::lookup',
["secret/client.example.com", 'https://puppet.example.com:8228'])
notify {mysql_root: message => Deferred('get', [$secret_lookup,
'mysql_root_password'])}
```
It returns this error -
*Error: Failed to apply catalog: 'dig' parameter 'data' expects a value of
type Undef or Collection, got Sensitive[Hash]*
Any ideas?
On Friday, March 8, 2019 at 8:43:55 PM UTC+11, Henrik Lindberg wrote:
>
> On 2019-03-08 03:13, comport3 wrote:
> > Hi Henrik,
> >
> > Thanks for your reply.
> >
> > I still don't really understand how to use your example - is it an
> > additional custom function written in Ruby that would be synchronised
> > from the master?
> >
> I showed a hiera backend that returns Deferred - but it seems that is
> not really what you were asking about (your example is different).
>
> > How would this be structured or implemented step by step please?
> >
> > This is what's in my current class, with specifically what doesn't work
> > commented out at the bottom (ignore my custom Vault port, please) -
> >
> > class profile::vaulttest {
> >
> > $secret_lookup = Deferred('vault_lookup::lookup',
> > ["secret/client.example.com", 'https://puppet.example.com:8228'])
> >
> > ## Works, returns a hashed array of key/value pairs, I want to look
> > up a SPECIFIC key and it's value, eg 'mysql_root_password'
> > notify {mysql_root: message => $secret_lookup}
> >
> > ## Trying to lookup a key within the array, fails with error
> > ## Evaluation Error: Operator '[]' is not applicable to an Object.
> > #notify {mysql_root: message => $secret_lookup[mysql_root_password]}
> >
> > }
> >
> > Help?! :-)
> >
>
> The reason your commented out code does not work is because you are
> trying to get the key "mysql_root_password" from a Deferred that has not
> yet been resolved. (It will be resolved later when the catalog is
> processed on the agent, but while compiling the Deferred is just an
> instruction to do something later).
>
> You need the following:
>
> message => Deferred('get', [$secret_lookup, 'mysql_root_password'])
>
> To get what I think you want.
>
> - henrik
> >
> > On Thursday, February 28, 2019 at 4:29:15 AM UTC+11, Henrik Lindberg
> wrote:
> >
> > On 2019-02-27 00:01, comport3 wrote:
> > > Hi Henrik and Group,
> > >
> > > Thank you very much, this sounds like exactly what we are after.
> > After
> > > reviewing
> > https://puppet.com/docs/puppet/6.3/hiera_custom_backends.html
> > <https://puppet.com/docs/puppet/6.3/hiera_custom_backends.html>
> > > we are a little lost as to how to get started. Does anyone have
> any
> > > example code of using a Customer Backend or Puppet Function in
> > > conjunction with a Deferred data type lookup for us to review?
> > Anything
> > > including the Vault lookup logic or some 'proof of concept' code
> > would
> > > be a much welcomed starting point.
> > >
> >
> > It is actually dead simple - here is an example that returns a hard
> > coded deferred. The example is written in the Puppet Language, and
> is
> > autoloaded just like other functions from "mymodule".
> >
> > This simple example is a "data hash" kind of backend - it is called
> > once
> > and is expected to return a hash with key => value bindings.
> >
> > function mymodule::deferred_example(
> > Hash $options,
> > Puppet::LookupContext $context,
> > ) {
> > # Return a hash with key(s) bound to Deferred value(s)
> > { 'the_key' => Deferred('vault_lookup', ['the key']) }
> > }
> >
> > Then there are lots of different things you could do.
> >
> > The $options hash contains information from hiera.yaml:
> > - if a path/URI was given or not (and that path existed)
> > - any custom options given in hiera.yaml for this entry
> >
> > This means you could configure what the backend would do based on
> > either
> > options given directly (a list of keys for which this backend should
> > return a Deferred), or you can use the path to read such data from a
> > file, using say a function to read that file as json from the path
> in
> > options.
> >
> > To use this backend simply enter its name in hiera.yaml like you do
> for
> > other backend functions.
> >
> > Another alternative is to write a backend of "lookup key" kind. The
> > contract there is to return a value per key or that the
> > $context.not_found() is called (if it does not have a value for the
> > key).
> >
> > If you go this route, then the function could for example lookup a
> key
> > in hiera that holds the names of keys to lookup in a deferred way.
> > Or, if you design it so that all deferred parameters can be
> identified
> > via their name then you could simply return a Deferred for all keys
> > that
> > match a pattern.
> >
> > Read all the details starting from here:
> > https://puppet.com/docs/puppet/latest/hiera_custom_backends.html
> > <https://puppet.com/docs/puppet/latest/hiera_custom_backends.html>
> >
> > Hope this helps.
> > - henrik
> >
> >
> > --
> >
> > Visit my Blog "Puppet on the Edge"
> > http://puppet-on-the-edge.blogspot.se/
> > <http://puppet-on-the-edge.blogspot.se/>
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to [email protected] <javascript:>
> > <mailto:[email protected] <javascript:>>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/puppet-users/2ecccdee-e130-4f44-b6a1-b1a0c8532bbd%40googlegroups.com
>
> > <
> https://groups.google.com/d/msgid/puppet-users/2ecccdee-e130-4f44-b6a1-b1a0c8532bbd%40googlegroups.com?utm_medium=email&utm_source=footer>.
>
>
> > For more options, visit https://groups.google.com/d/optout.
>
>
> --
>
> Visit my Blog "Puppet on the Edge"
> http://puppet-on-the-edge.blogspot.se/
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/d7900a19-e1c4-4ffa-8581-ef48f66192b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
