On 2019-01-10 10:56, Jocelyn Thode wrote:
Hey,
I'm trying to use exported resources where one of the parameter of the
resource is a variable from hiera. This variable is retrieved using
automatic lookup and is encrypted in hiera using hiera-eyaml.
However when the ressource is exported insted of the clear password
being exported, I get the base64 encoded version of the clear password
as argument. This does not happen if I don't use a hiera-eyaml encrypted
password.
Any idea why ?
I think that is because hiera-eyaml ends up returning ASCII-8bit encoded
clear text strings which is then interpreted as potentially being binary
and non UTF-8 compliant and therefore sent as a Binary (which gets
encoded as Base64 text).
This problem should be fixed in hiera-eyaml as it should return Strings
with UTF8 encoding. This may depend on the encoding of the original yaml
file that hiera-eyaml read.
It is a bit difficult to check if what I suspect is true. I would write
a function (or call a simple function such as "with()"), do a lookup and
pass the value to the function, I would then use a debugger, set a
breakpoint in the function, and check the encoding
of the string given to the function. To test what hiera-eyaml does
requires debugging hiera-eyaml.
Some background:
Before puppet 6 the default format was JSON with fallback to PSON if
strings were ascii-8bit. Since puppet 6, we use "rich-data encoding" by
default and handle ascii-8bit as being Binary - and by not using PSON.
We did work on issues related to export to PDB from puppet and it may be
that a newer puppet versions does a better job with ascii-8bit that can
be converted to UTF-8 without problems.
In summary, I think this should be logged as a ticket for hiera-eyaml.
Feel free to ping me on that ticket if the maintainers of hiera-eyaml
needs a hand with figuring things out.
Best,
- henrik
Puppet version: 6.0.4
Puppetdb version: 6.1.0
Puppetserver version: 6.0.2
--
Visit my Blog "Puppet on the Edge"
http://puppet-on-the-edge.blogspot.se/
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/q18e65%24dpn%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.
