Skip to content

Allow Sensitive data type for secrets #331

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 9, 2024
Merged

Allow Sensitive data type for secrets #331

merged 1 commit into from
May 9, 2024

Conversation

@cocker-cc
Copy link
Contributor

@cocker-cc cocker-cc commented Jun 29, 2021

No description provided.

@cocker-cc cocker-cc requested a review from a team as a code owner June 29, 2021 19:25
@puppet-community-rangefinder
Copy link

puppet-community-rangefinder bot commented Jun 29, 2021

puppetdb::database::postgresql is a class

that may have no external impact to Forge modules.

puppetdb is a class

Breaking changes to this file WILL impact these 6 modules (exact match):
Breaking changes to this file MAY impact these 2 modules (near match):

puppetdb::server is a class

that may have no external impact to Forge modules.

puppetdb::server::database is a class

that may have no external impact to Forge modules.

puppetdb::server::read_database is a class

that may have no external impact to Forge modules.

puppetdb::server::validate_db is a class

that may have no external impact to Forge modules.

puppetdb::server::validate_read_db is a class

that may have no external impact to Forge modules.

This module is declared in 33 of 576 indexed public Puppetfiles.

These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

@CLAassistant
Copy link

CLAassistant commented Sep 1, 2021
edited
Loading

CLA assistant check
All committers have signed the CLA.

smortex
smortex reviewed Feb 8, 2022
View reviewed changes
@cocker-cc cocker-cc force-pushed the Use_Datatype_Sensitive branch from 04a5db6 to 263b68b Compare February 8, 2022 10:24
smortex
smortex reviewed Feb 8, 2022
View reviewed changes
smortex
smortex approved these changes Feb 8, 2022
View reviewed changes
Copy link
Collaborator

@smortex smortex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@cocker-cc cocker-cc force-pushed the Use_Datatype_Sensitive branch from 263b68b to 98126d7 Compare April 14, 2022 20:52
@cocker-cc cocker-cc force-pushed the Use_Datatype_Sensitive branch 2 times, most recently from 4d0eb7e to ecddb2d Compare July 29, 2022 15:24
@cocker-cc cocker-cc force-pushed the Use_Datatype_Sensitive branch from ecddb2d to addc3cb Compare April 21, 2023 12:39
@cocker-cc cocker-cc force-pushed the Use_Datatype_Sensitive branch from addc3cb to 357acd1 Compare June 19, 2023 12:13
@cocker-cc cocker-cc requested a review from bastelfreak as a code owner June 19, 2023 12:13
@cocker-cc cocker-cc force-pushed the Use_Datatype_Sensitive branch from 357acd1 to 49256ab Compare August 4, 2023 11:21
bastelfreak
bastelfreak reviewed Aug 4, 2023
View reviewed changes
@cocker-cc cocker-cc force-pushed the Use_Datatype_Sensitive branch from 49256ab to 86af360 Compare August 4, 2023 13:22
@cocker-cc cocker-cc force-pushed the Use_Datatype_Sensitive branch from 86af360 to b978586 Compare September 20, 2023 11:07
smortex
smortex reviewed Sep 21, 2023
View reviewed changes
Copy link
Collaborator

@smortex smortex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few more extra Optional[...] seems to be present.

Also, while we are improving this, what about making the default Sensitive too in params.pp?

$foo = Sensitive('bar')

@cocker-cc cocker-cc force-pushed the Use_Datatype_Sensitive branch from b978586 to 83f29bd Compare September 21, 2023 23:50
@cocker-cc
Copy link
Contributor Author

cocker-cc commented Sep 21, 2023

A few more extra Optional[...] seems to be present.

I removed Optional. Indeed it was unnecessary.

Also, while we are improving this, what about making the default Sensitive too in params.pp?
$foo = Sensitive('bar')

I do not see this necessary, as the Default-Value is publicly visible anyway.

@smortex
Copy link
Collaborator

smortex commented Sep 22, 2023

I do not see this necessary, as the Default-Value is publicly visible anyway.

My understanding is that it helps to have Puppet automatically redact secrets in diff, and that at some point only a Sensitive would be accepted in a future major version. That being said, we have default passwords in this module which is not a best practice so maybe this will not happen before a loooong time 😄.

I am fine with the PR as it is, so will let other reviewers tell what they think!

Thank you!

@smortex smortex changed the title Use Datatype Sensitive for Secrets Allow Sensitive data type for secrets Sep 30, 2023
@h0tw1r3 h0tw1r3 mentioned this pull request Feb 9, 2024
Closed
@cocker-cc cocker-cc force-pushed the Use_Datatype_Sensitive branch from 83f29bd to 530cf93 Compare March 25, 2024 22:53
@h0tw1r3 h0tw1r3 force-pushed the Use_Datatype_Sensitive branch from 530cf93 to 1e72232 Compare May 8, 2024 16:41
@cocker-cc cocker-cc requested a review from h0tw1r3 as a code owner May 8, 2024 16:41
bastelfreak
bastelfreak reviewed May 8, 2024
View reviewed changes
@cocker-cc cocker-cc force-pushed the Use_Datatype_Sensitive branch from 1e72232 to 3eb3849 Compare May 9, 2024 20:37
@h0tw1r3 h0tw1r3 merged commit 17c83e2 into puppetlabs:main May 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smortex smortex smortex approved these changes

@bastelfreak bastelfreak bastelfreak approved these changes

+1 more reviewer

@h0tw1r3 h0tw1r3 h0tw1r3 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

feature needs-tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@cocker-cc @CLAassistant @smortex @bastelfreak @h0tw1r3