GitHub puppet-vault_lookup

Repo Checks ( 17 of 34 successfull )
Metadata Valid
No translation
passed
Correct Puppet Version Range
Supported Puppet version range is %{PUPPET_SUPPORT_RANGE}
failed
With Puppet Version Range
Puppet version range is present in requirements in metadata.json
passed
With Operatingsystem Support
No translation
passed
Operatingsystems
No translation
passed
Supports Only Current Centos
No translation
passed
Supports Latest Centos
No translation
failed
Supports Only Current Oraclelinux
No translation
passed
Supports Latest Oraclelinux
No translation
failed
Supports Only Current Redhat
No translation
passed
Supports Latest Redhat
No translation
failed
Supports Only Current Scientific
No translation
passed
Supports Latest Scientific
No translation
failed
Supports Only Current Debian
No translation
failed
Supports Latest Debian
No translation
failed
Supports Only Current Ubuntu
No translation
failed
Supports Latest Ubuntu
No translation
failed
Supports Only Current Windows
No translation
passed
Supports Latest Windows
No translation
failed
Supports Only Current Solaris
No translation
passed
Supports Latest Solaris
No translation
failed
Supports Only Current Fedora
No translation
failed
Supports Latest Fedora
No translation
failed
Supports Only Current Darwin
No translation
passed
Supports Latest Darwin
No translation
failed
Supports Only Current Sles
No translation
passed
Supports Latest Sles
No translation
failed
In Modulesync Repo
Is listed as a module managed using modulesync_config
passed
Synced
Has a .msync.yml file
passed
Latest Modulesync
Has been synchronized with the latest tagged version of modulesync_config
failed
Has Modulesync
Is present in voxpupuli/modulesync_config/managed_modules.yml
passed
Released
Is in modulesync_config and in forge releases.
passed
Valid Sync File
If a (optional) sync file is present, it must not contain a `.travis.yml` entry.
passed
Reference Dot Md
The repository has a REFERENCE.md. It needs to be generated / puppet-strings documentation is missing.
failed

Open Pull Requests

Restrict field
merge-conflicts
tests-fail

Pull Request (PR) description

This PR adds support to query just a single element of a secret, and return it as a Sensitive string. This makes it easier to pass a specific secret to another resource, as you don't have to deal with a hash of elements.

Open PR in GitHub
Add local mode and remove deprecated http_instance call
merge-conflicts
tests-fail

<!--
Thank you for contributing to this project!

-->

This Pull Request (PR) fixes the following issues

<!--
Fixes #7
-->

Open PR in GitHub
Modulesync 5.1.0

Pull Request (PR) description

The primary goal is to check CI status…

This Pull Request (PR) fixes the following issues

<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->

Open PR in GitHub
Allow the user to prevent the lookup from raising an exception
merge-conflicts

If a lookup function raises an exception, the whole catalog compilation will fail. This PR adds the ability to configure the lookup to not raise and instead simply log and return nil if it encounters an error, so that the users can structure their manifests to only conditionally depend on the result of the lookup.

We're not sure if this is useful or not, and are looking for use cases and feedback on the approach.

Fixes #13

Open PR in GitHub
Add path information for related lookup errors
merge-conflicts
tests-fail

Pull Request (PR) description

Adds path information for data lookup errors when needed

As of now when puppet fails to apply catalog vault_lookup returns message with no clue where error happens:

Error: Failed to apply catalog: Received 403 response code from vault at vault.local for secret lookup (api errors: ["1 error occurred:\n\t* permission denied\n\n"])

With proposed change you can see which lookup actually related to the problem:

Error: Failed to apply catalog: Received 403 response code from vault at vault.local for secret/data/puppet/service/graylog/s1/config lookup (api errors: ["1 error occurred:\n\t* permission denied\n\n"])

Open PR in GitHub
Add support for AppRole auth method. Add support for configuration file.
merge-conflicts
tests-fail

This PR adds support to use AppRole Vault's auth method.
It also adds support for configuring vault_lookup function using a configuration file as in https://github.com/voxpupuli/puppet-prometheus_reporter/blob/master/lib/puppet/reports/prometheus.rb#L12

Open PR in GitHub
Return nil on 404 not found
bug

The current implementation raises an exception if the lookup fails to resolve a result.... this just doesn't make sense for a data lookup, its more that conceivable that most of the time we will look up a value that might not exist.... raising an exception here means there is no way to handle this within Puppet and limits the usability of this function.

Instead of raising an exception, this PR changes the behaviour so that unresolved lookups return nil (Undef) and can therefore be handled within Puppet code.


$secret = vault_lookup('secret/data/no_exist')
if $secret {
$plantext = $secret.unwrap
}

Without this patch I fail to see how you can ever look up a value that doesn't exist, since it raises an exception and fails the Puppet run it becomes un-handlable.

Open PR in GitHub
Omission - modification parameters names

Pull Request (PR) description

  • Correction "undefined local variable or method `vaultroleid'"

This Pull Request (PR) fixes the following issues

  • When i use the master branch code i have this exception - "undefined local variable or method `vaultroleid'"
  • I think it's a omission during modification names vaultroleid to roleid and vaultsecretid to secretid
Open PR in GitHub
(WIP) Add new auth methods: agent, agent_sink
enhancement
docs
needs-tests

Description

This adds support for two new authentication methods when doing the Vault lookup.

agent:

add description...

agent_sink:

add description...

Issues Fixed

Fixes #7
Fixes #24

TODO

  • [ ] spec tests
  • [ ] Clarify that only unencrypted, non response-wrapped tokens are supported with agent_sink mode
  • [ ] Fix readme typos I introduced last time: vault::vault_lookup() -> vault_lookup::lookup()
Open PR in GitHub
(WIP) Cache the result of a lookup
enhancement
needs-work
needs-tests

Description

This caches the result of a Vault lookup and uses that cached value for all subsequent lookups of the same path.
The caching implementation uses the cache_param feature of the 4.x Function API added here: https://tickets.puppetlabs.com/browse/PUP-8676

An example of why this cache is needed can be seen with this bit of Puppet code:
```puppet
$data = Deferred('vault_lookup::lookup', ['foo', 'https://vault.corp.net:8200'])

notify { 'message1':
message => $data,
}

notify { 'message2':
message => $data,
}
```

Before this change, the lookup for foo would be done twice per catalog application due to the two notify resources evaluating the Deferred type.

After this change, the lookup is done only once per catalog application.

TODO

  • [ ] spec tests
  • [ ] Cache the lookup based on all options used for the lookup. Currently it's only cached based on path.
Open PR in GitHub