Parse deferred templates non deferred first #1425
Conversation
traylenator
requested review from
alexjfisher,
b4ldr,
bastelfreak,
ekohl,
smortex,
seanmil and
a team
as code owners
|
@alexjfisher I removed the commented out tests since puppetlabs/rspec-puppet#24 is merged and |
|
Very open to idea that this new feature should be behind a parameter: file{'/tmp/junk':
content => stdlib::deferrable_epp(
'module/file.epp',
{ 'port' => '1234', pass => Deferred('secrets::get',['mysecret'])},
prerender => true,
),
}or something? |
traylenator
changed the title
traylenator
changed the title
Because of
this might be necessary, but maybe the default can be the new behaviour? |
traylenator
force-pushed
the
nestedepp
branch
2 times, most recently
from
cfcbea5
to
55a003f
Compare
Yes someone using a secret array type, while rare I expect, will have to do something. Set new Have added |
Currently it is not possible to have a template file.epp
```puppet
<%- |
Stdlib::Port $port,
String[1] $password,
| %>
port <%= $port %>
password <%= $password %>
```
and run
```puppet
file{'/tmp/junk':
content => stdlib::deferrable_epp('module/file.epp', { 'port' => '1234', pass => Deferred('secrets::get',['mysecret'])}),
}
```
since the deferred template substitution will fail:
```
Error: Failed to apply catalog: Evaluation Error: Resource type not found: Stdlib::Port (file: inlined-epp-text, line: 2, column: 3)
```
due to Stdlib::Port not being available on the agent node.
This change now parses the EPP twice. The first pass will reduce the
template to:
```puppet
port = 1234
password <%= $password %>
```
and this simpler template will be passed in deferred mode.
Note the original template type for password must accept the
intermediate generated value of `<%= $password %>` which is typically
case for a secret password.
That works for me. (I think more likely than a non string type is someone using |
|
As this is it's backwards incompatible. I think true is better. Depends a bit how near we are to a major bump. |
Process the configuration file `redis.conf` template twice if some of the templates values are deferred. Currently with deferred values the resulting deferred template cannot be processed since it contains complex datatypes from stdlib in particular. This is a redis specific solution that may arrive genraly one day in puppetlabs/puppetlabs-stdlib#1425
| if $variables.stdlib::nested_values.any |$value| { $value.is_a(Deferred) } { | ||
| if $preparse { | ||
| $_variables_escaped = $variables.map | $_var , $_value | { |
There was a problem hiding this comment.
Like voxpupuli/puppet-redis#515 (comment) this has the problem that nested_values does recurse into hashes while $variables.map doesn't. I think the inner part is essentially a Puppet native version of Ruby's Hash#transform_values. Perhaps what's needed is a deep_transform_values.
There was a problem hiding this comment.
So:
stdlib::deferrable_epp(template, { 'data' => { 'a' => Deferred(....) } })
Used to be supported and now it would not be with this patch as it is.
There was a problem hiding this comment.
Yes. It would be good to somehow cover this in a test case.
There was a problem hiding this comment.
Even assuming deep_transform_values can be made available (there is one in rails I see) exactly how you then handle the above case in the the intermediate template somewhat makes my head hurt.
There was a problem hiding this comment.
Which is I'd think that Puppet should have a native way. Isn't there a .resolve function like there is .unwrap for Sensitive?
Process the configuration file `redis.conf` template twice if some of the templates values are deferred. Currently with deferred values the resulting deferred template cannot be processed since it contains complex datatypes from stdlib in particular. This is a redis specific solution that may arrive genraly one day in puppetlabs/puppetlabs-stdlib#1425
Process the configuration file `redis.conf` template twice if some of the templates values are deferred. Currently with deferred values the resulting deferred template cannot be processed since it contains complex datatypes from stdlib in particular. This is a redis specific solution that may arrive genraly one day in puppetlabs/puppetlabs-stdlib#1425
Process the configuration file `redis.conf` template twice if some of the templates values are deferred. Currently with deferred values the resulting deferred template cannot be processed since it contains complex datatypes from stdlib in particular. This is a redis specific solution that may arrive genraly one day in puppetlabs/puppetlabs-stdlib#1425
Summary
Parse templates with deferred values twice so complex data types can be used.
Additional Context
Currently it is not possible to have a template
file.eppand run
since the deferred template substitution will fail:
due to
Stdlib::Portnot being available on the agent node.This change now parses the EPP twice. The first non deferred parse will reduce the template to:
port = 1234 password <%= $password %>and this simpler template will be parsed in deferred mode.
Note the original template type for password must accept the intermediate generated value of
<%= $password %>which is typically case for a secret password. If the deferred value is more complicated then the argumentpreparsecan beset
falseto not attempt the epp substitution of non deferred values.Provide a detailed description of all the changes present in this pull request.
Related Issues (if any)
Fixes voxpupuli/puppet-redis#513
Checklist