Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

parameter 'user_list' entry '<username>' entry 'password' expects a String value, got Sensitive[String] #473

Open
dvjjoling opened this issue Dec 7, 2023 · 2 comments

Comments

@dvjjoling
Copy link

Describe the Bug

When using a sensitive string for the password for a user in accounts::user_list it gives the following error:
parameter 'user_list' entry '<username>' entry 'password' expects a String value, got Sensitive[String]

Expected Behavior

Set the password for whatever is in the sensitive string.
This should work because the password entry accepts sensitive strings as the documentation says this.

Steps to Reproduce

Steps to reproduce the behavior:

  1. Use a sensitive string as password with accounts::user_list

Environment

  • Accounts module version: 8.1.0
  • Puppetserver version: 8.2.1
  • Platform: Ubuntu 22.04 LTS
  • tragiccode-azure_key_vault v3.3.0

Additional Context

I am trying to get a secret from Azure Key Vault and set it as the users password.
I am using the tragiccode-azure_key_vault module to get the secret from Azure Key Vault.
The Azure Key Vault module is working for other (custom) Puppet modules.

In the node Hiera yaml for the node I do a lookup on the password as follows:

accounts::user_list:
  '<username>':
      ensure: 'present'
      password: "%{alias('<username>-unix-password-hash')}"

I am also converting it to a sensitive string because otherwise I get "Redacted" as my password (in /etc/shadow). I do this with the following in my node Hiera yaml:

lookup_options:
  '^.*-unix-password-hash':
    convert_to: 'Sensitive'
@djvanvliet
Copy link

When i append the file /types/user/resource.pp with
Optional[password] => Variant[String, Sensitive[String]],
instead of Optional[password] => String, it works for me, can you check?

@dvjjoling
Copy link
Author

When i append the file /types/user/resource.pp with Optional[password] => Variant[String, Sensitive[String]], instead of Optional[password] => String, it works for me, can you check?

This solves the issue. The users password is now set correctly.

So it looks the Puppetlabs-Accounts module needs this fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants