puppet-vault_lookup icon indicating copy to clipboard operation
puppet-vault_lookup copied to clipboard

Published 20 hours ago verified publisher icon voxpupuli

Return nil on 404 not found

Open crayfishx opened this issue 3 years ago • 3 comments

The current implementation raises an exception if the lookup fails to resolve a result.... this just doesn't make sense for a data lookup, its more that conceivable that most of the time we will look up a value that might not exist.... raising an exception here means there is no way to handle this within Puppet and limits the usability of this function.

Instead of raising an exception, this PR changes the behaviour so that unresolved lookups return nil (Undef) and can therefore be handled within Puppet code.

$secret = vault_lookup('secret/data/no_exist')
if $secret {
  $plantext = $secret.unwrap
}

Without this patch I fail to see how you can ever look up a value that doesn't exist, since it raises an exception and fails the Puppet run it becomes un-handlable.

crayfishx avatar Sep 28 '22 08:09 crayfishx

there is an explicit test for the old behaviour, I wam wondering if this was implemented on purpose, but I dont see a reason for it 🤔

bastelfreak avatar Sep 28 '22 09:09 bastelfreak

This seems in-line with the behavior of lookup when no value is found:

romain@zappy ~ % puppet apply -te 'lookup("foo") notify { "does something": }'
Error: Function lookup() did not find a value for the name 'foo'
romain@zappy ~ % echo $?
1

You can pass more parameters to lookup() to set a default value. Maybe it makes sense to match the parameters / behavior with the function from Puppet core.

smortex avatar Sep 29 '22 06:09 smortex

See #12

binford2k avatar Oct 14 '22 19:10 binford2k