puppetlabs
I want to invoke a plan from the CLI/GUI with an optional `Sensitive` parameter
Use Case
I want to start a plan that accepts an optional sensitive parameter in it's signature. We currently forbid this as it is too difficult to reliably detect if the parameter is sensitive or not (example: Variant[String, Variant[Optional[Sensitive[String]], Integer]]). However this does not preclude us from special casing the "simple" case (IE Optional[Sensitive]).
Describe the Solution You Would Like
If i have an Optional[Sensitive] parameter in a plan signature I want the same magic applied as Sensitive, but understand this does not allow me to combine this with more complex types like Variant.
Additional Context
We do document you cant do Optional[Sensitive]. https://github.com/puppetlabs/bolt/blob/3c13cda11bacfe5c1a5e49e634280c0c9ab9b1a6/documentation/writing_plans.md#sensitive-parameters This is the code: https://github.com/puppetlabs/bolt/blob/4c5f5c0273f3235f55d76215f02e6fdc273a2ab5/bolt-modules/boltlib/lib/puppet/functions/run_plan.rb#L201-L255
The story around optional sensitive params is not great. I thought maybe you could do something likie:
plan my_project(Sensitive[String] $foo = Sensitive.new('foo'))
but that exposes the default in the plan info:
(base) ➜ my_project bundle exec bolt plan show my_project
my_project
No description available.
Usage
bolt plan run my_project [foo=<value>]
Parameters
foo Sensitive[String]
Default: ('foo')
Module
/Users/cas.donoghue/bolt-projects/my_project
I was thinking you could have plan my_project(Sensitive[String] $foo = Sensitive.new('')) Then do the conditional logic here https://github.com/puppetlabs/puppetlabs-pecdm/blob/95eb57d762e4190ff5668dc3f88a9c5a1844cdb2/plans/provision.pp#L156-L162 on $foo.length > 0
