hiera-eyaml icon indicating copy to clipboard operation
hiera-eyaml copied to clipboard

Published 20 hours ago verified publisher icon voxpupuli

[enhancement] failed decryption could have better error message

Open GeoffWilliams opened this issue 10 years ago • 0 comments

Description

If decryption of an eyaml value fails e.g., due to attempting decryption with the wrong key, the error message from hiera-eyaml bubbled up through puppet does not make the cause or the source of the error obvious.

Observations

If a user accidentally attempts to decrypt data with the wrong key, the puppet agent will fail to run and a message such as:

Error 400 on SERVER:  PKCS7[Method: 112, Reason: -1] at <manifest>

Will be displayed as the reason for catalogue compilation failure. As it stands, its hard to tell what component generated this error message and why.

Enhancement

If decryption fails, it would be a great enhancement if hiera-eyaml could print a message indicating possible causes of this error, confirmation that the error originated in the hiera-eyaml code and if possible some suggested remedies. E.g., "hiera-eyaml: Decryption of key 'foobar' failed, check the encrypted data matches the key you are using"

GeoffWilliams avatar Feb 23 '15 03:02 GeoffWilliams