Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HDM fails when using encryption #507

Open
tuxmea opened this issue Jan 26, 2025 · 0 comments
Open

HDM fails when using encryption #507

tuxmea opened this issue Jan 26, 2025 · 0 comments
Assignees
@oneiros

Comments

@tuxmea
Copy link
Member

tuxmea commented Jan 26, 2025 

I, [2025-01-26T11:52:56.704882 #48]  INFO -- : [71a0e7b1-61aa-48bb-8b15-e855f60bb709] Started GET "/environments/production/nodes/foreman.betadots.training/keys/ldap_password?search=" for 10.100.10.1 at 2025-01-26 11:52:56 +0000
I, [2025-01-26T11:52:56.706659 #48]  INFO -- : [71a0e7b1-61aa-48bb-8b15-e855f60bb709] Processing by KeysController#show as HTML
I, [2025-01-26T11:52:56.707235 #48]  INFO -- : [71a0e7b1-61aa-48bb-8b15-e855f60bb709]   Parameters: {"search"=>"", "environment_id"=>"production", "node_id"=>"foreman.betadots.training", "id"=>"ldap_password"}
I, [2025-01-26T11:52:56.816683 #48]  INFO -- : [71a0e7b1-61aa-48bb-8b15-e855f60bb709]   Rendered layout layouts/application.html.erb (Duration: 16.5ms | Allocations: 6314)
I, [2025-01-26T11:52:56.819713 #48]  INFO -- : [71a0e7b1-61aa-48bb-8b15-e855f60bb709] Completed 200 OK in 112ms (Views: 19.1ms | ActiveRecord: 0.1ms | Allocations: 15154)
I, [2025-01-26T11:53:00.710051 #48]  INFO -- : [1cbc236c-6f3f-4017-a94a-d98c92f59932] Started POST "/environments/production/hierarchies/Other%20YAML%20hierarchy%20levels/decrypted_values" for 10.100.10.1 at 2025-01-26 11:53:00 +0000
I, [2025-01-26T11:53:00.713994 #48]  INFO -- : [1cbc236c-6f3f-4017-a94a-d98c92f59932] Processing by DecryptedValuesController#create as */*
I, [2025-01-26T11:53:00.714086 #48]  INFO -- : [1cbc236c-6f3f-4017-a94a-d98c92f59932]   Parameters: {"value"=>"ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEACJd28JURUqGa9y0qXa2xZvECkMBIuK5JdxUkO2EmWr7Bm/b5xqdAO4qd00PQVE2hs4so/WJ2xvRp3KrrEXx/BPQqHDbqatJA2/FZnqPDH0TcXKM2ied4vqg/yWsdvTC3uswJpPphuT2v/Ya4u9OAqOkQJHq3+vRZZddWSDVKuhaxgESScaJCZVIXmQkk21buCFfVt6dr2uIXmON4+KCeovWgN1AgoPvEuq0U074W066wdDmmpdyPodcl3BJv1g3v2pFcpHy9E2qL50y1M/G80+L891LXHyoqhHcm93cSTfeZMuWOzKIGpHE0tvZkZJ4BHwnkpJ65KvQPNrZI0mSUODA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCLRHuyRxFBM7mmnMbJIg99gBDuXGYqCHOpdVcT6ZWniyr1]", "environment_id"=>"production", "hierarchy_id"=>"Other YAML hierarchy levels"}
I, [2025-01-26T11:53:00.747181 #48]  INFO -- : [1cbc236c-6f3f-4017-a94a-d98c92f59932] Completed 500 Internal Server Error in 33ms (ActiveRecord: 0.0ms | Allocations: 2009)
F, [2025-01-26T11:53:00.748779 #48] FATAL -- : [1cbc236c-6f3f-4017-a94a-d98c92f59932]   
[1cbc236c-6f3f-4017-a94a-d98c92f59932] ArgumentError (wrong number of arguments (given 2, expected 0; required keywords: layer, name)):
[1cbc236c-6f3f-4017-a94a-d98c92f59932]   
[1cbc236c-6f3f-4017-a94a-d98c92f59932] app/models/hierarchy.rb:20:in `find'
[1cbc236c-6f3f-4017-a94a-d98c92f59932] app/controllers/decrypted_values_controller.rb:6:in `create'

Config:

  1. global hiera.yaml
---
version: 5
defaults:
  # The default value for "datadir" is "data" under the same directory as the hiera.yaml
  # file (this file)
  # When specifying a datadir, make sure the directory exists.
  # See https://puppet.com/docs/puppet/latest/environments_about.html for further details on environments.
  # datadir: data
  # data_hash: yaml_data
hierarchy:
  - name: "global data"
    path: "global.yaml"
  1. environment hiera.yaml
/etc/puppetlabs/code/environments/production/hiera.yaml 
---
version: 5
defaults:
  # The default value for "datadir" is "data" under the same directory as the hiera.yaml
  # file (this file)
  # When specifying a datadir, make sure the directory exists.
  # See https://puppet.com/docs/puppet/latest/environments_about.html for further details on environments.
  # datadir: data
  # data_hash: yaml_data
  lookup_key: eyaml_lookup_key
  options:
    pkcs7_private_key: /etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem
    pkcs7_public_key:  /etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem

hierarchy:
  - name: "Per-node data (yaml version)"
    path: "nodes/%{::trusted.certname}.yaml"
  - name: "Other YAML hierarchy levels"
    paths:
      - "common.yaml"
  1. EYAML private key (demo key, useable)
# /etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1HJbZDyF5+cUicNIlj+1qsnReX6oM48T6SaQgWQGEWVum0v7
rBnmQxToY3Hnh6Ta0USjDW8tJcvaGot7CcgoRCBtlkIDfBv76fE1sjiubYPBC9FU
F3qFUPKl2fCbaT/pQQPB2RnnMgSHrZ/crkZij4jjS0aZ+cetkDaUbwAV47ulJFfP
DhFN5a7oMeTm9qxmYr7QY9wWahaMLZhk5MvLbVMn2Epaehj0lEWkBT0qumLPg8Eo
NPg1Q+7SggTd1TN0OxItDNUWYuoeKwcifj9Me4pN/0XBrkv27EfCWvUPXJacSjua
ZtUKFRKdU5EU6kPnucEvVGuTl5D2H+3n1bnOjwIDAQABAoIBAFsPGyonIPQp4W09
FW9FJn5qW816Iulakdu06mpzb4BkXBjXZCu7vC0TmJoLWASVfi8FfugCt7TEIBuR
nm6uasfsqFwntmuraPo4p93YmrcZKpUAp80aeGseXkVAcrSVrsptrFh8WFLhizA5
3bKbO6KvN1FsFRJxamzuYAgF3twJqRjxcbs5vMfA64nRFERQdfsFBMwk+0KwfxlQ
HumcJddJIiVXc9BqduM8bLs0iyRr7Qf1hWkV4V1PImXdY0BvScnkfNZ2X6mmFldS
erZvxo1b0R4T+mjxt8ugZqL4hNzD1oLW5kueNf6USTBmKu98UL1ynzh4gDPUkE2Z
rkLwBJ0CgYEA+Z4v9c3LH7Hpowtg3Y7h318DnFVfhVej/tFPkSehbYpt0soWVMJg
QRkc+qJQZbPGnRQ4f4YQ8qY7kH3Jqp0nYc1Z28R4qCBpLQN8GMvNKBZWSbgR6LcD
1AcSF+XDFQPEPU51Bp+jdl4Ef9IUc045ao8m48tOtN6dzVgRvwQrLN0CgYEA2eDf
5+Y5k5tssb5bjeNOum/nHQaJg10ro2AqL5A+t6iR/tDKqlo6p8qUS7jl8MZn1h4z
Z3wnGZzz87f/5eqHOCbhBmTMKOzA32OCzI5Ws6p3WxkQp/7sFY8ukGmxVIH/tAA0
o3nMTHto8QfdgPIZ4SEAxOgzMj5ncMZrlAu4jFsCgYEAsxzxKR3cLQgKr/XQMer+
5LtW6ezQt+ulP4mN4Ihhayqzl1dvIq6/Rrbwdl/V9MRFNh12VPssWhEyGIJKHOTb
h3BElE+sjGeFUMl5WImU0rkEfa1ZHHWGh7PzJba2fvPO8nbDvlb6gksAS3/BMOPm
izHhI/+UoHBFJz2Urk4ddPkCgYAB9vwt7C6SvTESvUO4GNep6L5tzZRJ4fo1w/U9
bpCSOWvvn1RkiuHCh5okwKsaK7/d93HBOiZkHb05cmxVV3MWt4sJ8rjAmbn3ib8x
NwtjHWNsJ+K1kR/x5dOmq71UpMN4jRPscXm9KtO8cLS3p/dBx3lpTSrBBj0KkE+C
C0UDxwKBgQCWMnP1VASiZy5sJQfN3ovgOoJII2JDK0MMII7GhA/X66MUIQG+CHV0
AH580kw6TFa+lE48PvSaNw6FhsxxEfg9EFVVNVOf2rDmqzEwx56dAwrnvVKYXBKr
JplRd4KlJvLASq8BsgmAB340RwYHwZOJL2ygaMlwnWL2KwQXgfQ8cg==
-----END RSA PRIVATE KEY-----
  1. data
# /etc/puppetlabs/code/environments/production/data/common.yaml
---
ldap_password: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEACJd28JURUqGa9y0qXa2xZvECkMBIuK5JdxUkO2EmWr7Bm/b5xqdAO4qd00PQVE2hs4so/WJ2xvRp3KrrEXx/BPQqHDbqatJA2/FZnqPDH0TcXKM2ied4vqg/yWsdvTC3uswJpPphuT2v/Ya4u9OAqOkQJHq3+vRZZddWSDVKuhaxgESScaJCZVIXmQkk21buCFfVt6dr2uIXmON4+KCeovWgN1AgoPvEuq0U074W066wdDmmpdyPodcl3BJv1g3v2pFcpHy9E2qL50y1M/G80+L891LXHyoqhHcm93cSTfeZMuWOzKIGpHE0tvZkZJ4BHwnkpJ65KvQPNrZI0mSUODA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCLRHuyRxFBM7mmnMbJIg99gBDuXGYqCHOpdVcT6ZWniyr1]

Expected: showing result: S3cr3t!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@oneiros oneiros

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oneiros @tuxmea