Puppet Function: secret

Defined in:
modules/wmflib/lib/puppet/parser/functions/secret.rb
Function type:
Ruby 3.x API

Overview

secret()Any

Returns:

  • (Any)


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# File 'modules/wmflib/lib/puppet/parser/functions/secret.rb', line 4

newfunction(:secret, :type => :rvalue) do |args|
  mod_name = 'secret'
  secs_subdir = '/secrets/'

  if args.length != 1 || !args.first.is_a?(String)
    fail(ArgumentError, 'secret(): exactly one string arg')
  end
  in_path = args.first

  mod = Puppet::Module.find(mod_name)
  unless mod
    fail("secret(): Module #{mod_name} not found")
  end

  sec_path = mod.path + secs_subdir + in_path
  final_path = Pathname.new(sec_path).cleanpath

  # Bail early if it's not a regular, readable file
  unless final_path.file? && final_path.readable?
    fail(ArgumentError, "secret(): invalid secret #{in_path}")
  end

  final_path.read
end