Hello All,
I have a problem I'm trying to solve. I'm using a custom backend to fetch
SSM values from AWS parameter store and it works nicely but with 1 problem.
If I add the lookup call to my hiera.yaml it means every variable lookup is
going to perform this SSM call. Now, the plugin does allow to recursively
fetch and cache these values which takes the calls down to 1 time per run,
but it has a large risk around decryption. As in, if any of the keys in the
uris path defined cannot be decrypted the run will fail. This is a
limitation with the AWS CLI and there's nothing the maintainer can do to
resolve this. So I moved on to a different approach, only execute the SSM
lookup for specific variables. But I cannot for the life of me figure out
how to execute this at the hiera level. In specific manifests its simple to
call the lookup function like this
class datadog_agent(
$options = { 'uri' => '/root/stg/', 'region' => 'us-east-1' },
String $api_key = hiera_ssm_paramstore('global/datadog_api_key',
$options),
but the issue is we use a lot of puppet forge modules that I'd rather not
fork. Along with that we have a design to set these values in our hiera
tree:
code/environments/stg/defaults.yaml
So ideally there would be a way to do a direct function lookup call using a
custom backend but I just can't figure it out. Something like this:
datadog_agent::api_key: "${hiera_ssm_paramstore('global/datadog_api_key',
$options)}"
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/8e63b22d-5af1-4763-a73f-226c86ee6ad2n%40googlegroups.com.
