Use Sensitive for Secrets

[cocker-cc]

Pull Request (PR) description

To not reveal Secrets, accept Datatype Sensitive. Render Templates as sensitive Content, if Secrets were given as Sensitive.

This Pull Request (PR) fixes the following issues

Fixes #950

Addendum

@teluq-pbrideau 2022-12 also made a PR #857, which has not been merged yet.

[teluq-pbrideau]

I am mistaken or the password sensitive information will still be displayed in clear text as it is still an .erb template?

[Valantin]

Can you remove the non related edit from the commit?
A lot of indentation change not strict related.
Can we wait until you implement new template?

[cocker-cc]

I am mistaken or the password sensitive information will still be displayed in clear text as it is still an .erb template?

The rendered ERB-Template is wrapped, if the Password initially was given as Sensitive:

    content => if $database_password =~ Sensitive {
      Sensitive(template('zabbix/web/zabbix.conf.php.erb'))
    } else {
      template('zabbix/web/zabbix.conf.php.erb')
    },

[cocker-cc]

Can you remove the non related edit from the commit?
A lot of indentation change not strict related.

The Github-Pipeline gave me Warnings about Indentation. So I corrected the Indentation, because I added Datatypes, which shifted the = to the right.
Suggestion: someone else corrects the Indentation in master and I will rebase against master.

Can we wait until you implement new template?

I will not implement new Templates. I am only here to educate this Module using Sensitive.

[Valantin]

ok, I've misunderstud the TODO comment

I'm checking the CI to fix the failure, next try to fix indentation

[teluq-pbrideau]

I am mistaken or the password sensitive information will still be displayed in clear text as it is still an .erb template?

The rendered ERB-Template is wrapped, if the Password initially was given as Sensitive:

    content => if $database_password =~ Sensitive {
      Sensitive(template('zabbix/web/zabbix.conf.php.erb'))
    } else {
      template('zabbix/web/zabbix.conf.php.erb')
    },

Oh, I see. Maybe make sure it is the same in server.pp and proxy.pp then?

[cocker-cc]

Oh, I see. Maybe make sure it is the same in server.pp and proxy.pp then?

You are right. adapted the other sensitive rendered Templates also. Thanks.

[cocker-cc]

I rebased against master.

[Valantin]

Can you try to check why it fails?

[teluq-pbrideau]

Any chance this get merged before release 11?

Wrapped exception:
Net::ReadTimeout with #TCPSocket:(closed)

Are this kind of timeout error simply solved by running the test again?