VRA's Encrypted variables are not decrypt by the SaltStack
search cancel

VRA's Encrypted variables are not decrypt by the SaltStack

book

Article ID: 322997

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:

Variables decrypted in VRA like minion encrypted variables are not decrypt by the SaltStack,

For example when using Blueprint 

formatVersion: 1
inputs:
  localUserPass:
    type: string
    description: Local administrator account password. 
    title: Local administrator account password
    minLength: 8
    encrypted: true
  localUsername:
    type: string
resources:
  Cloud_SaltStack_1:
    type: Cloud.SaltStack
    properties:
      hosts:
        - ${resource.LinuxOS.id}
      masterId: saltstack_enterprise_installer
      stateFiles:
        - /add_user_local_admin/userone.sls
      saltEnvironment: sse
      variables:
        adminusername: ${input.localUsername}
        adminpassword: ${input.localUserPass}

SSE state that is using the minion properties as pillar data 
### add local admin
{% set local_admin_username = salt.pillar.get('adminusername','') %}
{% set local_admin_password = salt.pillar.get('adminpassword','') %}
    
add_local_admin:
  user.present:
    - name: {{ local_admin_username }}
    - password: {{ local_admin_password }}
    - enforce_password: False
    - groups:
      - Administrators
      - Users
When the SSE process that SLS the state runs succesfully, but the password is set as sting like (secret:v1:AAHsFAodadADvmmaadfd), not the value that was used in VRA Bleueprint.


Environment

VMware Aria Automation Config 8.x

Cause

Current release of the SSE does not decode VRA encrypted values.

Resolution

There is no fix or workaround for that, just do not use  encrypted values for data that is used in SSE.


Additional Information

More info you can find in JIRA https://jira.eng.vmware.com/browse/VRAE-28951