Check, if keytool exists, before trying to execute it

[cocker-cc]

Use Case

If keytool does not exist, sensitive Password is not “redacted” in Error-Message:

Error: /Stage[main]/Myprofilemodule/Java_ks[myRootCA]/ensure: change from 'absent' to 'latest' failed:  
Execution of 'keytool -importcert -noprompt -alias myrootca -file /etc/pki/tls/certs/myCA_root.pem -keystore /path/to/mykeystore -srcstorepass MyPassword -deststorepass MyPassword' returned 1:  
Error: Could not execute posix command: No such file or directory - keytool

Describe the Solution You Would Like

• check, if keytool exists, before trying to execute it
• prevent Password-Leak in other Error-Situations

[danifr]

@david22swan (apologies for tagging you, you seem to be the last one who contributed to the latest version of this module)

I have a similar issue, I have installed 2 different version of java on the same machine and java_ks does not find the keytool one I'd like to use.

It there a way to implement a way to provide the PATH where keytool is installed? Thanks

[danifr]

I worked around it creating a link:

  file { '/usr/local/bin/keytool':
    ensure  => link,
    target  => "${java_binaries_path}/keytool",
    require => Class['java'],
  }

[cocker-cc]

@danifr: But you know, that this is not the Point of this Issue, right? This Issue is about leaking Secrets.

[danifr]

Yes yes sorry for hijacking your ticket :)