Use of hard-coded passwords is a bad practice

[akondasif]

I am a security researcher, who is looking for security smells in Puppet scripts.
I noticed two instances of hard-coded passwords, which are against the best practices
recommended by Common Weakness Enumeration (CWE) [https://cwe.mitre.org/data/definitions/259.html] and also by other security practitioners.
I have added hiera support to mitigate this smell. Feedback is welcome.

Here is where I noticed hard-coded passwords: https://github.com/biemond/biemond-wildfly/blob/v0.5.x/manifests/params.pp

[coveralls]

Coverage increased (+3.0%) to 23.447% when pulling 5c4dba0 on akondasif:v0.5.x into 8d1593a on biemond:v0.5.x.

[jairojunior]

Thank you, but calling hiera functions is a Puppet bad practice: "https://puppet.com/docs/puppet/5.5/style_guide.html

"You should avoid using calls to Hiera functions in modules meant for public consumption, because not all users have implemented Hiera. Instead, we recommend using parameters that can be overridden with Hiera."

I guess the proper way to address both your point and Hiera best practice would be to force users to define this parameter.