Skip to content
Snippets Groups Projects
Commit a4815584 authored by Adam Lewenberg's avatar Adam Lewenberg
Browse files

add new ACL for auth.conf introduced in Puppet 3

parent c3f2f417
No related branches found
No related tags found
No related merge requests found
......@@ -4,7 +4,8 @@ release/003.037 (unreleased)
definition. (darrenp1)
[puppetclient] Add puppetservice* servers to list of servers that can
download Puppet DB credentials.
download Puppet DB credentials. Add a new ACL to auth.conf that was
introduced in Puppet 3.
release/003.036 (2014-09-10)
......
......@@ -113,7 +113,7 @@ class base::puppetclient {
# vulnerability that could unauthenticated Puppet nodes to manipulate
# its configuration.
file { '/etc/puppet/auth.conf':
source => 'puppet:///modules/base/puppetclient/etc/puppet/auth.conf',
content => template('base/puppetclient/auth.conf.erb'),
}
# filter-syslog rules for the Puppet client.
......
......@@ -48,6 +48,13 @@
### Authenticated ACL - those applies only when the client
### has a valid certificate and is thus authenticated
<% if (puppetversion.gsub(/\./, '').to_i >= 300) -%>
# allow nodes to retrieve their own node definition (new in Puppet 3)
path ~ ^/node/([^/]+)$
method find
allow $1
<% end -%>
# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment