Issue #5020 has been updated by Matt Robinson. Status changed from Ready for Testing to Code Insufficient
Brice, this does allow you to do what you want, but for some reason it breaks security. You say <blockquote> This is safe because the default auth.conf (and default inserted rules when no auth.conf is present) only allow the given connected node to compile its own catalog. </blockquote> However, when I tested this with the default auth.conf I was able to get catalogs other than the one for the connecting node. Not sure why. Without the patch: err: Forbidden request: localhost(127.0.0.1) access to /catalog/othernodename [find] at line 93 ---------------------------------------- Bug #5020: Prefer URI over certname when compiling node catalog https://projects.puppetlabs.com/issues/5020 Author: Brice Figureau Status: Code Insufficient Priority: Normal Assignee: Brice Figureau Category: compiler Target version: 2.6.x Affected Puppet version: 2.6.2 Keywords: communitypatch Branch: http://github.com/masterzen/puppet/tree/tickets/2.6.x/5020 As discussed here: http://groups.google.com/group/puppet-dev/browse_thread/thread/45e287d5a0fb8585/e60645baa81b1a96 Since auth.conf (and default inserted rules when no auth.conf exists) provide enough security, it would be great to use the provided compiling URI key as the node name to compile, instead of using the provided SSL certname. It would allow monitoring or puppet-load to simulate any client with only one certificate by changing auth.conf: <pre> path ~ ^/catalog/([^/]+)$ method find allow $1 allow puppet-load.domain.com allow monitoring.domain.com </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
