[Puppet - Bug #7117] 2.7.0rc1 broke the environment criteria in auth.conf

Tue, 03 May 2011 13:46:54 -0700 

Issue #7117 has been updated by Jacob Helwig.


Nick,

Could you check if the following change fixes things for you?

    diff --git i/lib/puppet/network/rights.rb w/lib/puppet/network/rights.rb
    index 6fde181..6ddf3e1 100755
    --- i/lib/puppet/network/rights.rb
    +++ w/lib/puppet/network/rights.rb
    @@ -189,7 +189,7 @@ class Rights
         # tailored to the given method
         def allowed?(name, ip, args = {})
           return :dunno if acl_type == :regex and not 
@methods.include?(args[:method])
    -      return :dunno if acl_type == :regex and @environment.size > 0 and 
not @environment.include?(args[:environment])
    +      return :dunno if acl_type == :regex and @environment.size > 0 and 
not @environment.map{|e| e.to_sym}.include?(args[:environment].to_sym)
           return :dunno if acl_type == :regex and not @authentication.nil? and 
args[:authenticated] != @authentication
     
           begin

----------------------------------------
Bug #7117: 2.7.0rc1 broke the environment criteria in auth.conf
https://projects.puppetlabs.com/issues/7117

Author: Nick Fagerlund
Status: Accepted
Priority: Urgent
Assignee: 
Category: API
Target version: 
Affected Puppet version: 2.7.0rc1
Keywords: 
Branch: 


Auth.conf has four criteria for determining an ACL match: path, method, 
authentication, and environment. Somewhere between 2.6.7 and Statler rc1, 
environment stopped working. 

To reproduce: on a puppet master running from source, make an auth.conf file 
like this: 

    path /
    environment override
    auth any
    allow *

On 2.6.7, this will allow the puppet master to behave normally in the 
production environment, but lets you test the REST API at will if you ask for 
the override environment. On 2.7.0rc1, the ACL is ignored completely. 


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.

Reply via email to