Issue #5966 has been updated by Nigel Kersten. Status changed from Needs Decision to Accepted Assignee deleted (Nigel Kersten)
Sorry, got lost in the morass of ticket mail. ---------------------------------------- Feature #5966: allow specifying hostnames with regexes in auth.conf https://projects.puppetlabs.com/issues/5966 Author: Siim Põder Status: Accepted Priority: Normal Assignee: Category: API Target version: 2.7.x Affected Puppet version: 2.6.4 Keywords: Branch: https://github.com/windo/puppet/tree/feature/master/5966 I'd like to do quite fine-grained control of which hosts can access which modules which files (for some more modules containing secrets). It makes sense (for me at least) to do it in puppet configuration rather than for example moving it to apache in front of puppetmaster. auth.conf seems to be the right place to do it. However, currently just quite simple ip/domain based checks are allowed. The following patch enables using regular expressions for matching domain names in auth.conf: path /file_content/secrets/appserver allow /^appserver[0-9]+\.example\.com$/ I had originally also wanted to do filtering based on defined classes in catalog for the named host - however I'm not sure how to retrieve the catalog from network/authstore.rb. It seems indirector/catalog/compiler.rb might be the way to go but it currently just supports building catalogs based on requests, not from plain node name AFAIU. If I could get some pointers, I'd probably have another go at implementing it. But it sure would be comfortable to do something like: path /file_content/secrets/appserver allow class=production/customer1::appserver -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
