Issue #7859 has been updated by Jeff McCune.
# Work Around # Don't use back references in auth.conf For example, the following auth.conf rule will not raise the error: <pre> # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow a-common-cert-name </pre> But the following will not, because the back reference triggers the error when the node name has colons: <pre> # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow a-common-cert-name allow $1 </pre> This is no longer a current blocker for the customer, but they would like it fixed in the next release of 2.6 because they do plan to mix static certificates with dynamically generated certificates. Once they use dynamically generated certificates, they'll need the back reference functionality. ---------------------------------------- Bug #7859: auth.conf does not allow back references with colons https://projects.puppetlabs.com/issues/7859 Author: Jeff McCune Status: Unreviewed Priority: Normal Assignee: Nick Lewis Category: API Target version: 2.6.x Affected Puppet version: 2.6.7 Keywords: authstore auth auth.conf backreference node name node_name certname cert cn commonname dn common name Branch: # Overview # auth.conf, when used with back references, does not allow node names with colons in them. # Expected Behavior # When using a back reference in auth.conf, whatever value is matched should be authorized. Even if it contains "strange" or arbitrary characters that are not allowed in hostnames or fully qualified domain names. # Actual Behavior # When using a node name of "i-XXXXXXXX::dev2-jeff-01.int.ec2.acme.com" This error is received: <pre> err: Invalid pattern i-XXXXXXXX::dev2-jeff-01.int.ec2.acme.com </pre> This comes from: <pre> [239, 248] in /usr/lib/ruby/site_ruby/1.8/puppet/network/authstore.rb 239 when /\$\d+/ # a backreference pattern ala $1.reductivelabs.com or 192.168.0.$1 or $1.$2 240 [:dynamic,:exact,nil,munge_name(value)] 241 when /^\w[-.@\w]*$/ # ? Just like a host name but allow '@'s and ending '.'s 242 [:opaque,:exact,nil,[value]] 243 else => 244 raise AuthStoreError, "Invalid pattern #{value}" 245 end 246 end 247 end 248 end </pre> # Steps to reproduce # <pre> puppet agent --test --node_name_value=foo::bar </pre> Or: <pre> puppet agent --test --certname=foo::bar </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
