[Puppet - Bug #7859] auth.conf does not allow back references with colons

[tickets]

Issue #7859 has been updated by Nigel Kersten.


I'm really not in favor of a patch that allows "::" in node names on the 
command line, but not in node { ... } definitions. We need to be aiming for 
consistency here.

It sounds like even if we allowed ":" that the customer isn't going to be 
satisfied because they have a node name convention that is explicitly 
disallowed in our manifest node definitions right?
----------------------------------------
Bug #7859: auth.conf does not allow back references with colons
https://projects.puppetlabs.com/issues/7859

Author: Jeff McCune
Status: Unreviewed
Priority: Normal
Assignee: Nick Lewis
Category: API
Target version: 2.6.x
Affected Puppet version: 2.6.7
Keywords: authstore auth auth.conf backreference node name node_name certname 
cert cn commonname dn common name
Branch: 


# Overview #

auth.conf, when used with back references, does not allow node names with 
colons in them.

# Expected Behavior #

When using a back reference in auth.conf, whatever value is matched should be 
authorized.  Even if it contains "strange" or arbitrary characters that are not 
allowed in hostnames or fully qualified domain names.

# Actual Behavior #

When using a node name of "i-XXXXXXXX::dev2-jeff-01.int.ec2.acme.com" This 
error is received:

<pre>
err: Invalid pattern i-XXXXXXXX::dev2-jeff-01.int.ec2.acme.com
</pre>

This comes from:
<pre>
[239, 248] in /usr/lib/ruby/site_ruby/1.8/puppet/network/authstore.rb
   239          when /\$\d+/                                              # a 
backreference pattern ala $1.reductivelabs.com or 192.168.0.$1 or $1.$2
   240            [:dynamic,:exact,nil,munge_name(value)]
   241          when /^\w[-.@\w]*$/                                       # ? 
Just like a host name but allow '@'s and ending '.'s
   242            [:opaque,:exact,nil,[value]]
   243          else
=> 244            raise AuthStoreError, "Invalid pattern #{value}"
   245          end
   246        end
   247      end
   248    end
</pre>

# Steps to reproduce #

<pre>
puppet agent --test --node_name_value=foo::bar
</pre>

Or:
<pre>
puppet agent --test --certname=foo::bar
</pre>



-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to puppet-bugs@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-bugs+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.