Issue #15921 has been updated by eric sorenson. Status changed from Unreviewed to Rejected
rules in auth.conf are parse-order dependent with the most general one at the bottom. <blockquote> Puppet composes a full list of ACLs by combining auth.conf with a list of default ACLs. When a request is received, ACLs are tested in their order of appearance, and matching will stop at the first ACL that matches the request. </blockquote> >From >http://docs.puppetlabs.com/guides/rest_auth_conf.html#matching-acls-to-requests ---------------------------------------- Bug #15921: Order of auth.conf and its 'Deny all other requests' https://projects.puppetlabs.com/issues/15921#change-68943 Author: Thorben Went Status: Rejected Priority: Low Assignee: Category: Target version: Affected Puppet version: Keywords: auth.conf order deny Branch: I'm using the default auth.conf. For testing puppetrun I appended my rule at the end of it. The result was: <blockquote> Host agent.lan failed: Error 403 on SERVER: Forbidden request: puppet.lan(192.168.1.176) access to /run/agent.lan [save] authenticated at line 99 </blockquote> But moving my rule above <blockquote> # Deny all other requests:<br> <br> path /<br> auth any </blockquote> solved this and now puppetrun is working. If this behavior is correct: I didn't read it in the documentation. For my understanding the line '*Deny all other requests*' means all not specified requests and not all upcoming rules., <br>Shouldn't my rule be work in every order? -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
