Issue #17129 has been updated by Nigel Kersten.
Andy, this gist shows the bad bits: <https://gist.github.com/76a60b8982f9e951f181> where we have the File read without any defensive behavior at all. This "fix" means you end up returning objects with no parameters, rather than no object at all. I believe we should log errors on the server side, and not return any data to the API call about the "bad" object. ---------------------------------------- Bug #17129: SSL REST API bails out completely on permissions errors https://projects.puppetlabs.com/issues/17129#change-74629 Author: Max Martin Status: Needs More Information Priority: Normal Assignee: Max Martin Category: Target version: Affected Puppet version: Keywords: Branch: If the puppetmaster doesn't have permission to access any of the .pem files waiting in the requests directory (in this case, `/etc/puppetlabs/puppet/ssl/ca/requests`), it will bail out completely when all CSRs are requested by hitting `/certificate_statuses/all`. In this example, I have a number of .pem files which the puppetmaster can access, and one that it cannot: <pre> root@master:/etc/puppetlabs/puppet/ssl/ca/requests# ls -al total 60 drwxr-xr-x 2 pe-puppet pe-puppet 4096 2012-10-19 21:18 . drwxrwx--- 5 pe-puppet pe-puppet 4096 2012-10-19 01:55 .. rw-r---- 1 peadmin peadmin 1590 2012-10-19 20:06 example_38463.pem rw-r---- 1 pe-puppet pe-puppet 1590 2012-10-19 20:06 example_46536.pem rw-r---- 1 pe-puppet pe-puppet 1590 2012-10-19 20:06 example_62602.pem rw-r---- 1 pe-puppet pe-puppet 1590 2012-10-19 20:06 example_66483.pem rw-r---- 1 pe-puppet pe-puppet 1590 2012-10-19 21:15 example_67152.pem rw-r---- 1 pe-puppet pe-puppet 1590 2012-10-19 20:06 example_69811.pem rw-r---- 1 pe-puppet pe-puppet 1590 2012-10-19 20:06 example_7469.pem rw-r---- 1 pe-puppet pe-puppet 1590 2012-10-19 21:15 example_78904.pem rw-r---- 1 pe-puppet pe-puppet 1590 2012-10-19 21:15 example_90326.pem rw-r---- 1 pe-puppet pe-puppet 1590 2012-10-19 21:15 example_90906.pem rw-r---- 1 pe-puppet pe-puppet 1590 2012-10-19 21:15 example_92088.pem rw-r---- 1 pe-puppet pe-puppet 1590 2012-10-19 20:06 example_93947.pem </pre> when I attempt to hit `certificate_statuses/all` for the production environment, the whole response is `Permission denied - /etc/puppetlabs/puppet/ssl/ca/requests/example_38463.pem` The API should be able handle the permissions error and return information about all the waiting CSRs, at least those with correct permissions. It should possibly also return information about the .pem file with incorrect permissions. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
