Issue #16686 has been updated by Nick Fagerlund.
Although we intend to come up with a more permanent fix, we do have a complete
workaround for anyone being affected by this today. This offers complete
equivalence to the fileserver.conf behavior that worked in 2.x and broke in
3.0.0.
**In fileserver.conf:**
Put the name of your mount point, the path, and an `allow *` directive.
[files]
path /etc/puppet/files
allow *
**In auth.conf:**
Use a regular expression path to match both the `file_metadata` and
`file_content` endpoints followed by the name of your custom mount point. Then,
use any combination of `allow` and `allow_ip` directives to control access.
path ~ ^/file_(metadata|content)/files/
auth yes
allow /^(.+\.)?example.com$/
allow_ip 192.168.100.0/24
**Effect:**
This fully re-implements the previous behavior of the following fileserver.conf:
[files]
path /etc/puppet/files
allow *.example.com
allow 192.168.100.0/24
It does this by:
* Allowing any request to fulfill fileserver.conf's requirements...
* ...but using auth.conf to ensure that only authorized requests ever reach
fileserver.conf.
This pattern will be forward-compatible with whatever permanent fix we
implement for this bug.
----------------------------------------
Bug #16686: File-Serving Configuration parser does not implement allow_ip
statements in fileserver.conf
https://projects.puppetlabs.com/issues/16686#change-74633
Author: Wolfgang Miedl
Status: Accepted
Priority: Normal
Assignee:
Category: fileserving
Target version: 3.0.x
Affected Puppet version: 3.0.0
Keywords:
Branch:
In the current 3.0.0 release, the file serving configuration parser incorrectly
handles "allow_ip" statements in fileserver.conf. Both an allow and allow_ip
statement will result in Puppet::FileServing::Configuration::Parser.allow being
called, which again calls Puppet::Network::AuthStore.allow.
This will raise an AuthStoreError in case of an allow_ip statement, as
Puppet::Network::AuthStore::Declaration.parse fails to parse the parameter. The
fix is to call Puppet::Network::AuthStore.allow_ip instead in case an allow_ip
statement is read, which will delegate the parsing to the correct method
(Puppet::Network::AuthStore::Declaration.parse_ip)
The attached diff illustrates the issue and a possible fix.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
