Issue #19514 has been updated by Andrew Parker.
I'm going to send an email out on puppet-dev to reach a broader audience, but I'll put the thoughts here as well. The proposed solution fits this one particular use case, but has the drawback of continuing the use of topscope for different purposes. There has been a bit of discussion between Patrick, Eric, and myself about this and we batted around a couple of ideas: * Create a pseudo-class, like settings, for trusted data * Use these topscope variables * Create a topscope hash for trusted data The first was kinda nice, but has the issue that class scope lookups leak topscope. <pre> > bundle exec puppet apply -e '$foo = 1 notice($settings::foo)' Notice: Scope(Class[main]): 1 Notice: Finished catalog run in 0.04 seconds </pre> This means that it would be very easy to use something that you think is trusted, but it turns out you are actually using the untrusted top scope fact. The second (topscope variables) have the problem, that there is nothing unifying them into a common whole that calls out what all of the trusted data is. It also has the drawback of creating an ever growing set of variables that will conflict with people's manifests. The third option probably turns out to be the best. It gives us a place to add more trusted information over time without having to worry about clobbering manifest data. It doesn't leak data from other sources. It also fits with normal data structures and data structure manipulation functions that exist. So in order to get the trusted name we should create a top level hash named "trusted", with a key called "nodename". I think that this should be done without modifying the Puppet::Node class/object and instead we just inject this one top level variable in the compiler. ---------------------------------------- Feature #19514: Provide validated clientcert name variable for use in manifests https://projects.puppetlabs.com/issues/19514#change-88145 * Author: Chris Spence * Status: Code Insufficient * Priority: High * Assignee: Andrew Parker * Category: node * Target version: * Affected Puppet version: * Keywords: facts clientcert node identity customer * Branch: ---------------------------------------- Puppet lacks a secure identifier to identify a node in manifests. Using facts ($::clientcert, $::fqdn and $::hostname) is not reliable in that the data can be trivially spoofed. There should therefore be top level scoped data that can be used in Hiera or conditionals that is guaranteed to match the CN of the cert presented which can then be safely be used to return apposite configurations to the node. That data should be generated by the puppet master process itself, not importing facts. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
