On Tue, Apr 19, 2011 at 12:52, Nigel Kersten <[email protected]> wrote:
> If you add a rule like this to puppet 2.7.0rc1 in auth.conf > > path ~ ^/node/([^/]+)$ > method find > allow $1 > > then nodes are able to find their own node definitions from the master > like this: > > $ puppet node find <certname> --terminus rest --server <servername> > > This is really useful, as it allows you to do things from the node > like find out what environment/classes/parameters an ENC is going to > define for you. This would allow us to modify the configurer face to > work out what environment you are going to be assigned before you do > any pluginsync. > > Question: Is this an appropriate default ACL to put in place? Are > there negative implications? I can't identify any: there is a theoretical minor information leak, in that nodes can now see the input variables that the ENC sets, not just the outcome of compiling a catalog with them, but that seems ... unlikely to actually present any security or information risk that wasn't already present. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman <[email protected]> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
