Hi everybody,
This is a bug, and we're working on it. I'm about to update the auth.conf
docs with info about allow_ip. Additionally, have a complete workaround for
anyone being affected by this today. This offers complete equivalence to
the fileserver.conf behavior that worked in 2.x and broke in 3.0.0.
**In fileserver.conf:**
Put the name of your mount point, the path, and an `allow *` directive.
[files]
path /etc/puppet/files
allow *
**In auth.conf:**
Use a regular expression path to match both the `file_metadata` and
`file_content` endpoints followed by the name of your custom mount point.
Then, use any combination of `allow` and `allow_ip` directives to control
access.
path ~ ^/file_(metadata|content)/files/
auth yes
allow /^(.+\.)?example.com$/
allow_ip 192.168.100.0/24
**Effect:**
This fully re-implements the previous behavior of the following
fileserver.conf:
[files]
path /etc/puppet/files
allow *.example.com
allow 192.168.100.0/24
It does this by:
* Allowing any request to fulfill fileserver.conf's requirements...
* ...but using auth.conf to ensure that only authorized requests ever reach
fileserver.conf.
This pattern will be forward-compatible with whatever permanent fix we
implement for this bug. It's not very attractive, but it works.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/US8om8O0U0AJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
