Hello,
I'm trying to use the PE API to sign a server cert.
I know how to use /puppet-ca/v1/certificate_status but I have problems to
allow a specific user to sign.
I generated certs that I use in my curl/nodejs API calls and I have to
change the /etc/puppetlabs/puppetserver/conf.d/auth.conf. I changed :
{
"allow" : [
"pe-internal-dashboard"
],
"match-request" : {
"method" : [
"get",
"put",
"delete"
],
"path" : "/puppet-ca/v1/certificate_status",
"query-params" : {},
"type" : "path"
},
"name" : "puppetlabs certificate status",
"sort-order" : 500
}
To :
{
"allow" : [
"pe-internal-dashboard", "sign_user"
],
"match-request" : {
"method" : [
"get",
"put",
"delete"
],
"path" : "/puppet-ca/v1/certificate_status",
"query-params" : {},
"type" : "path"
},
"name" : "puppetlabs certificate status",
"sort-order" : 500
}
The problem is that after a moment, it always come back to the previous
value. I suppose the file is generated by PE but then where should I put
the value sign_user so that he has access to the rule named "puppetlabs
certificate status" ?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/89b1b8c9-5033-47b9-805f-de2084c58c73%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
