diff options
| author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2021-12-22 21:59:51 +0100 |
|---|---|---|
| committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2021-12-22 21:59:51 +0100 |
| commit | 2f2a4cce331afe732d43dc5e796dfb4372eec6e7 (patch) | |
| tree | 884eed9ae1b572477b0114acca33572fe0b47fb2 | |
| parent | 9f91d795f593401c32931659b85d28ed114353cc (diff) | |
| download | puppet.DEV-2f2a4cce331afe732d43dc5e796dfb4372eec6e7.tar.gz puppet.DEV-2f2a4cce331afe732d43dc5e796dfb4372eec6e7.tar.bz2 puppet.DEV-2f2a4cce331afe732d43dc5e796dfb4372eec6e7.zip | |
auth.conf: Update to version as shipped with puppet 5.5 in Debian 11.
| -rw-r--r-- | auth.conf | 28 |
1 files changed, 27 insertions, 1 deletions
@@ -7,7 +7,7 @@ # otherwise, the general rules may "steal" requests that should be # governed by the specific rules. # -# See https://docs.puppetlabs.com/puppet/latest/reference/config_file_auth.html +# See https://puppet.com/docs/puppet/latest/config_file_auth.html # for a more complete description of auth.conf's behavior. # # Supported syntax: @@ -57,6 +57,27 @@ # (ie exactly as if auth yes was present). # +# CONTROLLING FILE ACCESS (previously in fileserver.conf) + +# In previous versions of Puppet, you controlled file access by adding +# rules to fileserver.conf. In Puppet 5 with Puppet Server, you can control +# file access in auth.conf by controlling the /file_metadata(s)/<mount point>, +# /file_content(s)/<mount point>, and /static_file_content/<file> paths. See the +# Puppet Server documentation at +# https://puppet.com/docs/puppetserver/latest/config_file_auth.html. +# +# If you are not using Puppet Server, or are using Puppet Server but with the +# "jruby-puppet.use-legacy-auth-conf" setting set to "true", you could set the +# desired file access in a new rule in this file. For example: +# +# path ~ ^/file_(metadata|content)s?/extra_files/ +# auth yes +# allow /^(.+)\.example\.com$/ +# allow_ip 192.168.100.0/24 +# +# If added to auth.conf BEFORE the default "path /file" rule, this rule +# will add stricter restrictions to the extra_files mount point. + ### Authenticated ACLs - these rules apply only when the client ### has a valid certificate and is thus authenticated @@ -79,6 +100,11 @@ path ~ ^/puppet/v3/report/([^/]+)$ method save allow $1 +# allow all nodes to update their own facts +path ~ ^/puppet/v3/facts/([^/]+)$ +method save +allow $1 + # Allow all nodes to access all file services; this is necessary for # pluginsync, file serving from modules, and file serving from custom # mount points (see fileserver.conf). Note that the `/file` prefix matches |