diff options
| -rw-r--r-- | auth.conf | 28 |
1 files changed, 27 insertions, 1 deletions
@@ -7,7 +7,7 @@ # otherwise, the general rules may "steal" requests that should be # governed by the specific rules. # -# See https://docs.puppetlabs.com/puppet/latest/reference/config_file_auth.html +# See https://puppet.com/docs/puppet/latest/config_file_auth.html # for a more complete description of auth.conf's behavior. # # Supported syntax: @@ -57,6 +57,27 @@ # (ie exactly as if auth yes was present). # +# CONTROLLING FILE ACCESS (previously in fileserver.conf) + +# In previous versions of Puppet, you controlled file access by adding +# rules to fileserver.conf. In Puppet 5 with Puppet Server, you can control +# file access in auth.conf by controlling the /file_metadata(s)/<mount point>, +# /file_content(s)/<mount point>, and /static_file_content/<file> paths. See the +# Puppet Server documentation at +# https://puppet.com/docs/puppetserver/latest/config_file_auth.html. +# +# If you are not using Puppet Server, or are using Puppet Server but with the +# "jruby-puppet.use-legacy-auth-conf" setting set to "true", you could set the +# desired file access in a new rule in this file. For example: +# +# path ~ ^/file_(metadata|content)s?/extra_files/ +# auth yes +# allow /^(.+)\.example\.com$/ +# allow_ip 192.168.100.0/24 +# +# If added to auth.conf BEFORE the default "path /file" rule, this rule +# will add stricter restrictions to the extra_files mount point. + ### Authenticated ACLs - these rules apply only when the client ### has a valid certificate and is thus authenticated @@ -79,6 +100,11 @@ path ~ ^/puppet/v3/report/([^/]+)$ method save allow $1 +# allow all nodes to update their own facts +path ~ ^/puppet/v3/facts/([^/]+)$ +method save +allow $1 + # Allow all nodes to access all file services; this is necessary for # pluginsync, file serving from modules, and file serving from custom # mount points (see fileserver.conf). Note that the `/file` prefix matches |