Issue #2531 has been updated by Markus Roberts.
Complexity changed from Trivial to Unknown
James --
IMHO something needs to be done. Short term, work around/fix the observed
deficiencies/bugs. Longer term, replace the guts with something cleaner.
I'm working on some tests at the moment to make sure we don't just regress in
one area as we fix another.
Nigel --
Does changing line 252 from
name = munge_name(name) unless @name == :opaque
to
name = munge_name(name)
work for you?
-- Markus
----------------------------------------
Bug #2531: opaque strings don't match for catalog retrieval via REST auth system
http://projects.reductivelabs.com/issues/2531
Author: Nigel Kersten
Status: Accepted
Priority: High
Assigned to: Nigel Kersten
Category: settings
Target version: 0.25.0
Complexity: Unknown
Affected version: 0.25.0
Keywords:
This is different, but still related to #2348 in a way.
<pre>
root# puppetd -t --server testserver.mydomain --masterport 8140 --certname
foobar.mydomain
info: Caching catalog for foobar.mydomain.com
info: Applying configuration version '1250128881'
notice: Finished catalog run in 0.01 seconds
root# puppetd -t --server testserver.mydomain --masterport 8140 --certname
c216f41a-f902-4bfb-a222-850dd957bebb
err: Could not retrieve catalog from remote server: Error 403 on SERVER:
Forbidden request: c216f41a-f902-4bfb-a222-850dd957bebb(x.x.x.x) access to
/catalog/c216f41a-f902-4bfb-a222-850dd957bebb [find] authenticated at line 52
info: Not using expired catalog for c216f41a-f902-4bfb-a222-850dd957bebb from
cache; expired at Wed Aug 12 18:54:49 -0700 2009
notice: Using cached catalog
err: Could not retrieve catalog; skipping run
</pre>
If I switch auth.conf from:
<pre>
# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow $1
</pre>
to:
<pre>
# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow *
</pre>
then it works happily.
I've just found a cluster of bugs together, so reporting this without more
detail until I have time to look into it.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://reductivelabs.com/redmine/my/account
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
