Issue #2531 has been updated by Markus Roberts.
File authstore.rb added
Here's an updated spec that shows why we can't just take the angle brackets off
of the @[value]@ in parse(); it shows how that would break (crash) cases such
as:
path ~ ^/catalog/([^/]+)$
method find
allow $1
allow staging.internal.net
where there was more than one allow/deny present, and one of them was an opaque
string.
BTW, although this is Nigel has claimed this ticket I'm going to continue
putting together spec cases unless Nigel explicitly stakes a claim to that too.
----------------------------------------
Bug #2531: opaque strings don't match for catalog retrieval via REST auth system
http://projects.reductivelabs.com/issues/2531
Author: Nigel Kersten
Status: Accepted
Priority: High
Assigned to: Nigel Kersten
Category: settings
Target version: 0.25.0
Complexity: Unknown
Affected version: 0.25.0
Keywords:
This is different, but still related to #2348 in a way.
<pre>
root# puppetd -t --server testserver.mydomain --masterport 8140 --certname
foobar.mydomain
info: Caching catalog for foobar.mydomain.com
info: Applying configuration version '1250128881'
notice: Finished catalog run in 0.01 seconds
root# puppetd -t --server testserver.mydomain --masterport 8140 --certname
c216f41a-f902-4bfb-a222-850dd957bebb
err: Could not retrieve catalog from remote server: Error 403 on SERVER:
Forbidden request: c216f41a-f902-4bfb-a222-850dd957bebb(x.x.x.x) access to
/catalog/c216f41a-f902-4bfb-a222-850dd957bebb [find] authenticated at line 52
info: Not using expired catalog for c216f41a-f902-4bfb-a222-850dd957bebb from
cache; expired at Wed Aug 12 18:54:49 -0700 2009
notice: Using cached catalog
err: Could not retrieve catalog; skipping run
</pre>
If I switch auth.conf from:
<pre>
# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow $1
</pre>
to:
<pre>
# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow *
</pre>
then it works happily.
I've just found a cluster of bugs together, so reporting this without more
detail until I have time to look into it.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://reductivelabs.com/redmine/my/account
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
