Issue #16686 has been updated by Nick Fagerlund.
Although we intend to come up with a more permanent fix, we do have a complete workaround for anyone being affected by this today. This offers complete equivalence to the fileserver.conf behavior that worked in 2.x and broke in 3.0.0. **In fileserver.conf:** Put the name of your mount point, the path, and an `allow *` directive. [files] path /etc/puppet/files allow * **In auth.conf:** Use a regular expression path to match both the `file_metadata` and `file_content` endpoints followed by the name of your custom mount point. Then, use any combination of `allow` and `allow_ip` directives to control access. path ~ ^/file_(metadata|content)/files/ auth yes allow /^(.+\.)?example.com$/ allow_ip 192.168.100.0/24 **Effect:** This fully re-implements the previous behavior of the following fileserver.conf: [files] path /etc/puppet/files allow *.example.com allow 192.168.100.0/24 It does this by: * Allowing any request to fulfill fileserver.conf's requirements... * ...but using auth.conf to ensure that only authorized requests ever reach fileserver.conf. This pattern will be forward-compatible with whatever permanent fix we implement for this bug. ---------------------------------------- Bug #16686: File-Serving Configuration parser does not implement allow_ip statements in fileserver.conf https://projects.puppetlabs.com/issues/16686#change-74633 Author: Wolfgang Miedl Status: Accepted Priority: Normal Assignee: Category: fileserving Target version: 3.0.x Affected Puppet version: 3.0.0 Keywords: Branch: In the current 3.0.0 release, the file serving configuration parser incorrectly handles "allow_ip" statements in fileserver.conf. Both an allow and allow_ip statement will result in Puppet::FileServing::Configuration::Parser.allow being called, which again calls Puppet::Network::AuthStore.allow. This will raise an AuthStoreError in case of an allow_ip statement, as Puppet::Network::AuthStore::Declaration.parse fails to parse the parameter. The fix is to call Puppet::Network::AuthStore.allow_ip instead in case an allow_ip statement is read, which will delegate the parsing to the correct method (Puppet::Network::AuthStore::Declaration.parse_ip) The attached diff illustrates the issue and a possible fix. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to puppet-bugs@googlegroups.com. To unsubscribe from this group, send email to puppet-bugs+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.