Jira (PUP-11004) Backport logic to detect migrated CA dir location
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11004 Backport logic to detect migrated CA dir location Change By: Josh Cooper Fix Version/s: PUP 6.22.0 Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.394052.1617643715000.1603.1617686880044%40Atlassian.JIRA.
Jira (PUP-10535) Move to Addressable
Title: Message Title Tim Meusel commented on PUP-10535 Re: Move to Addressable hey Josh Cooper, it it possible to get this fixed in one of the next puppet 7 releases? This would really help people that package Puppet on their own against system ruby (which might be Ruby 3.0, like it is on Arch Linux). Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.360343.1590685774000.1378.1617658200121%40Atlassian.JIRA.
Jira (FACT-3004) Do not auto promote dotted facts to structured
Title: Message Title Josh Cooper commented on FACT-3004 Re: Do not auto promote dotted facts to structured This passed puppet-agent#main CI, but puppet-agent#6.x is still pinned to facter 4.0.50, which will be handled in PA-3693. Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.393702.1617359453000.1202.1617652020255%40Atlassian.JIRA.
Jira (PUP-11003) HSTS support for puppet server
Title: Message Title Josh Cooper commented on PUP-11003 Re: HSTS support for puppet server Hi Jeffrey Buchbinder, thank you for taking the time to make a contribution to puppet! The issue of HSTS comes up from time to time, because scanners like Nessus flag puppetserver's port 8140. For example, see https://www.reddit.com/r/Puppet/comments/l7vrrf/puppet_security_scan_findings_for_hsts_on_8140/. However, my understanding is that the header should only be included in web server responses to protect against MITM attacks in cases where a browser connects to an HTTP URL and the server redirects to HTTPS. Puppetserver doesn't accept HTTP requests or redirect in that way, so HSTS isn't needed (since the attack it's protecting against isn't possible). A second issue is the code in lib/puppet/http is used by the agent to make HTTP client requests. The server-side HTTP handling is contained in the https://github.com/puppetlabs/puppetserver repo. So if wanted to add something to puppetserver responses, it would need to be done there. Thanks again for taking the time to submit a pull request! Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.394045.161764037.1184.1617650760030%40Atlassian.JIRA.
Jira (PUP-10973) `puppet facts diff` output should be pretty
Title: Message Title Josh Cooper updated an issue Puppet / PUP-10973 `puppet facts diff` output should be pretty Change By: Josh Cooper Fix Version/s: PUP 6.22.0 Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.392811.1616691172000.1141.1617648180031%40Atlassian.JIRA.
Jira (PUP-10996) Add 'scripts' directory to Puppet Module type
Title: Message Title Josh Cooper commented on PUP-10996 Re: Add 'scripts' directory to Puppet Module type Passed CI in 04c6542512 Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.392996.1616783969000.1138.1617648060055%40Atlassian.JIRA.
Jira (PUP-11004) Backport logic to detect migrated CA dir location
Title: Message Title Maggie Dreyer updated an issue Puppet / PUP-11004 Backport logic to detect migrated CA dir location Change By: Maggie Dreyer Story Points: 1 Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.394052.1617643715000.1073.1617644100074%40Atlassian.JIRA.
Jira (PUP-11004) Backport logic to detect migrated CA dir location
Title: Message Title Maggie Dreyer assigned an issue to Maggie Dreyer Puppet / PUP-11004 Backport logic to detect migrated CA dir location Change By: Maggie Dreyer Assignee: Maggie Dreyer Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.394052.1617643715000.1074.1617644100121%40Atlassian.JIRA.
Jira (PUP-11004) Backport logic to detect migrated CA dir location
Title: Message Title Maggie Dreyer updated an issue Puppet / PUP-11004 Backport logic to detect migrated CA dir location Change By: Maggie Dreyer Sprint: Froyo - 04/7/2021 Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.394052.1617643715000.1075.1617644100164%40Atlassian.JIRA.
Jira (PUP-11004) Backport logic to detect migrated CA dir location
Title: Message Title Maggie Dreyer updated an issue Puppet / PUP-11004 Backport logic to detect migrated CA dir location Change By: Maggie Dreyer In Puppet 7, we added [ logic |https://github.com/puppetlabs/puppet/blob/main/lib/puppet/defaults.rb#L35-L49] to Puppet's settings defaults to detect whether the CA dir was in the old (SSL dir) location or in the new migrated location. We need to backport this detection logic to 6.x, with the default case reversed: we want to only return the new location if the dir already exists there, indicating that the CA dir has been migrated, and return the SSL dir location otherwise. Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.39
Jira (PUP-11004) Backport logic to detect migrated CA dir location
Title: Message Title Maggie Dreyer created an issue Puppet / PUP-11004 Backport logic to detect migrated CA dir location Issue Type: Task Assignee: Unassigned Created: 2021/04/05 10:28 AM Priority: Normal Reporter: Maggie Dreyer In Puppet 7, we added logic to Puppet's settings defaults to detect whether the CA dir was in the old (SSL dir) location or in the new migrated location. We need to backport this detection logic to 6.x, with the default case reversed: we want to only return the new location if the dir already exists there, indicating that the CA dir has been migrated, and return the SSL dir location otherwise. Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97)
Jira (PUP-10985) `puppet facts diff` does not output facts that only exist in Facter 4
Title: Message Title Josh Cooper updated an issue Puppet / PUP-10985 `puppet facts diff` does not output facts that only exist in Facter 4 Change By: Josh Cooper Fix Version/s: PUP 6.22.0 Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.392859.1616699279000.1037.1617643380046%40Atlassian.JIRA.
Jira (PUP-11003) HSTS support for puppet server
Title: Message Title Jeffrey Buchbinder updated an issue Puppet / PUP-11003 HSTS support for puppet server Change By: Jeffrey Buchbinder Attachment: PUP-11003.file_server.patch Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.394045.161764037.979.1617640860032%40Atlassian.JIRA.
Jira (PUP-11003) HSTS support for puppet server
Title: Message Title
Jeffrey Buchbinder commented on PUP-11003
Re: HSTS support for puppet server
Appropriate fix is either to fix further up in the stack, or modify the puppet repository's lib/puppet/http/service/file_server.rb , amending the following functions:
get_file_content()
get_static_file_content()
get_file_metadata()
get_file_metadatas()
The add_puppet_headers() calls would be adjusted from: headers = add_puppet_headers('Accept' => 'application/octet-stream') to: headers = add_puppet_headers({'Accept' => 'application/octet-stream', 'Strict-Transport-Security' => 'max-age=31536000; includeSubDomains;'}) (or whatever the particular headers are for each function to include the additional header).
Add Comment
This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97)
--
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.394045.161764037.976.1617640620094%40Atlassian.JIRA.
Jira (PUP-11003) HSTS support for puppet server
Title: Message Title Jeffrey Buchbinder created an issue Puppet / PUP-11003 HSTS support for puppet server Issue Type: Improvement Assignee: Unassigned Components: Networking Created: 2021/04/05 9:32 AM Priority: Normal Reporter: Jeffrey Buchbinder Puppet Version: 5.5.8 Puppet Server Version: 5.3.6 OS Name/Version: Linux (RHEL7) For FedRAMP certification for use in a FedRAMP environment, the server needs to conform to the HTTP Strict Transport Security (HSTS) web server policy. This configuration is not present in the current code base. Desired Behavior: Should produce a Strict-Security header like so: Strict-Security: max-age=31536000; includeSubDomains; Actual Behavior: No Strict-Security header is present in server responses. Add Comment
Jira (PDB-5002) Array match queries stopped working in version 7
Title: Message Title Rob Browning commented on PDB-5002 Re: Array match queries stopped working in version 7 No worries. I scanned the code changes between 7.0.2 and 7.1.0 (I think the relevant range, given the dates), and didn't see anything that I'd think likely to be relevant. I also tested 7.0.1 a bit, and didn't see any trouble. So I think I'll close this for now, with the expectation that we'll re-open it if the problem reappears. Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.384540.1611348921000.908.1617639300360%40Atlassian.JIRA.
Jira (PDB-5061) Empty password causes schema exception for migrator-password
Title: Message Title Bogdan Irimie updated an issue PuppetDB / PDB-5061 Empty password causes schema exception for migrator-password Change By: Bogdan Irimie Team: HA Ghost Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.390948.1615578764000.840.1617637020031%40Atlassian.JIRA.
Jira (FACT-2907) networking: add binding flags to bindings6 entries
Title: Message Title
john updated an issue
Facter / FACT-2907
networking: add binding flags to bindings6 entries
Change By:
john
It would be nice if we could update the networking.$iface. bundings6 bindings6 entries to also include binding flags. As an example given the following:{code:bash}% sudo ip -6 addr show dev en0 2: en0: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether aa:aa:bb:bb:cc:cc brd ff:ff:ff:ff:ff:ffinet6 2001:db8:::bbff:febb:/64 scope global mngtmpaddr dynamic valid_lft forever preferred_lft foreverinet6 2001:db8::1/64 scope global valid_lft forever preferred_lft foreverinet6 fe80:::bbff:febb:/64 scope link valid_lft forever preferred_lft forever{code}It would be nice to get the following facts{code:Ruby}'en0' => { 'bindings6' => [{ address => "2001:db8:::bbff:febb:", netmask => ":::::", network => "2620:0:861:103::" 'scope' => "global" 'flags' => ['mngtmpaddr', 'dynamic']},{ address => "2001:db8::1", netmask => ":::::", network => "2620:0:861:103::" 'scope' => "global"},{ address => "fe80:::bbff:febb:", netmask => ":::::", network => "fe80::" 'scope' => "link"} ]{code}The flags are useful when deciding which addresses to configure daemons to bind to. for instance i would not want a daemon to bind to any binding6 which has either the dynamic or temporary Further i think this could be used in determining the network.ip6 fact. for instance we have environment that have static ipv6 addresses as well as a SLAAC address. I think in this instance when there multiple bindings the ones which have flags of mngtmpaddr or dynamic should no be prefered as the primary. however (at least in our environment) the SLAAC address is prefered (see below){code:bash}% sudo ip -6 addr show dev private 6: private: mtu 1500 state UP qlen 1000inet6 2620:0:861:101:1a66:daff:fea3:af25/64 scope global mngtmpaddr dynamic valid_lft 2591993sec preferred_lft 604793secinet6 2620:0:861:101:10:64:0:245/64 scope global valid_lft forever preferred_lft foreverinet6 fe80::1a66:daff:fea3:af25/64 scope link valid_lft forever preferred_lft forever{code} {code:bash}% sudo facter -p networking.interfaces.private { bindings => [{ address => "10.64.0.245", netmask => "255.255.252.0", network => "10.64.0.0"} ], bindings6 => [{ address => "2620:0:861:101:1a66:daff:fea3:af25", netmask => ":::::", network => "2620:0:861:101::"},{ address => "2620:0:861:101:10:64:0:245", netmask => ":::::", network => "2620:0:861:101::"},{ address => "fe80::1a66:daff:fea3:af25", netmask => ":::::", network => "fe80::"} ], ip => "10.64.0.245", ip6 => "2620:0:
Jira (PUP-7559) puppet doesn't specify file type to get default selinux context
Title: Message Title Tobias Urdin commented on PUP-7559 Re: puppet doesn't specify file type to get default selinux context Ping Josh Cooper - don't want to be a burden but this is pretty serious blocker. Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.191580.1495040547000.758.1617627900031%40Atlassian.JIRA.
Jira (FACT-3004) Do not auto promote dotted facts to structured
Title: Message Title Gheorghe Popescu updated an issue Facter / FACT-3004 Do not auto promote dotted facts to structured Change By: Gheorghe Popescu Story Points: 3 Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.393702.1617359453000.728.1617619200048%40Atlassian.JIRA.
Jira (FACT-3004) Do not auto promote dotted facts to structured
Title: Message Title Gheorghe Popescu updated an issue Facter / FACT-3004 Do not auto promote dotted facts to structured Change By: Gheorghe Popescu Sprint: NW - 2021-04-14 Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.393702.1617359453000.729.1617619200069%40Atlassian.JIRA.
Jira (PDB-5064) Handle \0x00 byte error and return a generic error message
Title: Message Title Oana Tanasoiu updated an issue PuppetDB / PDB-5064 Handle \0x00 byte error and return a generic error message Change By: Oana Tanasoiu Release Notes Summary: Description of the problem: When a \0x00 byte error is raised the existing response includes javax.servlet.ServletException and org.postgresql.util.PSQLException.Description of the fix: Only show the error message without the stacktrace and without the exception type class . (This was solved by the changes introduced for https://tickets.puppetlabs.com/browse/PDB-5063 ) Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.391375.1615936736000.720.1617609360031%40Atlassian.JIRA.
Jira (PDB-5063) Stop returning stack traces from the API endpoint
Title: Message Title Oana Tanasoiu updated an issue PuppetDB / PDB-5063 Stop returning stack traces from the API endpoint Change By: Oana Tanasoiu Release Notes Summary: Description of the problem: When the API endpoints throw an error, jetty includes the whole stack trace.Description of the fix: Only show the error message without the stacktrace and without the exception type class . Add Comment This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.391374.1615936508000.719.1617609300141%40Atlassian.JIRA.
