also allow whitelisted admin clients to clean certs
f63fdaa5d3ad
Actions

Description

also allow whitelisted admin clients to clean certs

During #728 a regression was introduced, denying the other whitelisted
admin clients cleaning/deletion of certificates:

2020-06-02T16:30:47.856+02:00 ERROR [qtp1105504743-114201] [p.t.a.rules] Forbidden request: puppetserver01.[...] access to /puppet-ca/v1/certificate_status/my.fancy.hostname (method :delete) (authenticated: true) denied by rule 'Allow nodes to delete their own certificates'.

The solution is to re-allow the entries within
@server_admin_api_whitelist, which usually contain "localhost" and the
fqdn of the puppetserver CA system.

Details

Provenance

Thore Bödecker <me@foxxx0.de>	Authored on Jun 2 2020, 4:37 PM
Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>	Committed on Jun 10 2020, 9:09 PM
olasd	Pushed on Oct 13 2020, 3:46 PM

Parents

rSPPUP34d53f78dfd6: Check CA path when creating the CA cert

Branches

Unknown

Tags

Unknown

Event Timeline

Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl> committed rSPPUPf63fdaa5d3ad: also allow whitelisted admin clients to clean certs (authored by Thore Bödecker <me@foxxx0.de>).Jun 10 2020, 9:09 PM

Changes (1)

Path

Size

templates/

server/

puppetserver/

conf.d/

auth.conf.erb

rSPPUPf63fdaa5d3ad

View Options

templates/server/puppetserver/conf.d/auth.conf.erb