The puppet-augeasproviders_puppet from voxpupuli

Diff backwards and Changes not applied

Given the following auth.conf

path ~ ^/catalog/([^/]+)$
method find
auth yes
allow $1

path ~ ^/node/([^/]+)$
method find
auth yes
allow $1

path  /certificate_revocation_list/ca
method find
auth yes
allow *

path ~ ^/report/([^/]+)$
method save
auth yes
allow $1

path  /file
auth yes
allow *

path  /certificate/ca
method find
auth any
allow *

path  /certificate/
method find
auth any
allow *

path  /certificate_request
method find, save
auth any
allow *

path  /v2.0/environments
method find
auth yes
allow *

path  /facts
method find, search
auth any
allow pe-internal-dashboard

path  /resource_type
method find, search
auth yes
allow pe-internal-dashboard, pe-internal-classifier

path  /
auth any

With the following puppet code

  puppet_auth { 'allow the diff server to retrieve any catalog':
    ensure        => present,
    path          => '^/catalog/([^/]+)$',
    path_regex    => true,
    authenticated => 'yes',
    methods       => 'find',
    allow         => ['$1', $diff_master],
  }

  puppet_auth { 'allow the diff server to query facts':
    ensure        => present,
    path          => '/facts',
    authenticated => 'any',
    path_regex    => false,
    methods       => [ 'find', 'search'],
    allow         => ['$1', $diff_master, 'pe-internal-dashboard'],
  }

Causes the no changes and results in a rather strange diff

Notice: /Stage[main]/Catalog_diff/Puppet_auth[allow the diff server to retrieve any catalog]/allow: allow changed ['$1'] to '$1 compile-master-1.vm'
Notice: /Stage[main]/Catalog_diff/Puppet_auth[allow the diff server to query facts]/allow: allow changed ['pe-internal-dashboard'] to '$1 compile-master-1.vm pe-internal-dashboard'
Notice: /Stage[main]/Puppet_enterprise::Profile::Master::Auth_conf/File[/etc/puppetlabs/puppet/auth.conf]/content:
--- /etc/puppetlabs/puppet/auth.conf    2015-08-31 19:11:55.472823920 +0000
+++ /tmp/puppet-file20150831-22170-12rzjfw  2015-08-31 19:11:55.482828920 +0000
@@ -1,7 +1,7 @@
 path ~ ^/catalog/([^/]+)$
 method find
 auth yes
-allow $1, compile-master-1.vm
+allow $1

 path ~ ^/node/([^/]+)$
 method find
@@ -45,7 +45,7 @@
 path  /facts
 method find, search
 auth any
-allow $1, compile-master-1.vm, pe-internal-dashboard
+allow pe-internal-dashboard

 path  /resource_type
 method find, search

Supporting puppet.conf - design discussion

I have been trying to figure out how to manage the puppet.conf contents, and my preference is always augeasproviders. I'm trying to determine how best to tackle this.

1: A single giant type/provider set that handles the whole file. This just doesnt seem like it would work to me, because of sections like environments.

2: A separate type per section (main, master, agent, environments) with a shared provider? Is that even doable?

3: Separate type/provider per section. seems like lots of dupe work.

voxpupuli / puppet-augeasproviders_puppet Goto Github PK

puppet-augeasproviders_puppet's People

Stargazers

Watchers

Forkers

puppet-augeasproviders_puppet's Issues

Diff backwards and Changes not applied

Supporting puppet.conf - design discussion

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent