Feature #2153
Add trusted_hosts for puppetmaster interfaces, bypass proxy requirement
Description
#2121 added an requirement by default that permits access to puppetmaster interfaces if the connection has a trusted client SSL certificate and is from a registered smart proxy host.
It should also support a list of hosts to avoid the need for the proxy. Unsure whether this should bypass the SSL requirement or not.
Related issues
Associated revisions
History
#1
Updated by Dominic Cleal over 6 years ago
Updated by - Assignee deleted (
Ohad Levy)
#2
Updated by Dominic Cleal over 6 years ago
- Subject changed from Add trusted_hosts for puppetmaster interfaces, bypass SSL requirement to Add trusted_hosts for puppetmaster interfaces, bypass proxy requirement
#3
Updated by Dominic Cleal about 6 years ago
- Status changed from New to Ready For Testing
- Assignee set to Dominic Cleal
#4
Updated by Dominic Cleal about 6 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 0323590fd4828ed0a1ef8ecc34e12efc5d91317d.
#5
Updated by Ohad Levy about 6 years ago
Updated by - Target version set to 1.2.0
fixes #2153 - add trusted_puppetmaster_hosts setting to permit puppetmaster access
Connections to fact + report upload and externalNodes will be permitted from
any host listed in the trusted_puppetmaster_hosts setting, bypassing the
requirement for a registered smart proxy.
Setting model updated to support empty arrays for values and defaults.