Project

General

Profile

Feature #2153

Add trusted_hosts for puppetmaster interfaces, bypass proxy requirement

Added by Dominic Cleal over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Dominic Cleal
Category:
Authentication
Target version:
1.2.0
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

#2121 added an requirement by default that permits access to puppetmaster interfaces if the connection has a trusted client SSL certificate and is from a registered smart proxy host.

It should also support a list of hosts to avoid the need for the proxy. Unsure whether this should bypass the SSL requirement or not.

Related issues

Related to Foreman - Bug #2121: Unauthenticated YAML fact and reports importers can be exploitedClosed2013-01-09

Associated revisions

Revision 0323590f (diff)
Added by Dominic Cleal over 9 years ago

fixes #2153 - add trusted_puppetmaster_hosts setting to permit puppetmaster access

Connections to fact + report upload and externalNodes will be permitted from
any host listed in the trusted_puppetmaster_hosts setting, bypassing the
requirement for a registered smart proxy.

Setting model updated to support empty arrays for values and defaults.

History

#1 Updated by Dominic Cleal over 9 years ago

  • Assignee deleted (Ohad Levy)

#2 Updated by Dominic Cleal over 9 years ago

  • Subject changed from Add trusted_hosts for puppetmaster interfaces, bypass SSL requirement to Add trusted_hosts for puppetmaster interfaces, bypass proxy requirement

#3 Updated by Dominic Cleal over 9 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Dominic Cleal

#4 Updated by Dominic Cleal over 9 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#5 Updated by Ohad Levy over 9 years ago

  • Target version set to 1.2.0

Also available in: Atom PDF