Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10473

Remove legacy auth.conf support

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • None
    • PUP 7.0.0
    • None
    • Coremunity
    • Platform Core KANBAN
    • Needs Assessment
    • Deprecation
    • Hide
      Note this is a removal not a deprecation.

      Puppet's legacy auth.conf has been deprecated for several major releases, and puppet 7 removes support for legacy auth.conf entirely. As a result, all authorization to puppet REST APIs is controlled by puppetserver's auth.conf. In addition, "allow" and "deny" rules in puppet's fileserver.conf used for custom file mounts will be ignored and puppet will log an error for each entry. Finally, the `rest_authconfig` setting has been removed.
      Show
      Note this is a removal not a deprecation. Puppet's legacy auth.conf has been deprecated for several major releases, and puppet 7 removes support for legacy auth.conf entirely. As a result, all authorization to puppet REST APIs is controlled by puppetserver's auth.conf. In addition, "allow" and "deny" rules in puppet's fileserver.conf used for custom file mounts will be ignored and puppet will log an error for each entry. Finally, the `rest_authconfig` setting has been removed.
    • Needs Assessment

    Description

      Per https://puppet.com/docs/puppetserver/latest/deprecated_features.html#use-of-core-puppet-authconf-for-authorizing-master-service-routes

      "The jruby-puppet.use-legacy-auth-conf setting will be removed from Puppet Server configuration, and Puppet Server will instead always use the new trapperkeeper-authorization “auth.conf” when authorizing client requests."

      This ticket is to remove the legacy authorization layer from puppet. This includes the rest_authconfig setting, the AuthConfigLoader, AuthConfigParser, DefaultAuthProvider, AuthConfig, Authorization, Rights, AuthStore, beaker and rspec tests.

      Attachments

        Issue Links

          is blocked by

          Task - A task that needs to be done. SERVER-2778 Remove legacy auth setting

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved

          Activity

            People

              josh Josh Cooper
              josh Josh Cooper
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support