Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10473

Remove legacy auth.conf support

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 7.0.0
    • Component/s: None
    • Template:
      PUP Bug Template
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Method Found:
      Needs Assessment
    • Release Notes:
      Deprecation
    • Release Notes Summary:
      Hide
      Note this is a removal not a deprecation.

      Puppet's legacy auth.conf has been deprecated for several major releases, and puppet 7 removes support for legacy auth.conf entirely. As a result, all authorization to puppet REST APIs is controlled by puppetserver's auth.conf. In addition, "allow" and "deny" rules in puppet's fileserver.conf used for custom file mounts will be ignored and puppet will log an error for each entry. Finally, the `rest_authconfig` setting has been removed.
      Show
      Note this is a removal not a deprecation. Puppet's legacy auth.conf has been deprecated for several major releases, and puppet 7 removes support for legacy auth.conf entirely. As a result, all authorization to puppet REST APIs is controlled by puppetserver's auth.conf. In addition, "allow" and "deny" rules in puppet's fileserver.conf used for custom file mounts will be ignored and puppet will log an error for each entry. Finally, the `rest_authconfig` setting has been removed.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Per https://puppet.com/docs/puppetserver/latest/deprecated_features.html#use-of-core-puppet-authconf-for-authorizing-master-service-routes

      "The jruby-puppet.use-legacy-auth-conf setting will be removed from Puppet Server configuration, and Puppet Server will instead always use the new trapperkeeper-authorization “auth.conf” when authorizing client requests."

      This ticket is to remove the legacy authorization layer from puppet. This includes the rest_authconfig setting, the AuthConfigLoader, AuthConfigParser, DefaultAuthProvider, AuthConfig, Authorization, Rights, AuthStore, beaker and rspec tests.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              josh Josh Cooper
              Reporter:
              josh Josh Cooper
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support