Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-5061

Always restore full trusted information from store

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 4.3.2
    • Component/s: None
    • Labels:
      None
    • Template:
    • Epic Link:
    • Story Points:
      2
    • Sprint:
      Language 2015-11-11, Language 2015-12-02, Language 2015-12-16, Language 2015-12-30, Language 2016-01-13
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      When the information was $trusted was stored in PuppetDB and caches (or just stored in a file) and later retrieved, the value of the authenticated key was modified depending on if the process ran as root or not. Now, there is no difference, the same information is always retrieved. Therefore, the flag authenticated should be interpreted as "how the trusted information was authenticated when it entered the system". This means that historical data retains how it was authenticated in the past, and that this information is obtained when reading it back in.
      Show
      When the information was $trusted was stored in PuppetDB and caches (or just stored in a file) and later retrieved, the value of the authenticated key was modified depending on if the process ran as root or not. Now, there is no difference, the same information is always retrieved. Therefore, the flag authenticated should be interpreted as "how the trusted information was authenticated when it entered the system". This means that historical data retains how it was authenticated in the past, and that this information is obtained when reading it back in.

      Description

      ORIGINAL REQUEST


      Add a '--trusted' option to 'puppet lookup' so that it can correctly deal with reincarnating trusted data values from store.

      UPDATED


      We decided that the trusted information should always be resurrected from storage the same way as it was written. This is slightly different than what it does today on 4.x as it changes "authenticated" to "local" when reading it back.
      With that in place, there is no need to have a --trusted option to the lookup app. It should always get and use correct trusted information. If we have the flag in the lookup implementation it should be removed.

      We also need to change the general logic to no longer change "authenticated" to "local" when reading from storage.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              steven.barlow Steve Barlow
              Reporter:
              hailee Hailee Kenney
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support