Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-5061

Always restore full trusted information from store

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • PUP 4.3.2
    • None
    • None
    • 2
    • Language 2015-11-11, Language 2015-12-02, Language 2015-12-16, Language 2015-12-30, Language 2016-01-13
    • Bug Fix
    • Hide
      When the information was $trusted was stored in PuppetDB and caches (or just stored in a file) and later retrieved, the value of the authenticated key was modified depending on if the process ran as root or not. Now, there is no difference, the same information is always retrieved. Therefore, the flag authenticated should be interpreted as "how the trusted information was authenticated when it entered the system". This means that historical data retains how it was authenticated in the past, and that this information is obtained when reading it back in.
      Show
      When the information was $trusted was stored in PuppetDB and caches (or just stored in a file) and later retrieved, the value of the authenticated key was modified depending on if the process ran as root or not. Now, there is no difference, the same information is always retrieved. Therefore, the flag authenticated should be interpreted as "how the trusted information was authenticated when it entered the system". This means that historical data retains how it was authenticated in the past, and that this information is obtained when reading it back in.

    Description

      ORIGINAL REQUEST

      Add a '--trusted' option to 'puppet lookup' so that it can correctly deal with reincarnating trusted data values from store.

      UPDATED

      We decided that the trusted information should always be resurrected from storage the same way as it was written. This is slightly different than what it does today on 4.x as it changes "authenticated" to "local" when reading it back.
      With that in place, there is no need to have a --trusted option to the lookup app. It should always get and use correct trusted information. If we have the flag in the lookup implementation it should be removed.

      We also need to change the general logic to no longer change "authenticated" to "local" when reading from storage.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. PRE-86 Deprecate --trusted in light of PUP-5061

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved
          links to

          Web Link PR-4487

          Activity

            People

              steven.barlow Steve Barlow
              hailee Hailee Kenney
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support