[PUP-5534] (Static Catalog) As a puppet node, I should only be able to retrieve historical file content for files in <codedir>/environments/*/modules/*/files/* - Puppet Jira Server

XML

Word

Printable

Details

Type: Story
Status: Closed
Priority: Normal
Resolution: Incomplete
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Epic Link:
Direct Puppet Initiative

Description

As a puppet node, I should only be able to retrieve historical file content for files which I have permission to access.

Static Catalog
1. local file has drifted. So we need to retrieve the right original file content that is consistent with the one we are applying
2. auth part: removing implicit path expansion of puppet:///modules/mod_name/file_name urls to modules/mod_name/files/file_name. A valid client cert can access everything from any module's files directory. Make sure that as an unauthenticated connection cannot get file content. Also make sure you cannot cause a path traversal attack even with a valid client cert.

Attachments

Issue Links

is blocked by

SERVER-999 (Burnside) Direct Puppet: Server Static Catalog

Closed

PUP-5497 (Burnside) Direct Puppet: Client Static Catalog

Closed

PUP-5864 Static catalog acceptance: Server should only allow access to <codedir>/environments/*/modules/*/files/*, Story PUP-5534

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: Sean Griffin

QA Contact:: Sean Griffin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2015/11/20 11:20 AM

Updated:: 2017/05/21 8:24 PM

Resolved:: 2017/05/21 8:24 PM

(Static Catalog) As a puppet node, I should only be able to retrieve historical file content for files in <codedir>/environments//modules//files/*