Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6024

Restrict which files are inlined within the per-environment directory

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 4.4.0
    • Component/s: None
    • Labels:
    • Template:
    • Story Points:
      1
    • Sprint:
      Client 2016-03-09, Client 2016-03-23
    • Release Notes:
      Not Needed
    • Release Notes Summary:
      Restrict which files we consider to be inlineable to be consistent with puppetserver.

      Description

      Currently puppet's catalog terminus will inline metadata for anything within the per-environment code directory. However, puppetserver's ACL will only allow static content to be retrieved if the path is of the form $codedir/environments/<environment>/modules/*/files/**.

      Usually that is the case. However, if a user specifies a environment.conf with a custom modulepath, then it's possible for the resolved file path to be of the form $codedir/environments/<environment>/site/role/**, where role is interpreted as the module name. As a result, we will inline file metadata, but puppetserver will refuse to serve file content.

      We need to be more restrictive and only inline metadata for files of the form:

      $codedir/environments/<environment>/*/<module>/files/**.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              josh Josh Cooper
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support