[PUP-6024] Restrict which files are inlined within the per-environment directory - Puppet Tickets

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 4.4.0
Component/s: None
Labels:
- burnside-ss

Epic Link:
(Burnside) Direct Puppet: Client Static Catalog
Story Points:
1
Sprint:
Client 2016-03-09, Client 2016-03-23

Release Notes:
Not Needed
Release Notes Summary:
Restrict which files we consider to be inlineable to be consistent with puppetserver.

Description

Currently puppet's catalog terminus will inline metadata for anything within the per-environment code directory. However, puppetserver's ACL will only allow static content to be retrieved if the path is of the form $codedir/environments/<environment>/modules/*/files/**.

Usually that is the case. However, if a user specifies a environment.conf with a custom modulepath, then it's possible for the resolved file path to be of the form $codedir/environments/<environment>/site/role/**, where role is interpreted as the module name. As a result, we will inline file metadata, but puppetserver will refuse to serve file content.

We need to be more restrictive and only inline metadata for files of the form:

$codedir/environments/<environment>/*/<module>/files/**.

Attachments

Issue Links

relates to

SERVER-1195 /static_file_content should serve files from any directory, not just modules/

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Josh Cooper

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2016/03/08 3:50 PM

Updated:: 2016/03/17 10:53 AM

Resolved:: 2016/03/10 7:54 PM