Details

    • Type: Epic
    • Status: Closed
    • Priority: Normal
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: SERVER 6.3.0
    • Component/s: None
    • Labels:
      None
    • Epic Name:
      Flexible catalog compilation
    • Template:
    • Acceptance Criteria:
      Hide

      See details in PE-25621 and PE-25714.

      Show
      See details in PE-25621 and PE-25714.
    • Team/s:
      Server
    • Epic Status:
      In Progress
    • Release Notes:
      New Feature
    • Release Notes Summary:
      Hide
      Puppet Server now has a new endpoint for catalog retrieval that allows many more options than the previous endpoint. This endpoint is controlled by tk-auth, and by default is not generally accessible. It is intended for use by other puppet services (like CD4PE). For details on the API, see https://github.com/puppetlabs/puppetserver/blob/master/documentation/puppet-api/v4/catalog.markdown.
      Show
      Puppet Server now has a new endpoint for catalog retrieval that allows many more options than the previous endpoint. This endpoint is controlled by tk-auth, and by default is not generally accessible. It is intended for use by other puppet services (like CD4PE). For details on the API, see https://github.com/puppetlabs/puppetserver/blob/master/documentation/puppet-api/v4/catalog.markdown .
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet Server currently only has one endpoint for requesting a catalog. This endpoint requires that the requester be requesting their own catalog, i.e. that the name on cert used to authenticate the request match the name of the node for which the catalog is being compiled. It also does not allow the caller to specify what happens with reports or facts.

      As we expand our portfolio, the need has arisen for an endpoint that allows requesting catalogs for other nodes. For example, CD4PE needs to request catalogs for arbitrary node names as part of Impact Analysis, and managing network devices requires a "proxy agent" to make catalog requests on the behalf of the devices being managed.

      We want to create a new catalog endpoint that allows certain entities to request catalogs for arbitrary nodes. In the case of CD4PE, this would probably be controlled via an RBAC permission (see PE-25566), which for device management it would be locked down to the proxy agent's cert.

      In order to service both of these use cases, this endpoint needs to be able to control whether or not reports and facts are saved to PuppetDB (CD4PE does not want this, Network Automation does), and under what name to save them. It also needs the ability to allow environments to be specified as part of the request, as an alternative to going through the classifier.

      This endpoint might also enable us to create a CLI tool satisfying PUP-9055, that calls this endpoint on the backend.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  maggie Maggie Dreyer
                • Votes:
                  2 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Zendesk Support