Revision 7c288f9c
Added by Michael Moll over 5 years ago
templates/auth.conf.erb | ||
---|---|---|
# otherwise, the general rules may "steal" requests that should be
|
||
# governed by the specific rules.
|
||
#
|
||
# See https://docs.puppetlabs.com/puppet/latest/reference/config_file_auth.html
|
||
# See https://puppet.com/docs/puppet/latest/config_file_auth.html
|
||
# for a more complete description of auth.conf's behavior.
|
||
#
|
||
# Supported syntax:
|
||
... | ... | |
# (ie exactly as if auth yes was present).
|
||
#
|
||
|
||
# CONTROLLING FILE ACCESS (previously in fileserver.conf)
|
||
|
||
# In previous versions of Puppet, you controlled file access by adding
|
||
# rules to fileserver.conf. In Puppet 5 with Puppet Server, you can control
|
||
# file access in auth.conf by controlling the /file_metadata(s)/<mount point>,
|
||
# /file_content(s)/<mount point>, and /static_file_content/<file> paths. See the
|
||
# Puppet Server documentation at
|
||
# https://puppet.com/docs/puppetserver/latest/config_file_auth.html.
|
||
#
|
||
# If you are not using Puppet Server, or are using Puppet Server but with the
|
||
# "jruby-puppet.use-legacy-auth-conf" setting set to "true", you could set the
|
||
# desired file access in a new rule in this file. For example:
|
||
#
|
||
# path ~ ^/file_(metadata|content)s?/extra_files/
|
||
# auth yes
|
||
# allow /^(.+)\.example\.com$/
|
||
# allow_ip 192.168.100.0/24
|
||
#
|
||
# If added to auth.conf BEFORE the default "path /file" rule, this rule
|
||
# will add stricter restrictions to the extra_files mount point.
|
||
|
||
### Authenticated ACLs - these rules apply only when the client
|
||
### has a valid certificate and is thus authenticated
|
||
|
||
... | ... | |
auth any
|
||
method find, save
|
||
allow *
|
||
|
||
<% if scope.lookupvar('::puppet::listen') -%>
|
||
|
||
path /run
|
||
auth any
|
||
method save
|
Also available in: Unified diff
reduce diff to Puppet distributed files