Resynced from the puppetserver 2.3.1 RPM and then added the addtional "puppetlabs resource type" rule.
I ran into problems with the 'puppetlabs crl' rule not allowing unauthenticated access. This is required when proxying CA endpoints from another puppet master.
I'm not sure about the new "puppetlabs static file content" rule. But I guess if it's in the RPMs being shipped someone will probably miss it if it's omitted.
The "puppetlabs resource type" rule is required to support upcoming changes to smart-proxy: theforeman/smart-proxy#376
Added by Alex Fisher about 8 years ago
Update puppetserver conf.d/auth.conf
Resynced from the puppetserver 2.3.1 RPM and then added
the addtional "puppetlabs resource type" rule.
I ran into problems with the 'puppetlabs crl' rule not allowing
unauthenticated access. This is required when proxying CA endpoints
from another puppet master.
https://docs.puppet.com/guides/scaling_multiple_masters.html#option-2-proxy-certificate-traffic
I'm not sure about the new "puppetlabs static file content" rule. But I
guess if it's in the RPMs being shipped someone will probably miss it if
it's omitted.
The "puppetlabs resource type" rule is required to support upcoming
changes to smart-proxy: theforeman/smart-proxy#376
closes GH-388