Puppet auth.conf

1. ### Authenticated ACL - those applies only when the client
2. ### has a valid certificate and is thus authenticated
3.  
4. # allow nodes to retrieve their own catalog (ie their configuration)
5. path ~ ^/catalog/([^/]+)$
6. method find
7. allow $1
8.  
9. # allow nodes to retrieve their own node definition
10. path ~ ^/node/([^/]+)$
11. method find
12. allow $1
13.  
14. # allow all nodes to access the certificates services
15. path /certificate_revocation_list/ca
16. method find
17. allow *
18.  
19. # allow all nodes to store their reports
20. path /report
21. method save
22. allow *
23.  
24. # inconditionnally allow access to all files services
25. # which means in practice that fileserver.conf will
26. # still be used
27. path /file
28. allow *
29.  
30. ### Unauthenticated ACL, for clients for which the current master doesn't
31. ### have a valid certificate
32.  
33. # allow access to the master CA
34. path /certificate/ca
35. auth any
36. method find
37. allow *
38.  
39. path /certificate/
40. auth any
41. method find
42. allow *
43.  
44. path /certificate_request
45. auth any
46. method find, save
47. allow *
48.  
49. # this one is not stricly necessary, but it has the merit
50. # to show the default policy which is deny everything else
51. path /
52. auth any
53. #### NEED TO ALLOW * TO WORKAROUND AUTHENTICATION FAILURE
54. allow *