Hi guys,
so I'm trying to restrict requests from known domains eg
{ # Allow nodes to request a new certificate match-request: { path:
"/puppet-ca/v1/certificate_request" type: path method: [get, put] } allow: [
"*.dev.XXX.com", "*.dev.YYY.com" ] sort-order: 500 name: "puppetlabs csr" },
having read puppet docs on hocon style files, inc arrays, wildcards etc.
However, when I try to use this, I get
Client:
Error: Could not request certificate: Error 403 on SERVER: Forbidden request:
/puppet-ca/v1/certificate_request/a.b.com (method :get). Please see the server
logs for details.
Server:
2017-04-13 03:20:42,855 ERROR [qtp1106686223-70] [p.t.a.rules] Forbidden
request: 10.112.19.76 access to /puppet-ca/v1/certificate_request/a.b.com
(method :get) (authenticated: false) denied by rule 'puppetlabs csr'.
Server version is 2.7.0 (puppet v4).
Can anybody help?
Thanks
Chris
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/384ce816-ea37-45ca-aa8d-83a44f0bc732%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
