On Tuesday, 18 April 2017 17:31:22 UTC+10, Martin Alfke wrote: > > > > On 18 Apr 2017, at 08:03, chris <[email protected] <javascript:>> > wrote: > > > > Hi guys, > > > > so I'm trying to restrict requests from known domains eg > > > > > > { # Allow nodes to request a new certificate match-request: { path: > "/puppet-ca/v1/certificate_request" type: path method: [get, put] } allow: > [ "*.dev.XXX.com", "*.dev.YYY.com" ] sort-order: 500 name: "puppetlabs > csr" }, > > > Did you restart puppetserver after doing the change? > Absolutely :) > > > > > > having read puppet docs on hocon style files, inc arrays, wildcards etc. > > > > However, when I try to use this, I get > > > > Client: > > Error: Could not request certificate: Error 403 on SERVER: Forbidden > request: /puppet-ca/v1/certificate_request/a.b.com (method :get). Please > see the server logs for details. > > > > > > > > Server: > > 2017-04-13 03:20:42,855 ERROR [qtp1106686223-70] [p.t.a.rules] Forbidden > request: 10.112.19.76 access to /puppet-ca/v1/certificate_request/a.b.com > (method :get) (authenticated: false) denied by rule 'puppetlabs csr'. > > > > > > > > Server version is 2.7.0 (puppet v4). > > > > Can anybody help? > > > > Thanks > > Chris > > > > > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/384ce816-ea37-45ca-aa8d-83a44f0bc732%40googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. > >
-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/57b4a06a-53bf-445a-afcd-e65f08b13d7a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
