In the file resource which manages /etc/bashrc you have probably a parameter like: *source => puppet:///files/etcbashrc*
that should be something like: *source => puppet:///modules/$MODULENAME/etcbashrc* this implies that your source etcbashrc file is in a module called $MODULENAME in the files/etcbashrc location (note that you don't have to specify "files" in the source param. For details: https://puppet.com/docs/puppet/6.4/modules_fundamentals.html#files-in-modules On Thursday, May 23, 2019 at 10:13:38 PM UTC+2, Chris Phillips wrote: > > I am using Puppet v5.5.13 and am receiving the following error. Any help > would be appreciated. > > *Error: /Stage[main]/Profiles::Base/File[/etc/bashrc]: Could not evaluate: > Could not retrieve file metadata for puppet:///files/etcbashrc: Error 500 > on SERVER: Server Error: Not authorized to call find on > /file_metadata/files/etcbashrc with {:rest=>"files/etcbashrc", > :links=>"manage", :checksum_type=>"md5", :source_permissions=>"ignore"}* > > > *My auth.conf looks like:* > > > authorization: { > > version: 1 > > allow-header-cert-info: false > > rules: [ > > { > > # Allow file metadata > > match-request: { > > path: "^/file_(metadata|content)/files/" > > type: regex > > } > > allow: "*" > > sort-order: 400 > > name: "access to all file metadata" > > }, > > { > > # Allow any file access > > match-request: { > > path: "^/puppet/v3/file_(content|metadata)s?/files" > > type: regex > > method: [get, post] > > } > > allow: "*" > > sort-order: 400 > > name: "access to all files" > > }, > > { > > # Allow nodes to retrieve their own catalog > > match-request: { > > path: "^/puppet/v3/catalog/([^/]+)$" > > type: regex > > method: [get, post] > > } > > allow: ["$1"] > > sort-order: 500 > > name: "puppetlabs catalog" > > }, > > { > > # Allow nodes to retrieve the certificate they requested > earlier > > match-request: { > > path: "/puppet-ca/v1/certificate/" > > type: path > > method: get > > } > > allow-unauthenticated: true > > sort-order: 500 > > name: "puppetlabs certificate" > > }, > > { > > # Allow all nodes to access the certificate revocation list > > match-request: { > > path: "/puppet-ca/v1/certificate_revocation_list/ca" > > type: path > > method: get > > } > > allow-unauthenticated: true > > sort-order: 500 > > name: "puppetlabs crl" > > }, > > { > > # Allow nodes to request a new certificate > > match-request: { > > path: "/puppet-ca/v1/certificate_request" > > type: path > > method: [get, put] > > } > > allow-unauthenticated: true > > sort-order: 500 > > name: "puppetlabs csr" > > }, > > { > > # Allow the CA CLI to access the certificate_status endpoint > > match-request: { > > path: "/puppet-ca/v1/certificate_status" > > type: path > > method: [get, put, delete] > > } > > allow: [ > > "localhost", > > "example.com", > > { > > extensions: { > > pp_cli_auth: "true" > > } > > } > > ] > > sort-order: 500 > > name: "puppetlabs cert status" > > }, > > { > > # Allow the CA CLI to access the certificate_statuses endpoint > > match-request: { > > path: "/puppet-ca/v1/certificate_statuses" > > type: path > > method: get > > } > > allow: [ > > "localhost", > > "example.com", > > { > > extensions: { > > pp_cli_auth: "true" > > } > > } > > ] > > sort-order: 500 > > name: "puppetlabs cert statuses" > > }, > > { > > # Allow unauthenticated access to the status service endpoint > > match-request: { > > path: "/status/v1/services" > > type: path > > method: get > > } > > allow-unauthenticated: true > > sort-order: 500 > > name: "puppetlabs status service - full" > > }, > > { > > match-request: { > > path: "/status/v1/simple" > > type: path > > method: get > > } > > allow-unauthenticated: true > > sort-order: 500 > > name: "puppetlabs status service - simple" > > }, > > { > > match-request: { > > path: "/puppet-admin-api/v1/environment-cache" > > type: path > > method: delete > > } > > allow: [ > > "localhost", > > "example.com", > > ] > > sort-order: 200 > > name: "environment-cache" > > }, > > { > > match-request: { > > path: "/puppet-admin-api/v1/jruby-pool" > > type: path > > method: delete > > } > > allow: [ > > "localhost", > > "example.com", > > ] > > sort-order: 200 > > name: "jruby-pool" > > }, > > { > > match-request: { > > path: "/puppet/v3/environments" > > type: path > > method: get > > } > > allow: "*" > > sort-order: 500 > > name: "puppetlabs environments" > > }, > > { > > match-request: { > > path: "/puppet/v3/environment_classes" > > type: path > > method: get > > } > > allow: "*" > > sort-order: 500 > > name: "puppetlabs environment classes" > > }, > > { > > # Allow nodes to access all file_bucket_files. Note that > access for > > # the 'delete' method is forbidden by Puppet regardless of the > > # configuration of this rule. > > match-request: { > > path: "/puppet/v3/file_bucket_file" > > type: path > > method: [get, head, post, put] > > } > > allow: "*" > > sort-order: 500 > > name: "puppetlabs file bucket file" > > }, > > { > > # Allow nodes to access all file_content. Note that access > for the > > # 'delete' method is forbidden by Puppet regardless of the > > # configuration of this rule. > > match-request: { > > path: "/puppet/v3/file_content" > > type: path > > method: [get, post] > > } > > allow: "*" > > sort-order: 500 > > name: "puppetlabs file content" > > }, > > { > > # Allow nodes to access all file_metadata. Note that access > for the > > # 'delete' method is forbidden by Puppet regardless of the > > # configuration of this rule. > > match-request: { > > path: "/puppet/v3/file_metadata" > > type: path > > method: [get, post] > > } > > allow: "*" > > sort-order: 500 > > name: "puppetlabs file metadata" > > }, > > { > > # Allow nodes to access all file_content. Note that access > for the > > # 'delete' method is forbidden by Puppet regardless of the > > # configuration of this rule. > > match-request: { > > path: "/puppet/v3/files/" > > type: path > > method: [get, post] > > } > > allow: "*" > > sort-order: 500 > > name: "puppet file content" > > }, > > { > > # Allow nodes to access all file_content. Note that access > for the > > # 'delete' method is forbidden by Puppet regardless of the > > # configuration of this rule. > > match-request: { > > path: "/files/" > > type: path > > method: [get, post] > > } > > allow: "*" > > sort-order: 500 > > name: "puppets file content" > > }, > > { > > # Allow nodes to retrieve only their own node definition > > match-request: { > > path: "^/puppet/v3/node/([^/]+)$" > > type: regex > > method: get > > } > > allow: "$1" > > sort-order: 500 > > name: "puppetlabs node" > > }, > > { > > # Allow nodes to store only their own reports > > match-request: { > > path: "^/puppet/v3/report/([^/]+)$" > > type: regex > > method: put > > } > > allow: "$1" > > sort-order: 500 > > name: "puppetlabs report" > > }, > > { > > # Allow nodes to update their own facts > > match-request: { > > path: "^/puppet/v3/facts/([^/]+)$" > > type: regex > > method: put > > } > > allow: "$1" > > sort-order: 500 > > name: "puppetlabs facts" > > }, > > { > > match-request: { > > path: "/puppet/v3/status" > > type: path > > method: get > > } > > allow-unauthenticated: true > > sort-order: 500 > > name: "puppetlabs status" > > }, > > { > > match-request: { > > path: "/puppet/v3/static_file_content" > > type: path > > method: get > > } > > allow: "*" > > sort-order: 500 > > name: "puppetlabs static file content" > > }, > > { > > match-request: { > > path: "/puppet/v3/tasks" > > type: path > > } > > allow: "*" > > sort-order: 500 > > name: "puppet tasks information" > > }, > > { > > # Allow all users access to the experimental endpoint > > # which currently only provides a dashboard web ui. > > match-request: { > > path: "/puppet/experimental" > > type: path > > } > > allow-unauthenticated: true > > sort-order: 500 > > name: "puppetlabs experimental" > > }, > > { > > match-request: { > > path: "/puppet/files" > > type: path > > } > > allow: "*" > > sort-order: 500 > > name: "puppet" > > }, > > { > > match-request: { > > path: "/puppet/file_metadata" > > type: path > > } > > allow: "*" > > sort-order: 500 > > name: "puppet_metadata" > > } > > ] > > } > > > If anything is needed to help troubleshoot let me know and I will be happy > to post. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/760b932c-47e0-43aa-9e78-318646baa57b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
