Hi, I'm setting up a puppetserver that will be shared by multiple projects and would like to enforce some control over access to environment resources - particularly puppet:///modules/... file server URLs.
The environment name appears at the start of the URL, so with an Apache/Passenger setup I could put IP address-based access controls on an environment using a <Location> block so nodes in project A's subnet can't download files from project B's environment. I'm looking for ideas to do the same in a puppetserver world. Really what I want to do is block access to puppet:///modules/... from nodes with no node definition in the current environment, and the IP address access control is just an easy way of doing this in Apache/Passenger. I realize I could still put Apache in front of puppetserver and configure access controls there - modulo a couple of bugs like SERVER-213 and SERVER-217 - but maybe there's a better way using puppetserver. Thanks, Mike -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0a1f7977-5fb4-4df2-b60f-0a7e10bd5a02%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.