Hi guys,
so I'm trying to restrict requests from known domains eg
{ # Allow nodes to request a new certificate match-request: { path:
"/puppet-ca/v1/certificate_request" type: path method: [get, put] } allow: [
"*.dev.XXX.com", "*.dev.YYY.com" ] sort-order: 500 name: "puppetlabs csr" },
having read puppet docs on hocon style files, inc arrays, wildcards etc.
However, when I try to use this, I get
Client:
Error: Could not request certificate: Error 403 on SERVER: Forbidden request:
/puppet-ca/v1/certificate_request/a.b.com (method :get). Please see the server
logs for details.
Server:
2017-04-13 03:20:42,855 ERROR [qtp1106686223-70] [p.t.a.rules] Forbidden
request: 10.112.19.76 access to /puppet-ca/v1/certificate_request/a.b.com
(method :get) (authenticated: false) denied by rule 'puppetlabs csr'.
Server version is 2.7.0 (puppet v4).
Can anybody help?
Thanks
Chris
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/384ce816-ea37-45ca-aa8d-83a44f0bc732%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
