I thought the same and have tried that to no avail. I believe its because we are storing the files outside of the standard modules directory ie /etc/puppetlabs/code where as we are using /etc/puppetlabs/example/code.
Thanks, Chris > On May 28, 2019, at 6:03 AM, Alessandro Franceschi <a...@lab42.it> wrote: > > In the file resource which manages /etc/bashrc you have probably a parameter > like: > source => puppet:///files/etcbashrc <puppet:///files/etcbashrc> > > that should be something like: > > source => puppet:///modules/$MODULENAME/etcbashrc > <puppet:///modules/$MODULENAME/etcbashrc> > this implies that your source etcbashrc file is in a module called > $MODULENAME in the files/etcbashrc location (note that you don't have to > specify "files" in the source param. > > For details: > https://puppet.com/docs/puppet/6.4/modules_fundamentals.html#files-in-modules > <https://puppet.com/docs/puppet/6.4/modules_fundamentals.html#files-in-modules> > > On Thursday, May 23, 2019 at 10:13:38 PM UTC+2, Chris Phillips wrote: > I am using Puppet v5.5.13 and am receiving the following error. Any help > would be appreciated. > > Error: /Stage[main]/Profiles::Base/File[/etc/bashrc]: Could not evaluate: > Could not retrieve file metadata for puppet:///files/etcbashrc: Error 500 on > SERVER: Server Error: Not authorized to call find on > /file_metadata/files/etcbashrc with {:rest=>"files/etcbashrc", > :links=>"manage", :checksum_type=>"md5", :source_permissions=>"ignore"} > > > > My auth.conf looks like: > > > > authorization: { > > version: 1 > > allow-header-cert-info: false > > rules: [ > > { > > # Allow file metadata > > match-request: { > > path: "^/file_(metadata|content)/files/" > > type: regex > > } > > allow: "*" > > sort-order: 400 > > name: "access to all file metadata" > > }, > > { > > # Allow any file access > > match-request: { > > path: "^/puppet/v3/file_(content|metadata)s?/files" > > type: regex > > method: [get, post] > > } > > allow: "*" > > sort-order: 400 > > name: "access to all files" > > }, > > { > > # Allow nodes to retrieve their own catalog > > match-request: { > > path: "^/puppet/v3/catalog/([^/]+)$" > > type: regex > > method: [get, post] > > } > > allow: ["$1"] > > sort-order: 500 > > name: "puppetlabs catalog" > > }, > > { > > # Allow nodes to retrieve the certificate they requested earlier > > match-request: { > > path: "/puppet-ca/v1/certificate/" > > type: path > > method: get > > } > > allow-unauthenticated: true > > sort-order: 500 > > name: "puppetlabs certificate" > > }, > > { > > # Allow all nodes to access the certificate revocation list > > match-request: { > > path: "/puppet-ca/v1/certificate_revocation_list/ca" > > type: path > > method: get > > } > > allow-unauthenticated: true > > sort-order: 500 > > name: "puppetlabs crl" > > }, > > { > > # Allow nodes to request a new certificate > > match-request: { > > path: "/puppet-ca/v1/certificate_request" > > type: path > > method: [get, put] > > } > > allow-unauthenticated: true > > sort-order: 500 > > name: "puppetlabs csr" > > }, > > { > > # Allow the CA CLI to access the certificate_status endpoint > > match-request: { > > path: "/puppet-ca/v1/certificate_status" > > type: path > > method: [get, put, delete] > > } > > allow: [ > > "localhost", > > "example.com <http://example.com/>", > > { > > extensions: { > > pp_cli_auth: "true" > > } > > } > > ] > > sort-order: 500 > > name: "puppetlabs cert status" > > }, > > { > > # Allow the CA CLI to access the certificate_statuses endpoint > > match-request: { > > path: "/puppet-ca/v1/certificate_statuses" > > type: path > > method: get > > } > > allow: [ > > "localhost", > > "example.com <http://example.com/>", > > { > > extensions: { > > pp_cli_auth: "true" > > } > > } > > ] > > sort-order: 500 > > name: "puppetlabs cert statuses" > > }, > > { > > # Allow unauthenticated access to the status service endpoint > > match-request: { > > path: "/status/v1/services" > > type: path > > method: get > > } > > allow-unauthenticated: true > > sort-order: 500 > > name: "puppetlabs status service - full" > > }, > > { > > match-request: { > > path: "/status/v1/simple" > > type: path > > method: get > > } > > allow-unauthenticated: true > > sort-order: 500 > > name: "puppetlabs status service - simple" > > }, > > { > > match-request: { > > path: "/puppet-admin-api/v1/environment-cache" > > type: path > > method: delete > > } > > allow: [ > > "localhost", > > "example.com <http://example.com/>", > > ] > > sort-order: 200 > > name: "environment-cache" > > }, > > { > > match-request: { > > path: "/puppet-admin-api/v1/jruby-pool" > > type: path > > method: delete > > } > > allow: [ > > "localhost", > > "example.com <http://example.com/>", > > ] > > sort-order: 200 > > name: "jruby-pool" > > }, > > { > > match-request: { > > path: "/puppet/v3/environments" > > type: path > > method: get > > } > > allow: "*" > > sort-order: 500 > > name: "puppetlabs environments" > > }, > > { > > match-request: { > > path: "/puppet/v3/environment_classes" > > type: path > > method: get > > } > > allow: "*" > > sort-order: 500 > > name: "puppetlabs environment classes" > > }, > > { > > # Allow nodes to access all file_bucket_files. Note that access > for > > # the 'delete' method is forbidden by Puppet regardless of the > > # configuration of this rule. > > match-request: { > > path: "/puppet/v3/file_bucket_file" > > type: path > > method: [get, head, post, put] > > } > > allow: "*" > > sort-order: 500 > > name: "puppetlabs file bucket file" > > }, > > { > > # Allow nodes to access all file_content. Note that access for > the > > # 'delete' method is forbidden by Puppet regardless of the > > # configuration of this rule. > > match-request: { > > path: "/puppet/v3/file_content" > > type: path > > method: [get, post] > > } > > allow: "*" > > sort-order: 500 > > name: "puppetlabs file content" > > }, > > { > > # Allow nodes to access all file_metadata. Note that access for > the > > # 'delete' method is forbidden by Puppet regardless of the > > # configuration of this rule. > > match-request: { > > path: "/puppet/v3/file_metadata" > > type: path > > method: [get, post] > > } > > allow: "*" > > sort-order: 500 > > name: "puppetlabs file metadata" > > }, > > { > > # Allow nodes to access all file_content. Note that access for > the > > # 'delete' method is forbidden by Puppet regardless of the > > # configuration of this rule. > > match-request: { > > path: "/puppet/v3/files/" > > type: path > > method: [get, post] > > } > > allow: "*" > > sort-order: 500 > > name: "puppet file content" > > }, > > { > > # Allow nodes to access all file_content. Note that access for > the > > # 'delete' method is forbidden by Puppet regardless of the > > # configuration of this rule. > > match-request: { > > path: "/files/" > > type: path > > method: [get, post] > > } > > allow: "*" > > sort-order: 500 > > name: "puppets file content" > > }, > > { > > # Allow nodes to retrieve only their own node definition > > match-request: { > > path: "^/puppet/v3/node/([^/]+)$" > > type: regex > > method: get > > } > > allow: "$1" > > sort-order: 500 > > name: "puppetlabs node" > > }, > > { > > # Allow nodes to store only their own reports > > match-request: { > > path: "^/puppet/v3/report/([^/]+)$" > > type: regex > > method: put > > } > > allow: "$1" > > sort-order: 500 > > name: "puppetlabs report" > > }, > > { > > # Allow nodes to update their own facts > > match-request: { > > path: "^/puppet/v3/facts/([^/]+)$" > > type: regex > > method: put > > } > > allow: "$1" > > sort-order: 500 > > name: "puppetlabs facts" > > }, > > { > > match-request: { > > path: "/puppet/v3/status" > > type: path > > method: get > > } > > allow-unauthenticated: true > > sort-order: 500 > > name: "puppetlabs status" > > }, > > { > > match-request: { > > path: "/puppet/v3/static_file_content" > > type: path > > method: get > > } > > allow: "*" > > sort-order: 500 > > name: "puppetlabs static file content" > > }, > > { > > match-request: { > > path: "/puppet/v3/tasks" > > type: path > > } > > allow: "*" > > sort-order: 500 > > name: "puppet tasks information" > > }, > > { > > # Allow all users access to the experimental endpoint > > # which currently only provides a dashboard web ui. > > match-request: { > > path: "/puppet/experimental" > > type: path > > } > > allow-unauthenticated: true > > sort-order: 500 > > name: "puppetlabs experimental" > > }, > > { > > match-request: { > > path: "/puppet/files" > > type: path > > } > > allow: "*" > > sort-order: 500 > > name: "puppet" > > }, > > { > > match-request: { > > path: "/puppet/file_metadata" > > type: path > > } > > allow: "*" > > sort-order: 500 > > name: "puppet_metadata" > > } > > ] > > > } > > > > If anything is needed to help troubleshoot let me know and I will be happy to > post. > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com > <mailto:puppet-users+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/760b932c-47e0-43aa-9e78-318646baa57b%40googlegroups.com > > <https://groups.google.com/d/msgid/puppet-users/760b932c-47e0-43aa-9e78-318646baa57b%40googlegroups.com?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4F69F537-AC9F-4BA5-A954-567473C142BD%40gmail.com. For more options, visit https://groups.google.com/d/optout.
