diff options
| author | Pieter van de Bruggen <pieter@puppetlabs.com> | 2011-05-04 16:44:48 -0700 |
|---|---|---|
| committer | Pieter van de Bruggen <pieter@puppetlabs.com> | 2011-05-04 16:44:48 -0700 |
| commit | 5076c3794dcbfd708d9169d720b8fc5a41998a14 (patch) | |
| tree | 84a9ae74e7a9334d9b407da2a412c81388b4fd20 /lib | |
| parent | d4df6cc2274e119fb2a67bca0912667b0fef7866 (diff) | |
| download | puppet-5076c3794dcbfd708d9169d720b8fc5a41998a14.tar.gz puppet-5076c3794dcbfd708d9169d720b8fc5a41998a14.tar.xz puppet-5076c3794dcbfd708d9169d720b8fc5a41998a14.zip | |
(#7179) Modify default ACL for /node/<name>.
By default, it is useful to permit an individual node to query
information about itself, and there is no good reason to reject
this by default.
Paired-With: Nick Lewis
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/puppet/network/rest_authconfig.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/puppet/network/rest_authconfig.rb b/lib/puppet/network/rest_authconfig.rb index cf76978fe..dfe8f85c4 100644 --- a/lib/puppet/network/rest_authconfig.rb +++ b/lib/puppet/network/rest_authconfig.rb @@ -8,6 +8,7 @@ module Puppet DEFAULT_ACL = [ { :acl => "~ ^\/catalog\/([^\/]+)$", :method => :find, :allow => '$1', :authenticated => true }, + { :acl => "~ ^\/node\/([^\/]+)$", :method => :find, :allow => '$1', :authenticated => true }, # this one will allow all file access, and thus delegate # to fileserver.conf { :acl => "/file" }, |