autosign.conf should take IP/subnet specifications as well as hostnames
|Affected Puppet version:||0.24.5||Branch:|
Not really a duplicate of #1361, as that is adding completely different ACL functionality and only implicitly adding IP support.
I note there is actually a comment in lib/puppet/network/handler/ca.rb saying “# FIXME autosign? should probably accept both hostnames and IP addresses”
#4 Updated by Oliver Hookins over 4 years ago
[puppetmasterd] autosign = /etc/puppet/autosign.conf
I just tested an IP address but it didn’t work. I can’t see how it can work if the autosign? function only takes and is passed a hostname. Even if an IP address is in the AuthStore, the only thing that would be tested is a hostname. Matching subnets obviously is a whole different matter.