Skip to content

Commit

Permalink
(puppetlabsGH-3296) Prefer cert auth to token auth for puppetdb client
Browse files Browse the repository at this point in the history
Previously regardless of using certs any puppetdb token (either read from default location OR configured in settings) would be sent in x-authentication header for puppetdb requests. In the case a cert is configured, do not include this as the puppetdb endpoint will 401 in the case a valid cert but revoked token is presented.
  • Loading branch information
donoghuc committed Apr 11, 2024
1 parent 8266293 commit ef84667
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion lib/bolt/puppetdb/config.rb
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ def self.default_config
end

def token
return @token if @token
return @token if @token_computed
# Allow nil in config to skip loading a token
if @settings.include?('token')
if @settings['token']
Expand All @@ -69,6 +69,12 @@ def token
elsif File.exist?(DEFAULT_TOKEN)
@token = File.read(DEFAULT_TOKEN)
end
# Only use cert based auth in the case token and cert are both configured
if @token && cert
Bolt::Logger.logger(self).debug("Both cert and token based auth configured, using cert only")
@token = nil
end
@token_computed = true
@token = @token.strip if @token
end

Expand Down

0 comments on commit ef84667

Please sign in to comment.