fix: do not treat clientcert as a legacy network fact in puppet lookup#9579
Open
raman1236 wants to merge 1 commit intopuppetlabs:mainfrom
Open
fix: do not treat clientcert as a legacy network fact in puppet lookup#9579raman1236 wants to merge 1 commit intopuppetlabs:mainfrom
raman1236 wants to merge 1 commit intopuppetlabs:mainfrom
Conversation
Remove clientcert from TRUSTED_INFORMATION_FACTS so that its presence in a --facts file does not require hostname, domain, and fqdn to also be present. clientcert is not a facter fact but is set by puppet agent. In puppet 8, legacy facts (hostname, domain, fqdn) are no longer calculated by default, but clientcert is still present in cached facts. This caused puppet lookup to fail with 'they must all be overridden' when using cached facts. Fixes puppetlabs#9564
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Remove
clientcertfromTRUSTED_INFORMATION_FACTSinpuppet lookupso that its presence in a--factsfile does not requirehostname,domain, andfqdnto also be present.Problem
In Puppet 8, legacy facts (
hostname,domain,fqdn) are no longer calculated by default. However,clientcertis still present in cached facts because it's set by puppet agent (not facter).When running
puppet lookup --facts <facts_file>, if the facts file containsclientcertbut not the other three facts, puppet raises:Removing
clientcertworks around the error, but then$trusted['certname']is broken.Fix
Remove
clientcertfromTRUSTED_INFORMATION_FACTS. It is not a facter fact and should not be grouped with the network addressing facts (hostname,domain,fqdn).Tests
Updated existing tests and added a new test verifying that providing only
clientcertwithout the other facts does not raise an error.Fixes #9564