Summary
client-whitelist and authorization-required in the puppet-admin section are explicitly deprecated and marked for future removal.
Evidence
src/clj/puppetlabs/services/puppet_admin/puppet_admin_service.clj:27 warns these settings are deprecated and will be removed.src/clj/puppetlabs/services/puppet_admin/puppet_admin_service.clj:31 repeats warning and states settings may be ignored in some combinations.
Proposed OpenVox Server 9 Change
- Remove
puppet-admin support for client-whitelist and authorization-required.
- Require authorization via
conf.d/auth.conf rules.
Compatibility / Risk
- Medium to high risk for deployments relying on inline whitelist authorization in this section.
- Requires explicit auth.conf rule migration.
Implementation Notes
- Remove parsing/usage paths in puppet-admin service/core for these fields.
- Update docs and default config examples with migration guidance.
Acceptance Criteria
- Deprecated
puppet-admin auth settings are no longer accepted.
- Puppet Admin endpoints authorize exclusively via configured authorization rules.
- Warning paths for deprecated settings are removed after feature removal.
Suggested Tests
- Startup/config tests for removed keys.
- Endpoint authorization tests validating auth.conf-driven behavior.
Summary
client-whitelistandauthorization-requiredin thepuppet-adminsection are explicitly deprecated and marked for future removal.Evidence
src/clj/puppetlabs/services/puppet_admin/puppet_admin_service.clj:27warns these settings are deprecated and will be removed.src/clj/puppetlabs/services/puppet_admin/puppet_admin_service.clj:31repeats warning and states settings may be ignored in some combinations.Proposed OpenVox Server 9 Change
puppet-adminsupport forclient-whitelistandauthorization-required.conf.d/auth.confrules.Compatibility / Risk
Implementation Notes
Acceptance Criteria
puppet-adminauth settings are no longer accepted.Suggested Tests