Hi Guys,
I'm trying to use a wildcard list of domains to allow CSRs eg
{
# Allow nodes to request a new certificate
match-request: {
path: "/puppet-ca/v1/certificate_request"
type: path
method: [get, put]
}
allow: [ "*.dev.XXX.com", "*.dev.YYY.com" ]
sort-order: 500
name: "puppetlabs csr"
},
Ref https://docs.puppet.com/puppetserver/latest/config_file_auth.html#hocon-example for array example and the server log file insists that you use double-quotes around "*" based values.
However, when I try this, I still get Error: Could not request certificate: Error 403 on SERVER: Forbidden request: /puppet-ca/v1/certificate_request/a.dev.XXX.com (method :get). Please see the server logs for details. I've googled a lot, but can't find any examples; surely I'm not the only one who needs this.
Chris