Comments (4)
I see, didn't realize there was a use case for both. In that case, I think at least just not including the token again if the token was invalid to avoid repeat failures seems reasonable.
from bolt.
I think what makes sense to me without introducing a new flag or something is:
- If either token OR cert is specified, use it.
- If both are specified, try the token first. If that fails, record that it failed and don't try using it again, and use the cert/key. If the cert/key is invalid, let that then fail, perhaps with a message saying both methods failed.
from bolt.
I think what is a bit confounding is that if cert/key are invalid it will fail regardless of the token. If this were net-new I would just choose to prefer cert based auth when both are specified (IE only include token if cert/key are not specified). But in order to not break anybody relying on token being included in header even if certs are configured I wanted to not disturb that (specifically thinking of the case where you would prefer the identity piece of an rbac token if possible). I bring this up in response to 2
, specifically i think that the configuration will get a bit out of control with complexity if we try to use token only even if cert/key are incorrectly configured. We are not currently at risk of breaking anybody with a change today in this regard (if you have bad certs configured, regardless of your token config its not going to connect).
from bolt.
I'm tempted to simplify this to follow the pattern in the puppetdb CLI. Specifically, if cert is configured, do not use token. I think that really simplifies things and is easier to understand. It also probably helps as a forcing function to ensure there is not ambiguous config files in practice. I can put up a separate PR with that approach and make sure to add a log message to warn that token wont be used when cert based auth is configured.
from bolt.
Related Issues (20)
- Debian 12 packages are missing
- Please provide Ubuntu 24.04 packages
- Please make the packaging/build pipelines public
- Provide Debian 11 aarch64 packages
- Provide documentation for bolt-server
- Add `file::delete()` function
- apply HOT 1
- unable to use _catch_errors for apply_prep function in puppet plan HOT 3
- Analytics collection is not feasible with some plan functions HOT 1
- Add a way to mock a Puppet/Bolt function while testing a plan with BoltSpec HOT 2
- BoltSpec's `expect_plan()` doesn't match `_catch_error` parameter HOT 3
- Add a way to selectively disable `run_command` & co output to `stdout` on `bolt plan`
- Bolt installed from package on linux fails to install modules from git HOT 3
- File transfer to targets does not cater for line ending differences between Windows and Linux HOT 2
- Local transport defaults are not applied when using apply_prep
- Core types/providers are not synced when using bundled-ruby for apply
- Step in plan silently not running when using list of targets HOT 10
- Expose plan/task ID via Bolt API HOT 2
- Add a "tags" field to task metadata
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bolt.