-
Notifications
You must be signed in to change notification settings - Fork 14
Open
Description
Summary
Shared middleware that routes requests through trapperkeeper authorization or client-whitelist authorization is marked in comments as temporary compatibility behavior.
Why This Is Soft / Inferred
No explicit runtime deprecation warning for this helper exists, but code comments describe eventual deletion when whitelist authorization support is dropped.
Evidence
src/clj/puppetlabs/puppetserver/ringutils.clj:97comment: function exists for backward-compatible client-whitelist support and should be deleted when support is dropped.src/clj/puppetlabs/services/ca/certificate_authority_core.clj:605andsrc/clj/puppetlabs/services/puppet_admin/puppet_admin_core.clj:130comments reference eventual removal of client-whitelist authorization path.
Proposed Plan
- OpenVox Server 9:
- Add explicit warning when whitelist path is activated.
- Keep behavior for one migration cycle.
- Next major release:
- Remove
wrap-with-trapperkeeper-or-client-whitelist-authorization. - Require authorization service paths only.
- Remove
Compatibility / Risk
- Medium to high risk where whitelist settings are still used.
- Closely coupled to removal of deprecated whitelist settings in puppet-admin and CA status.
Implementation Notes
- Tie this issue to issues removing
client-whitelist/authorization-requiredsettings. - Confirm no internal endpoints still depend on whitelist-only path.
Acceptance Criteria
- OpenVox Server 9 warning is emitted when compatibility wrapper is active.
- Wrapper removal is scheduled for next major release.
Suggested Tests
- Middleware behavior tests for warning + routing in 9.
- Major-release removal tests to ensure auth-only path.
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels