Puppets security and inheritance

After talking to a follow Puppetlabs employee [Chris][chris] and reading a blog post he has been writing about security issues related to class inheritance. This got me thinking about ways to protect your code base against this. The following blog post explains the problem as well as a hackish method to try to protect yourself against it. The problem Lets say that you have multiple teams managing multiple modules within your puppet infrastructure.

Insecure Puppet Design Patterns

After using facts to designated classes and data to nodes for a number of years I recently released this could actually be a major security issue. In order to understand the problem we must firstly cover a few thing related to how facter works. Please see update Facts are sent to a puppet master at the beginning of a puppet run from the puppet agent. After this they are available to the dsl at top-level scope.