Insecure Puppet Design Patterns Update
Per my previous post, that I explained the security issue relation to using facts. A colleague of mine has found out that you can’t even trust $clientcert.
Due to this I have wrote the function below to allow you to get the actual CertName, that has been validated against the certificate.
module Puppet::Parser::Functions newfunction(:certcheck, :type => :rvalue, :doc => <<-EOS Returns the actual certname EOS ) do |arguments| return host end end This allows you to use the following Puppet code to get a variable that you can trust to identify the Puppet agent.