Insecure Puppet Design Patterns Update

Per my previous post, that I explained the security issue relation to using facts. A colleague of mine has found out that you can’t even trust $clientcert. Due to this I have wrote the function below to allow you to get the actual CertName, that has been validated against the certificate. module Puppet::Parser::Functions newfunction(:certcheck, :type => :rvalue, :doc => <<-EOS Returns the actual certname EOS ) do |arguments| return host end end This allows you to use the following Puppet code to get a variable that you can trust to identify the Puppet agent.