summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2018-10-27 14:32:41 +0200
committerJan Dittberner <jandd@cacert.org>2018-10-27 14:32:41 +0200
commit5ffffef96d049ba95cb6ec6ada30b22865960aa4 (patch)
treef7d051070376f696fb55e97472d3ab771b52afb9
parentc062a44488f87edc9eabf38718844de7606f4db0 (diff)
downloadcacert-puppet-5ffffef96d049ba95cb6ec6ada30b22865960aa4.tar.gz
cacert-puppet-5ffffef96d049ba95cb6ec6ada30b22865960aa4.tar.xz
cacert-puppet-5ffffef96d049ba95cb6ec6ada30b22865960aa4.zip
Add proxy ACLs
- allow PyPI access from jenkins - allow CAcert.org access to all internal systems
-rw-r--r--hieradata/nodes/proxyout.yaml4
1 files changed, 4 insertions, 0 deletions
diff --git a/hieradata/nodes/proxyout.yaml b/hieradata/nodes/proxyout.yaml
index 91f336b..9cad53f 100644
--- a/hieradata/nodes/proxyout.yaml
+++ b/hieradata/nodes/proxyout.yaml
@@ -27,12 +27,16 @@ profiles::squid::acls:
- "rubygems dstdomain api.rubygems.org"
- "puppetforge dstdomain forgeapi.puppetlabs.com"
- "github dstdomain github.com"
+ - "pypi dstdomain pypi.org"
+ - "cacert dstdomain .cacert.org"
profiles::squid::http_access:
- "allow localnet debmirror"
- "allow localnet debpuppet"
- "allow localnet debmariadb"
+ - "allow localnet cacert"
- "allow jenkins debjenkins"
- "allow jenkins github"
+ - "allow jenkins pypi"
- "allow puppet rubygems"
- "allow puppet puppetforge"
- "allow test github"