From 4150db44a55e7d9a530c67418d3357e30fe9643e Mon Sep 17 00:00:00 2001 From: Stephan Schultchen Date: Fri, 12 Dec 2025 22:18:34 +0100 Subject: [PATCH 1/2] allow unencrypted puppetdb http://127.0.0.1 --- puppet/lib/puppet/util/puppetdb/config.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/puppet/lib/puppet/util/puppetdb/config.rb b/puppet/lib/puppet/util/puppetdb/config.rb index 61284431c..0ffb6ce63 100644 --- a/puppet/lib/puppet/util/puppetdb/config.rb +++ b/puppet/lib/puppet/util/puppetdb/config.rb @@ -176,7 +176,8 @@ def self.convert_and_validate_urls(uri_strings) raise URI::InvalidURIError.new, "Error parsing URL '#{uri_string}' in PuppetDB 'server_urls', error message was '#{e.message}'" end - if uri.scheme != 'https' + allow_http = (uri.scheme == 'http' && uri.host == '127.0.0.1') + if uri.scheme != 'https' && !allow_http raise "PuppetDB 'server_urls' must be https, found '#{uri_string}'" end From c2f539d9005c6409a40a8dd94f2b98fc65b3cb41 Mon Sep 17 00:00:00 2001 From: Stephan Schultchen Date: Fri, 12 Dec 2025 22:46:55 +0100 Subject: [PATCH 2/2] add test that checks for http://127.0.0.1 --- puppet/spec/unit/util/puppetdb/config_spec.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/puppet/spec/unit/util/puppetdb/config_spec.rb b/puppet/spec/unit/util/puppetdb/config_spec.rb index 792b85b90..6ca364853 100644 --- a/puppet/spec/unit/util/puppetdb/config_spec.rb +++ b/puppet/spec/unit/util/puppetdb/config_spec.rb @@ -165,6 +165,16 @@ def write_config(content) end.to raise_error(/PuppetDB 'server_urls' cannot contain URL paths, found 'https:\/\/foo.something-different.com\/bar'/) end + it "allows http for 127.0.0.1" do + write_config <