Summary
The master.allow-header-cert-info setting is explicitly deprecated and superseded by authorization.allow-header-cert-info.
Evidence
src/clj/puppetlabs/services/request_handler/request_handler_service.clj:30 logs: setting is deprecated and will be ignored in favor of authorization.allow-header-cert-info.src/clj/puppetlabs/services/request_handler/request_handler_service.clj:31 instructs users to remove the old setting.
Proposed OpenVox Server 9 Change
- Remove support for reading
master.allow-header-cert-info.
- Remove related warning path once old key is rejected.
- Keep only
authorization.allow-header-cert-info.
Compatibility / Risk
- Medium risk for installations still carrying the old
master key.
- Migration is straightforward and already documented in warning text.
Implementation Notes
- Validate config at startup and fail fast (or hard-warn) if old key is present.
- Update sample configs/docs to remove old key references.
Acceptance Criteria
master.allow-header-cert-info is no longer honored.- Server behavior is controlled only by
authorization.allow-header-cert-info.
- No stale warning text about this migration remains once removal is complete.
Suggested Tests
- Config validation tests for old key presence.
- Request-handler tests verifying only authorization namespace key controls behavior.
Summary
The
master.allow-header-cert-infosetting is explicitly deprecated and superseded byauthorization.allow-header-cert-info.Evidence
src/clj/puppetlabs/services/request_handler/request_handler_service.clj:30logs: setting is deprecated and will be ignored in favor ofauthorization.allow-header-cert-info.src/clj/puppetlabs/services/request_handler/request_handler_service.clj:31instructs users to remove the old setting.Proposed OpenVox Server 9 Change
master.allow-header-cert-info.authorization.allow-header-cert-info.Compatibility / Risk
masterkey.Implementation Notes
Acceptance Criteria
master.allow-header-cert-infois no longer honored.authorization.allow-header-cert-info.Suggested Tests