add Puppetserver 6.3 auth.conf update

Author: mmoll

spec/classes/puppet_server_puppetserver_spec.rb

@@ -426,6 +426,18 @@
         end
       end
 
+      describe 'puppetlabs v4 catalog for services' do
+        context 'when server_puppetserver_version >= 6.3' do
+          let(:params) { super().merge(server_puppetserver_version: '6.3.0') }
+          it { should contain_file(auth_conf).with_content(%r{^(\ *)path: "\^/puppet/v4/catalog/\?\$"$}) }
+        end
+
+        context 'when server_puppetserver_version < 6.3' do
+          let(:params) { super().merge(server_puppetserver_version: '6.2.0') }
+          it { should contain_file(auth_conf).without_content(%r{^(\ *)path: "\^/puppet/v4/catalog/\?\$"$}) }
+        end
+      end
+
       describe 'when server_puppetserver_version < 5.3.6' do
         let(:params) { super().merge(server_puppetserver_version: '5.3.5') }
         it { should raise_error(Puppet::Error, /puppetserver <5.3.6 is not supported by this module version/) }

templates/server/puppetserver/conf.d/auth.conf.erb

@@ -14,8 +14,21 @@ authorization: {
             }
             allow: <%= @server_trusted_agents << '$1' %>
             sort-order: 500
-            name: "puppetlabs catalog"
+            name: "puppetlabs v3 catalog from agents"
         },
+<%- if scope.function_versioncmp([@server_puppetserver_version, '6.3.0']) >= 0 -%>
+        {
+            # Allow services to retrieve catalogs on behalf of others
+            match-request: {
+                path: "^/puppet/v4/catalog/?$"
+                type: regex
+                method: post
+            }
+            deny: "*"
+            sort-order: 500
+            name: "puppetlabs v4 catalog for services"
+        },
+<%- end -%>
         {
             # Allow nodes to retrieve the certificate they requested earlier
             match-request: {