Disclaimer endpoints

Use these endpoints to modify the disclaimer text that appears on the Puppet Enterprise (PE) console login page.

You can use a disclaimer.txt file to Create a custom login disclaimer; however, the disclaimer endpoints allow you to configure your custom login disclaimer message without needing to reference a specific file location on disk.

Important: These endpoints do not modify or interact with disclaimer.txt files.

If you provide disclaimer text through both a disclaimer.txt file and POST /command/config/set-disclaimer, PE uses the set-disclaimer text.

GET /config/disclaimer

Retrieve the current disclaimer text, as specified by POST /command/config/set-disclaimer. This endpoint does not retrieve the contents of any disclaimer.txt file.

Request format

You must have the configuration:view_disclaimer permission to use this endpoint.

When Forming RBAC API requests to this endpoint, the request is a basic call with authentication, such as:
curl GET -H "X-Authentication: $(puppet access show)" \
"https://$(puppet config print server):4433/rbac-api/v1/config/disclaimer"

Response format

If POST /command/config/set-disclaimer was previously used to specify disclaimer text, a well-formed request returns 200 OK and the disclaimer text, such as:
{
  "disclaimer": "Not to be accessed by unauthorized users"
}
The endpoint return 404 Not Found if:

If you lack permission to retrieve the disclaimer text, the response is 403 Not Permitted.

For other error responses, refer to RBAC service errors.

POST /command/config/set-disclaimer

Change the disclaimer text that is on the PE console login page.

Request format

This endpoint requires authentication, and the requesting user must have the configuration:edit_disclaimer permission.

When Forming RBAC API requests to this endpoint, the content type is application/json. The body must be a JSON object containing the disclaimer key, which accepts string-formatted disclaimer text. For example:
curl POST "https://$(puppet config print server):4433/rbac-api/v1/command/config/set-disclaimer" \
-H 'Content-Type: application/json' \
-H "X-Authentication: $(puppet access show)" \
-d '{ "disclaimer": "Unauthorized access prohibited." }' \
  
Tip: To remove the disclaimer text, use POST /command/config/remove-disclaimer. Setting disclaimer to an empty string or whitespace-only string causes the Disclaimer banner to be present, but empty, on the console login page.

Response format

A successful request returns 204 No Content.

Error responses

Returns 403 Not Permitted if you don't have the configuration:edit_disclaimer permission.

Returns 400 Bad Request if the disclaimer value is not a string.

For other errors, refer to RBAC service errors.

POST /command/config/remove-disclaimer

Remove the disclaimer text set through POST /command/config/set-disclaimer.

Request format

This endpoint requires authentication, and the requesting user must have the configuration:edit_disclaimer permission.

When Forming RBAC API requests to this endpoint, there is no body content; however, you must supply the Content-Type: application/json header. For example:
curl POST "https://$(puppet config print server):4433/rbac-api/v1/command/config/remove-disclaimer" \
-H 'Content-Type: application/json' \
-H "X-Authentication: $(puppet access show)"

Response format

A successful request returns 204 No Content and the Disclaimer banner is removed from the PE console login page.

However, if you had previously used a disclaimer.txt file to Create a custom login disclaimer, and the disclaimer.txt file still exists in the appropriate location, then PE falls back to this file and displays the content of this file on the console login page.

Error responses

Requests must contain the Content-Type: application/json header.

Returns 403 Not Permitted if you don't have the configuration:edit_disclaimer permission.

For other errors, refer to RBAC service errors.