Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-10702

IIS : certificatestorename casing can cause non idempotent runs

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: iis
    • Labels:
      None
    • Template:
      MODULES Bug Template

      Description

      Module Version: 7.0.1
      Puppet Version: 6.15
      OS Name/Version: Windows Server 2016/2019

      Desired Behavior:

      iis_site { 'Default Web Site':
           applicationpool => 'DefaultAppPool',
           bindings        => [
             {
               protocol             => 'https',
               bindinginformation   => '*:443:',
               sslflags             => 0,
               certificatehash      => 5D5C739BEA639E4B6724FF5B193DAC1FD663EB3C,
               certificatestorename => 'MY',
             },
           ],
         }

       

      First puppet run should create the site with the correct binding. Subsequent puppet runs should do nothing.

      Actual Behavior:

      Changes keep being detected, because the casing of the 'My' certificate store name doesn't seem to be consistent.

      We do have servers where the WebAdministration powershell module shows the certificate store name as 'My' and other servers that show it as 'MY'.

      (I suspect the issue is with the WebAdministration module and/or Powershell. Running

      ls IIS:\SSLBindings\
      

      does indeed show either 'My' or 'MY' for the store name. Sometimes both on the same server.

       

      Could we make the certificatestorename parameter value case insensitive?

       

      Here is an example of the changes that puppet keeps detecting:

       

      Iis_site[Default Web Site]/bindings: current_value [
      { 
      'certificatestorename' => 'My', 
      'protocol' => 'https', 
      'sslflags' => 1, 
      'certificatehash' => '5D5C739BEA639E4B6724FF5B193DAC1FD663EB3C', 
      'bindinginformation' => '*:443:' 
      }], should be [
      { 
      'protocol' => 'https', 
      'bindinginformation' => '*:443:', 
      'sslflags' => 1, 
      'certificatehash' => '5D5C739BEA639E4B6724FF5B193DAC1FD663EB3C', 
      'certificatestorename' => 'MY' 
      }]

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            nicolasv Nicolas Vanelslande
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support