Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-813

Upgrade trapperkeeper & tk-jetty9 for JMX support and, fix certificate-whitelist

    Details

    • Type: Task
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PDB 2.3.0, PDB 3.0.0
    • Component/s: None
    • Labels:
      None
    • Template:
    • Story Points:
      3
    • Sprint:
      20140730 to 20140813, 20140813 to 20140827, 20140827 to 20140910, PuppetDB 2014-09-24, PuppetDB 2014-10-08

      Description

      Upon attempting to upgrade to Trapperkeeper we've realised we have a feature in PuppetDB that is not coverred, namely 'certificate-whitelist':

      https://docs.puppetlabs.com/puppetdb/2.1/configure.html#certificate-whitelist

      It works as a basic ACL mechanism to only allow named SSL certificates to access your web app.

      This is provided here in PuppetDB with this starting code:

      https://github.com/puppetlabs/puppetdb/blob/master/src/puppetlabs/puppetdb/cli/services.clj#L322-L325

      Now as TK 0.6.0 now validates its input configuration, we no longer are able to just pass through this option to PuppetDB any more and handle it there. But after discussions with Chris Price we figure we might as well move the feature into TK so others can benefit from it, and hopefully improve on it.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  ken Ken Barber
                  Reporter:
                  ken Ken Barber
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: