Currently, manifest authors can access trusted certificate extensions, but must reference the extension by its OID:
This feature allows manifest authors to access trusted certificate extensions using a human friendly shortname:
To use this feature, create an OID mapping file on the master in $confdir/custom_trusted_oid_mapping.yaml or override the trusted_oid_mapping_file setting. The OID file should contain (in YAML):
The referenced OIDs should not conflict with puppet's OID range 22.214.171.124.4.1.34380.1.1 (aka ppRegCertExt)
Note this feature will work with any certificate containing extensions, including certificates that were generated and issued prior to 4.0.
I've been using trusted facts and custom OIDs and I realized that for non puppet-administrators (i.e puppet users) it could be quite confusing to deal with something like
My proposal is to introduce an external file that could allow puppet administrators to provide a user-friendly mapping like you did for your custom OIDs.
For instance a mapping file such as
could be used to convert previous test example in something like:
which is quite more explicit and user-friendly.
I've created a PR for this proposal here :: https://github.com/puppetlabs/puppet/pull/2919.