Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6605

Provide pagination and/or filtering options for "puppet cert list"

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Won't Do
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Environment:

      As far as I know, this applies to all supported versions of Puppet.

    • Template:

      Description

      Currently, the puppet cert list --all command iterates through all known certificates, verifying them against the CA if they're signed, and displaying the results to the user in one large chunk. For intermediate-to-large environments, this operation is extremely slow, and there's no way to limit the results to speed up the operation.

      As a real life example, we have one medium-sized environment with approximately 4000+ certificates, with new nodes coming and going all the time. It takes 'puppet cert list --all' approximately 40-90s to execute.

      To provide some context as to why this should be considered "slow", consider the Puppet CA proxy used by The Foreman application (https://theforeman.org), which I think is a common consumer of Puppet APIs and data that people might be using. In the Foreman application architecture, a lightweight web server runs on the Puppet CA and services "puppet cert" commands via a REST API. The main Foreman application issues these REST calls, proxying the information into a web UI where users can manage the certificates (revoke, sign, etc.).

      Unfortunately, because 'puppet cert list' takes 40s-90s for our environment, this web UI will time out 9 times out of 10. Even if you increase the HTTP request timeout, the user experience is just extremely bad (loading the page takes 1-2 minutes), and there's nothing really the consumer (Foreman) can do to make it faster.

      The simplest way to make this better (in my opinion) is via pagination. The CLI already returns certificate results in lexicographic order by CN. Adding pagination would seem to be relatively simple. So, for example, you could run puppet cert list --all --page 5 --per-page 10 to give you certificates #41 - #50 (lexicographically ordered).

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              jcmcken Jon McKenzie
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support