Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-7522

Add the ability to view trusted fact values from an agent

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Template:
    • Team:
      Coremunity
    • CS Priority:
      Normal
    • CS Frequency:
      3 - 25-50% of Customers
    • CS Severity:
      2 - Annoyance
    • CS Business Value:
      4 - $$$$$
    • CS Impact:
      While these facts can be found in the console, there are times when troubleshooting on the node it would be very nice to just get them via some kinda of puppet CLI command.
    • QA Risk Assessment:
      Needs Assessment

      Description

      The problem

      There is no current way—at least that I could find—for an agent to be able to view its trusted fact values using a puppet command.

      Someone that is troubleshooting a Puppet-built node would need to do one of:

      • Have root access on the Puppet master to run puppet cert print <node-name>
      • Have API access to do a PuppetDB query
      • Run openssl x509 -text -noout -in $(puppet config print hostcert) to view certificate extensions but not have the OID mapping for trusted facts.

      The values of a trusted fact are not considered secret and are only trusted in that they've been signed by the CA. Also, they are plainly visible in the x509 certificate. An admin/Puppet user shouldn't need to know the intricacies of the openssl command to view that data. It seems silly that there is not a way to view this data from a puppet command.

      The improvement

      There should be some command, puppet <something>, that shows the values of local trusted facts and their OID mappings if using one of the named OID values.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              nate.mccurdy Nate McCurdy
              Votes:
              4 Vote for this issue
              Watchers:
              11 Start watching this issue

                Dates

                Created:
                Updated:

                  Zendesk Support