[PUP-9463] Save X509 objects with the correct permissions - Puppet Jira Server

XML

Word

Printable

Details

Type: New Feature
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 6.4.0
Component/s: None
Labels:
- resolved-issue-added

Epic Link:
Simplify agent SSL initialization
Team:
Coremunity
Sprint:
Platform Core KANBAN

Release Notes:
New Feature
Release Notes Summary:
Updates the new ssl code to preserve existing behavior when saving SSL related files.

QA Risk Assessment:
Needs Assessment

Description

When running as root/privileged user, and the Puppet[:user]/Puppet[:group] accounts exist, then puppet should set the owner and group for many of its SSL related files to that user/group. This is needed so that puppetserver running on the same host can share the client cert/private key.

When running as root/privileged user, and the Puppet[:user]/Puppet[:group] accounts don't exist, then it should leave the owner/group as is, but enforce the mode as defined in the settings object, eg :hostprivkey.

When running as a non-privileged user, it should enforce the mode as defined in the settings object, eg :hostprivkey.

Attachments

Activity

People

Assignee:: Josh Cooper

Reporter:: Josh Cooper

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2019/01/23 3:54 PM

Updated:: 2019/03/26 5:24 PM

Resolved:: 2019/03/18 9:10 AM