Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-1245

Pass puppet oids and custom_trusted_oid_mapping to tk-auth

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: SERVER 2.4.0
    • Component/s: Puppet Server
    • Labels:
      None

      Description

      Summary

      TK-293 adds the ability to define auth rules based on certificate extensions. The
      tk-auth service accepts a mapping of OID -> shortnames that it uses to read
      shortnames from auth rules. This should be taken advantage of in PE to both
      enable use of puppet's shortnames as well as custom shortnames defined by users
      in custom_trusted_oid_mapping.

      In Scope

      • Getting hardcoded list of puppet shortnames (already in puppet server) in a
        form consumable by tk-auth and combined with custom_trusted_oid_mapping
      • Passing combined mapping to tk-auth's service

      Out of Scope

      • Reading custom_trusted_oid_mapping during init phase (this is actually happening in SERVER-1150)
      • changes to tk-auth
      • changes to ssl-utils

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  nathaniel Nathaniel Smith
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Zendesk Support