[SERVER-2109] Allow for mutating subject in Puppet cert request - Puppet Jira Server

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Normal
Resolution: Won't Do
Affects Version/s: None
Fix Version/s: None
Component/s: Certificate Authority
Labels:
- ca
- ssl

QA Risk Assessment:
Needs Assessment

Description

Currently, there is no way to allow for adding additional fields to the subject of a Puppet certificate, only the common name in the form of a FQDN is ever passed in.

For the use case of having the Puppet CA act as the CA for a Kubernetes cluster, this becomes rather painful as K8s expect certificates to specify group membership through the use of organization fields in the subject.

For instance, in the case of a Kubernetes node; (user "user system:node:node01", belonging to the group "system:nodes")

$ openssl x509 -in node01.pem -noout -subject

subject= /CN=system:node:node01/O=system:nodes

Having a method to mutate the Puppet certificate - maybe as an extension to the custom attribute system - would be very helpful in making it possible to use the Puppet CA for this use-case as well.

Attachments

Activity

People

Assignee:: Eric Sorenson

Reporter:: Alexander Olofsson

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2018/02/05 2:29 PM

Updated:: 2020/01/29 8:06 AM

Resolved:: 2020/01/29 8:06 AM