Details
-
Type:
Improvement
-
Status: Resolved
-
Priority:
Normal
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: SERVER 6.13.0
-
Component/s: None
-
Labels:
-
Template:customfield_10700 260829
-
Team:Froyo
-
Release Notes:Enhancement
-
Release Notes Summary:The `/puppet-ca/v1/certificate_statuses` endpoint now accepts a `state` parameter that will filter search results by the given certificate state. Accepted states are 'requested', 'signed', and 'revoked'.
-
QA Risk Assessment:Needs Assessment
Description
At one point it was possible to list out agents with unsigned certificates via GET /puppet-ca/v1/certificate_requests. The documentation states that this endpoint is no longer supported.
(This endpoint used to return the PEM files, which is probably not what we want here.)
GET /puppet-ca/v1/certificate_statuses will list out all the certificates and statuses, but this is undesirable in the case where the payload is very large, and we really just want a list of agents requesting certs.
Notes
It makes sense to do this with a query param on the endpoint. If it's hard to allow filtering on status generally, we can just do the requested case for now and add the others later. The endpoint should continue to return all the certificate statuses if no query param is passed.
Outcomes
- Endpoint that can return at least all agents with requested certs (CSRs)
- Documentation for the endpoint
- tk-auth updates if needed (this might require changes in puppet_enterprise)
- clojure level tests
Attachments
Issue Links
- relates to
-
SERVER-3020 certificate_statuses endpoint is slow when only querying CSRs
-
- Ready for Engineering
-
- links to