Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2233

Allow for retrieving a list of agents with unsigned certificates through the API

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: SERVER 6.13.0
    • Component/s: None
    • Template:
    • Team:
      Froyo
    • Release Notes:
      Enhancement
    • Release Notes Summary:
      The `/puppet-ca/v1/certificate_statuses` endpoint now accepts a `state` parameter that will filter search results by the given certificate state. Accepted states are 'requested', 'signed', and 'revoked'.
    • QA Risk Assessment:
      Needs Assessment

      Description

      At one point it was possible to list out agents with unsigned certificates via GET /puppet-ca/v1/certificate_requests.  The documentation states that this endpoint is no longer supported.
      (This endpoint used to return the PEM files, which is probably not what we want here.)

      GET /puppet-ca/v1/certificate_statuses will list out all the certificates and statuses, but this is undesirable in the case where the payload is very large, and we really just want a list of agents requesting certs.

      Notes
      It makes sense to do this with a query param on the endpoint. If it's hard to allow filtering on status generally, we can just do the requested case for now and add the others later. The endpoint should continue to return all the certificate statuses if no query param is passed.

      Outcomes

      • Endpoint that can return at least all agents with requested certs (CSRs)
      • Documentation for the endpoint
      • tk-auth updates if needed (this might require changes in puppet_enterprise)
      • clojure level tests

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              molly.waggett Molly Waggett
              Reporter:
              erik.hansen Erik Hansen
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support