[SERVER-2308] Update puppetserver's CA bootstrapping code to add CLI tool auth extension - Puppet Tickets

XML

Word

Printable

Details

Type: Task
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: SERVER 6.0.0
Component/s: None
Labels:
None

Acceptance Criteria:
- the master cert generated by puppetserver has the CLI tool auth extension
Epic Link:
Server CA CLI
Team:
Froyo

Release Notes:
New Feature
Release Notes Summary:
The Puppet master's cert is now authorized to connect to the certificate_status endpoint out of the box. This allows the new CA CLI tool to perform CA tasks via Puppet Server's CA API.

QA Risk Assessment:
Needs Assessment

Description

In order to talk to the certificate_status endpoint, the CLI gem needs the cert it uses to have the right authorization extension. The CA generated by the gem via `generate` or `import` already adds this extension to the master's host cert, but Puppetserver's bootstrapping code does not. We need to update Puppetserver to also add this extension to the master cert.

Attachments

Issue Links

relates to

SERVER-2323 Backport CA CLI auth extension for master cert

Closed

SERVER-2287 The master cert created by `generate` should have custom extensions for the `cert_status` endpoint auth

Closed

Activity

People

Assignee:: Maggie Dreyer

Reporter:: Maggie Dreyer

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2018/09/10 10:04 AM

Updated:: 2018/09/19 1:38 PM

Resolved:: 2018/09/19 12:34 PM