Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2308

Update puppetserver's CA bootstrapping code to add CLI tool auth extension

    Details

    • Type: Task
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: SERVER 6.0.0
    • Component/s: None
    • Labels:
      None
    • Template:
    • Acceptance Criteria:
      • the master cert generated by puppetserver has the CLI tool auth extension
    • Epic Link:
    • Team:
      Server
    • Release Notes:
      New Feature
    • Release Notes Summary:
      The Puppet master's cert is now authorized to connect to the certificate_status endpoint out of the box. This allows the new CA CLI tool to perform CA tasks via Puppet Server's CA API.
    • QA Risk Assessment:
      Needs Assessment

      Description

      In order to talk to the certificate_status endpoint, the CLI gem needs the cert it uses to have the right authorization extension. The CA generated by the gem via `generate` or `import` already adds this extension to the master's host cert, but Puppetserver's bootstrapping code does not. We need to update Puppetserver to also add this extension to the master cert.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  maggie Maggie Dreyer
                  Reporter:
                  maggie Maggie Dreyer
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: