Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2323

Backport CA CLI auth extension for master cert

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • SERVER 5.3.6
    • None
    • None
      • Add auth rules for certificate_status and certificate_statuses allowing access to them via a speical auth extension
      • Add said auth extension to master cert generated by the server
    • Froyo
    • Needs Assessment

    Description

      The new CA CLI needs access to the certificate_status(es) endpoint. In Puppet Server 5, this endpoint is currently blocked under a deny-all rule in tk-auth. In Puppet 6 we made it accessible to a certificate with a special auth extension, then adding this extension to the master cert that is generated by Puppet Server. We should backport these improvements to Puppet Server 5 so that the gem is fully usable out of the box.

      Attachments

        Issue Links

          relates to

          Sub-task - The sub-task of the issue SERVER-2287 The master cert created by `generate` should have custom extensions for the `cert_status` endpoint auth

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed

          Task - A task that needs to be done. SERVER-2308 Update puppetserver's CA bootstrapping code to add CLI tool auth extension

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed

          Activity

            People

              maggie Maggie Dreyer
              maggie Maggie Dreyer
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support