Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2859

Add API endpoint for bulk cleaning of certs

    XMLWordPrintable

Details

    • New Feature
    • Status: Resolved
    • Normal
    • Resolution: Done
    • None
    • SERVER 5.3.15, SERVER 6.14.0
    • None
    • None
    • Froyo
    • New Feature
    • Added a new CA API endpoint, `puppet-ca/v1/clean` that accepts a list of cert names to be revoked and deleted as a batch.
    • Needs Assessment

    Description

      Sometimes users want to revoke and delete SSL files for many nodes at once. Currently, this requires two API requests for each node, and it requires the CRL to be read and rewritten for each revocation.

      We want to implement an API endpoint that combines both of these actions and supports batching. Thinking of calling this puppet-ca/v1/clean, to correspond to the clean action in the CLI tool, which both revokes and deletes.

      Because of the batching, the request might take a long time to respond. For now, for expediency, I plan to implement this as a synchronous endpoint, but ultimately it makes more sense for it to be command-style. I will include a flag in the request body to indicate whether it should be executed synchronously or asynchronously, to give us the option to implement the command style later without requiring a new API.

      Attachments

        Issue Links

          Activity

            People

              maggie Maggie Dreyer
              maggie Maggie Dreyer
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support