Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2859

Add API endpoint for bulk cleaning of certs

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Normal
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: SERVER 5.3.15, SERVER 6.14.0
    • Component/s: None
    • Labels:
      None
    • Template:
    • Team:
      Froyo
    • Release Notes:
      New Feature
    • Release Notes Summary:
      Added a new CA API endpoint, `puppet-ca/v1/clean` that accepts a list of cert names to be revoked and deleted as a batch.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Sometimes users want to revoke and delete SSL files for many nodes at once. Currently, this requires two API requests for each node, and it requires the CRL to be read and rewritten for each revocation.

      We want to implement an API endpoint that combines both of these actions and supports batching. Thinking of calling this puppet-ca/v1/clean, to correspond to the clean action in the CLI tool, which both revokes and deletes.

      Because of the batching, the request might take a long time to respond. For now, for expediency, I plan to implement this as a synchronous endpoint, but ultimately it makes more sense for it to be command-style. I will include a flag in the request body to indicate whether it should be executed synchronously or asynchronously, to give us the option to implement the command style later without requiring a new API.

        Attachments

          Activity

            People

            Assignee:
            maggie Maggie Dreyer
            Reporter:
            maggie Maggie Dreyer
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support