Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for cert_file on Windows #113

Closed
1 of 3 tasks
sgnn7 opened this issue Jul 13, 2020 · 3 comments · Fixed by #126
Closed
1 of 3 tasks

Add support for cert_file on Windows #113

sgnn7 opened this issue Jul 13, 2020 · 3 comments · Fixed by #126
Assignees
@doodlesbykumbi
Labels
component/puppet kind/developer-experience kind/enhancement kind/quality
Milestone
Conjur Puppet Int...

Comments

@sgnn7
Copy link
Contributor

sgnn7 commented Jul 13, 2020

Summary

cert_file configuration parameter does not work on Windows environments. Neither facter nor HFT-config manufacture_host try to use this parameter, meaning that you must provision Windows machines with string-based ssl_certifcate in configuration which is in some situation much harder to automate.

Dev info:

Steps to Reproduce

Steps to reproduce the behavior:

  1. Setup puppet with a clean Windows host ready (don't run agent yet)
  2. Setup conjur HFTs
  3. Configure all relevant Conjur facts but place the Conjur CA cert on the machine and use cert_path instead of ssl_certificate
  4. Run the agent on the node

Expected Results

Agent can pull secrets

Actual Results (including error logs, if applicable)

Agent run fails with errors as the conjur ssl_certificate is undefined

Reproducible

  • Always
  • Sometimes
  • Non-Reproducible

Version/Tag number

Tested on Puppet 6 and pre-3.0.0 version but this error would be visible on puppet 5 and any older version as well probably.

Environment setup

Puppet Master: Docker-compose, v6
Puppet Agent: Windows 2012r2 VM in VirtualBox
Conjur Master: Docker-compose, v5

Additional Information

N/A
@izgeri
Copy link
Contributor

izgeri commented Jul 13, 2020

@sgnn7 as part of fixing this, will the README also be updated to demonstrate how to configure the cert when using a Windows agent?

@sgnn7
Copy link
Contributor Author

sgnn7 commented Jul 13, 2020

Absolutely - currently the docs are already missing information about this variable in the README but that's only for the *nix platform.

@doodlesbykumbi doodlesbykumbi mentioned this issue Jul 14, 2020
Merged
6 tasks
@doodlesbykumbi doodlesbykumbi self-assigned this Jul 14, 2020
@doodlesbykumbi doodlesbykumbi linked a pull request Jul 14, 2020 that will close this issue
Add support for cert_file on Windows #126
Merged
6 tasks
@sgnn7 sgnn7 mentioned this issue Jul 14, 2020
Closed
4 tasks
@izgeri izgeri reopened this Jul 14, 2020
@sgnn7
Copy link
Contributor Author

sgnn7 commented Jul 14, 2020

Hmm I don't remember manually closing this issue... Good catch!

@izgeri izgeri closed this as completed Jul 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@doodlesbykumbi doodlesbykumbi

Labels
component/puppet kind/developer-experience kind/enhancement kind/quality
Milestone
Conjur Puppet Integration Supports Pu...
Development

Successfully merging a pull request may close this issue.

Add support for cert_file on Windows cyberark/conjur-puppet
3 participants
@sgnn7 @doodlesbykumbi @izgeri