[juju] Add /etc/juju to collection #770
Conversation
Since juju-core 1.25.0 /etc/juju is used to store certificates, whithout this patch just the old certificates kept under /var/lib/juju are collected. Signed-off-by: Felipe Reyes <felipe.reyes@canonical.com>
|
ACK from me, waiting on second ack from @bmr-cymru or others who've more familiarity with juju. Maybe @karibou ? |
|
I'm not familiar enough with Juju to review this - the main general concern with this type of change though is that the path is used to store certificates. We need to know if any of these are secret and if so exclude them from the set of collected files. |
|
Hi, Le 19/02/2016 10:25, Bryn M. Reeves a écrit :
I'll try to give it a look. Kind regards, ...Louis Louis Bouchard |
|
Bryn, The cert collected is a self-signed certificate used by rsyslog for its communication. And for prior versions of the plugin, it was held in /var/lib/juju which we already collect. On top of this, the cert itself might be required for debugging purposes. I don't think that it poses a security issue in that context. Kind regards, ...Louis |
|
That probably warrants a comment in that case then - just to document the fact that although there are certificates here that are used for authentication that they are not considered problematic. |
|
On Fri, 19 Feb 2016 05:33:21 -0800
Sounds good to me, I'll add the comment and refresh the patch. |
|
👍 |
|
@freyes sorry, did you get a chance to update the patch yet? |
|
Ack from me subject to the updated patch - would be good to have this in 3.3 so needs to be asap (or one of us can respin the patch). |
|
Closing this out due to lack of activity and remaining conflicts. Please feel free to open a new PR with any futures changes you'd like to see in this plugin. |
Since juju-core 1.25.0 /etc/juju is used to store certificates,
whithout this patch just the old certificates kept under /var/lib/juju
are collected.
Signed-off-by: Felipe Reyes felipe.reyes@canonical.com