Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

moves config management to config provider for X509 certificate; moves certificate from v1 to v3 #164

Merged
merged 13 commits into from May 23, 2023
Merged

moves config management to config provider for X509 certificate; moves certificate from v1 to v3 #164

merged 13 commits into from May 23, 2023

Conversation

zilchms
Copy link
Contributor

@zilchms zilchms commented May 22, 2023
edited

Functionality

  • Removes the template path parameter per reasoning in Bug/Maintenance in/for configuration templates #158
  • exchanges extensionparameter "req_ext" to "v3_req" in order to comply with template section name
  • softens the config paramters owner and group to allow integers
  • changes certificate part of the class to use the generated CSR instead of just skipping it and using the private key
  • removes now unused erb template
  • changes defaults for certificate::x509 class parameters to fit epp template
  • orders resource definitions internally with puppet arrow functions

Due to: X.509 extensions included in the request are not copied by default. X.509 extensions to be added can be specified using the -extfile option.

  • adds extfile to openssl args; reads extensions from config file

Tests

changes tests to accomodate the above functionality changes

Issues

Fixes #158
Solves #100 and #101 due to obsolescence

bastelfreak
bastelfreak reviewed May 22, 2023
View reviewed changes
manifests/certificate/x509.pp Outdated
@@ -125,8 +123,8 @@
Optional[String] $state = undef,
Optional[String] $locality = undef,
Optional[String] $unit = undef,
Array $altnames = [],
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why are you changing this? we try to use empty hashes/arrays as default values for them, instead of undef

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh ok, didnt know of this convention. i assumed it is discouraged like empty strings as default values. i will fix it

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can check through https://voxpupuli.org/docs/reviewing_pr/ for our guidelines :)

@zilchms zilchms requested a review from bastelfreak May 22, 2023 21:58
@bastelfreak bastelfreak merged commit 8675b7c into voxpupuli:master May 23, 2023
3 checks passed
@zilchms zilchms deleted the x509confmanagement branch May 23, 2023 06:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bastelfreak bastelfreak bastelfreak approved these changes

Assignees
No one assigned
Labels
backwards-incompatible
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bug/Maintenance in/for configuration templates
2 participants
@zilchms @bastelfreak