-
-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change cert existance logic #51
Conversation
subjectName = v if k == 'CN' | ||
end | ||
|
||
require File.expand_path('../../../../../../inifile/lib/puppet/util/ini_file', __FILE__) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need to add ini_file as a requirement for this module for this to work. Also you shouldn't use the full path here because I can specify multiple directories for the module path to fulfill the ini_file requirement and this would fail. I think you can get away with just require 'puppet/util/ini_file' if it is available
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, of course. Also tests should be touched a little. To every thing there is a season, you know :)
Add checking commonName and subjectAltName in old certificate if it exists. In other way we could not regenerate a new certificate if any of these fields change. Closes-Bug: #1490966 Upstream pull-request: voxpupuli/puppet-openssl#51 Change-Id: I1375a9d1ce5f50e84edee4ecc21614450408ae73
079dcc2
to
7f86e8f
Compare
7f86e8f
to
3558925
Compare
Add checking commonName and subjectAltName in old certificate if it exists. In other way we could not regenerate a new certificate if any of these fields change.
3558925
to
e29608f
Compare
This commit removes 'openssl' module from fuel-library and replaces it to be managed via librarian. This commit uses custom 1.3.10-mos-rc2 tag of openssl module because it contains 3 custom patches, which aren't merged in upstream yet: https://review.fuel-infra.org/#/c/11545/ - isn't in 1.3.0 version https://review.fuel-infra.org/#/c/11546/ and https://review.fuel-infra.org/#/c/12263/ are part of one upstream pull request: voxpupuli/puppet-openssl#51 When #51 pull request will be merged in upstream we will switch on latest upstream tag of openssl module. Partial implements: blueprint fuel-puppet-librarian Change-Id: I58c271582e6028c69e7b976ddc7f552e9e497d61
I like the idea in this PR, but I think I'd rather associate a new |
I'm not sure ensure => synced makes sense. This just adds a check on the name to make sure the cert has correct values, why would we want to hide this only to occur if you use ensure => synced? That's not a standard puppet pattern is it? |
Add checking commonName and subjectAltName in old certificate if it exists. In other way we could not regenerate a new certificate if any of these fields change. Closes-Bug: #1490966 Upstream pull-request: voxpupuli/puppet-openssl#51 Change-Id: I1375a9d1ce5f50e84edee4ecc21614450408ae73
Add checking commonName and subjectAltName in old certificate
if it exists. In other way we could not regenerate a new certificate
if any of these fields change.