Issue #7244 has been updated by Nigel Kersten.
Matt Wise wrote: > Sorry, there's a big desire to use Puppet with some level of Autosigning in > cloud-style environments. These are environments where there are likely to be > "orchestration components" that handle the instantiation and termination of > cloud instances. I think this is a feature that really allows people to be > more flexible iwth their puppet environments, and doesnt *seem* too hard to > implement. Is it more difficult than I'm imagining? It does require a reasonable set of changes, and my intuition is that people are going to want access to the CSR itself as well as this token idea, so I'm trying to work out what the minimal set of changes are that can solve the actual problem. > (ps, what API? :) ) It's all new for 2.7.x, and I'm working on getting those docs up on the site before 2.7.0 release. I'll post back here as soon as they're ready. ---------------------------------------- Feature #7244: Autosign should allow for an external approver https://projects.puppetlabs.com/issues/7244 Author: Matt Wise Status: Needs More Information Priority: Normal Assignee: Nigel Kersten Category: Target version: 2.7.x Affected Puppet version: Keywords: Branch: Puppet should allow for the autosign code to point to an external script, instead of the autosign.conf file itself for approval in signing a end-clients cert. This method should allow the client to supply a unique bit of "auth" data that is passed to the exec script on the master, and validated. If return 0, sign the code. If not, do not sign. In this way, I can pass an arbitrary "token" (say its 12345) through the puppet agent to the puppet ca master. The puppet ca master can then run "myauthscript.sh -arg 12345". if that script returns 0, puppet c an then sign the certificate. If not, puppet fails to sign the certificate. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
