Issue #7244 has been updated by eric sorenson. Assignee changed from eric sorenson to Charlie Sharpsteen
I went through and found a few older, less well-specified bugs that duplicate this functionality. I hope that a few of the commenters on those bugs will give this patch a try and see if it meets their needs. We also do need to work this into pull-request form in order to get it included. Since there are lots of watchers and quite a few dup bugs, I'm assigning ownership to Charlie (our new OSS Support Engineer) to help shepherd this patch through the submission/approval process. Patrick Hemmer and Charlie, please work together over email ([email protected]) or IRC on #puppet-dev to get this into the codebase. ---------------------------------------- Feature #7244: Autosign should allow for an external approver https://projects.puppetlabs.com/issues/7244#change-83567 Author: Matt Wise Status: Accepted Priority: Normal Assignee: Charlie Sharpsteen Category: SSL Target version: 3.x Affected Puppet version: Keywords: autosign csr ssl backlog Branch: Puppet should allow for the autosign code to point to an external script, instead of the autosign.conf file itself for approval in signing a end-clients cert. This method should allow the client to supply a unique bit of "auth" data that is passed to the exec script on the master, and validated. If return 0, sign the code. If not, do not sign. In this way, I can pass an arbitrary "token" (say its 12345) through the puppet agent to the puppet ca master. The puppet ca master can then run "myauthscript.sh -arg 12345". if that script returns 0, puppet c an then sign the certificate. If not, puppet fails to sign the certificate. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
