Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Eric Thompson assigned an issue to Eric Thompson Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Eric Thompson Assignee: EricThompson Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Eric Thompson updated an issue Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Eric Thompson QA Status: Reviewed Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Eric Thompson assigned an issue to Unassigned Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Eric Thompson Assignee: EricThompson Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Eric Thompson updated an issue Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Eric Thompson QA Contact: ErikDasher EricThompson Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Kurt Wall assigned an issue to Unassigned Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Kurt Wall Assignee: KurtWall Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Kylo Ginsberg commented on PUP-1426 Re: Destructive puppet cert operations should have a safety check Christopher Price that's fine. My thinking was that if this issue were new, your team would probably be the assignee. (And also I figured you might want to be aware of it as you implement new cert CLI.) But yeah, for now, with it in Ready for Review, I'm fine with whatever. Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Christopher Price commented on PUP-1426 Re: Destructive puppet cert operations should have a safety check Yep, understood. Jeremy Barlow ping, food for thought. Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Christopher Price updated an issue Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Christopher Price Scrum Team: PuppetServer ClientPlatform Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Christopher Price commented on PUP-1426 Re: Destructive puppet cert operations should have a safety check Kylo Ginsberg you'd assigned this ticket to our scrum team, but since the work has already been done and we don't have any real context for it, I'm not sure it makes sense for us to own it? I bumped it back to Client for now but let me know if that's wrong. Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Kurt Wall assigned an issue to Kurt Wall Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Kurt Wall Assignee: KurtWall Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Kylo Ginsberg updated an issue Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Kylo Ginsberg Scrum Team: PuppetServer Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Josh Cooper commented on PUP-1426 Re: Destructive puppet cert operations should have a safety check Merged in 81a880b63 The change prevents the --all or --signed options from being used with the clean or revoke actions. Instead you must specify the certname(s) to clean/revoke. And if you really, really want to clean all certs, then rm -rf $(puppet master --configprint ssldir). The one behavior we've removed is the ability to revoke all certs (or all signed certs), but I don't think that is something we should support. Add Comment This message was sent by Atlassian JIRA (v6.3.7#6337-sha1:2ed701e) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Henrik Lindberg updated an issue Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Henrik Lindberg Sprint: PlatformServer2014-12-24 Add Comment This message was sent by Atlassian JIRA (v6.3.7#6337-sha1:2ed701e) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Henrik Lindberg updated an issue Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Henrik Lindberg Sprint: PlatformServer2014-12-24 Add Comment This message was sent by Atlassian JIRA (v6.3.7#6337-sha1:2ed701e) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Josh Cooper updated an issue Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Josh Cooper Component/s: Community Add Comment This message was sent by Atlassian JIRA (v6.3.7#6337-sha1:2ed701e) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Josh Cooper updated an issue Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Josh Cooper Story Points: 1 Add Comment This message was sent by Atlassian JIRA (v6.3.7#6337-sha1:2ed701e) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Adrien Thebo updated an issue Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Adrien Thebo Fix Version/s: PUPfuture Fix Version/s: PUP4.0.0 Add Comment This message was sent by Atlassian JIRA (v6.3.7#6337-sha1:2ed701e) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Adrien Thebo updated an issue Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Adrien Thebo Component/s: Client Add Comment This message was sent by Atlassian JIRA (v6.3.7#6337-sha1:2ed701e) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Chris Barker updated an issue Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Chris Barker Labels: ssl tse Add Comment This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Adrien Thebo commented on an issue Re: Destructive puppet cert operations should have a safety check This issue has been bothering me ever since 2011, when I accidentally ran this on live infrastructure. Fortunately this was back when `puppet cert clean` only removed certificates and didn't revoke them, otherwise I would have been the rookie sysadmin who burned down the entire Puppet CA. There's a very simple fix for this - disallow --force with clean or revoke. If people really want to lobotomize their CAs with one command then we can restore that functionality later, but I'm invoking YAGNI on that functionality. Add Comment Puppet / PUP-1426 Destructive puppet cert operations should have a safety check When running the puppet cert command, you should not be able to pass both list and clean in the same command. Example: http://paste.debian.net/75956/ In this case, adding --all seems to have nuked the whole of the puppet cert directory and completely broken someone's installation. This should not be possible. Ideally, when using puppet cert cl... This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede) -- You received this
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Charlie Sharpsteen updated an issue Puppet / PUP-1426 Destructive puppet cert operations should have a safety check Change By: Charlie Sharpsteen Summary: Destructive puppetcert listandcleancommands operations should bemutuallyexclusive haveasafetycheck Add Comment This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Andy Parker commented on an issue Re: Destructive puppet cert operations should have a safety check Charlie Sharpsteen, I agree with all 3 of your recommendations. It should be much harder to shoot yourself in the foot with the puppet cert command than it currently is. I think the changes you outlined would lead to that. I haven't investigated this myself, so I don't know if there are still some gaps that can be bad, but I think your list is a good place to start. Add Comment Puppet / PUP-1426 Destructive puppet cert operations should have a safety check When running the puppet cert command, you should not be able to pass both list and clean in the same command. Example: http://paste.debian.net/75956/ In this case, adding --all seems to have nuked the whole of the puppet cert directory and completely broken someone's installation. This should not be possible. Ideally, when using puppet cert cl... This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email
Jira (PUP-1426) Destructive puppet cert operations should have a safety check
Title: Message Title Andy Parker commented on an issue Re: Destructive puppet cert operations should have a safety check I've moved this ticket to Accepted. It is not currently on our priority list, but if someone wants to make the changes to tighten up puppet cert, we'd be happy to review it and work with you on getting it in. Add Comment Puppet / PUP-1426 Destructive puppet cert operations should have a safety check When running the puppet cert command, you should not be able to pass both list and clean in the same command. Example: http://paste.debian.net/75956/ In this case, adding --all seems to have nuked the whole of the puppet cert directory and completely broken someone's installation. This should not be possible. Ideally, when using puppet cert cl... This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at
