Feature #1361
autosign only allows for hostname matching, rather than allow/deny blocks
| Status: | Tests Insufficient | Start date: | 06/13/2008 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Nigel Kersten |
% Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Affected Puppet version: | 0.24.4 | Branch: | ||
| Keywords: | ||||
| Votes: | 1 |
Description
Currently, autosign only allows hostname matching, rather than the more complete implementation of allow/deny available through the fileserver module. I’ve modified puppet/handler/ca.rb to process autosign.conf for hostnames as well as allow/deny configuration blocks.
New behavior is to parse for allow/deny blocks, and then as a default, call auth.allow with the value of the line from autosign.conf. This should keep behavior backward compatible.
As this is my first bit of ruby, as well as git patch, let me know if I need to do anything different.
Jason
History
Updated by AJ Christensen almost 4 years ago
- Status changed from Unreviewed to Accepted
- Target version changed from 0.24.4 to 0.24.5
- Patch changed from Code to Insufficient
Hi,
Please supply Rspec test specifications showing the old behaviour working, and your new behaviour correctly working as well.
If you intend to (eventually) replace the old behaviour entirely, this will have to be accepted by James/Luke and moved into a deprecation cycle.
Thanks :)
Updated by James Turnbull almost 4 years ago
Also just an FYI on patches and development this will help – http://reductivelabs.com/trac/puppet/wiki/DevelopmentLifecycle.
Updated by Luke Kanies almost 4 years ago
- Target version changed from 0.24.5 to 4
Please make these changes against the master branch, as the sslcertificates code isn’t well tested and will be deprecated as soon as 0.25 comes out.
This delays the feature being applied, but this feature breaks backward compatibility, so it needs to happen in a larger release anyway.
Updated by Luke Kanies almost 4 years ago
Sorry; make the changes against the code in the ‘ssl’ subdirectory in the master branch. The ‘sslcertificates’ stuff is still there, but will become EOL'ed and unmaintained (and removed) as soon as possible.
Updated by Jason Hansen almost 4 years ago
- File 0001-Initial-commit-for-ticket-1361.patch added
I’ve modified the patch for ‘master’, and started working with getting rspec updated. As I’m still trying to figure out rspec, the test aren’t currently valid. Proper rspec tests to follow.
Updated by Nigel Kersten over 1 year ago
- Status changed from Accepted to Tests Insufficient
- Assignee set to Nigel Kersten
Any progress Jacob?
Updated by James Turnbull 9 months ago
- Target version deleted (
4)
Updated by Nigel Kersten 9 months ago
- Assignee changed from Nigel Kersten to Jason Hansen
Jason, any chance you’ve had some time to work on tests?
Updated by Jason Hansen 9 months ago
- Assignee changed from Jason Hansen to Nigel Kersten
I submitted this update 3 years ago. I don’t really have context any more. If you’d like the intended behavior I could make some time to get things running. Otherwise you can probably close the issue.
Updated by Nigel Kersten 9 months ago
It was my mistake to not assign to you 10 months ago when I asked the question first, and to then call you by the wrong name… sorry :(
If you have the time to work on tests that would be much appreciated, otherwise I’ll see who else I can grab to try and rebase this and get some tests written.