Fixes #37817: Only copy server CA in build root if generate is true#463
Merged
ekohl merged 2 commits intotheforeman:masterfrom Sep 13, 2024
Merged
Fixes #37817: Only copy server CA in build root if generate is true#463ekohl merged 2 commits intotheforeman:masterfrom
ekohl merged 2 commits intotheforeman:masterfrom
Conversation
ekohl
approved these changes
Sep 13, 2024
| describe 'deploy certificates' do | ||
| manifest = <<-PUPPET | ||
| class { 'certs': | ||
| generate => false, |
Member
There was a problem hiding this comment.
Note to self: this bit I missed in my PR.
This asserts that the default CA and server CA are the same in one scenario and differ in the other.
Fixes: 433dadc ("Copy the server CA certificate with file resource")
ekohl
force-pushed
the
alternative-461
branch
from
3ac4e25 to
975bdb9
Compare
Member
|
I fixed up my commit message (customer -> custom) and added a |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Alternative to #461. This does include the tests from 461, but not the re-factorings. I wanted to have as crisp of a solution to the regression as possible. The re-factoring, which I like, we can layer on top of the fix afterward.
If you rewind to 433dadc, prior to this change, the
caresource was used to perform the copying to the server CA in the build root. This resource had thegenerateparameter built into it. This is what prevented the current regression from happening in the old design. When deploying a foreman-proxy-content scenario in the installer, we are supplying all the certificates in the tarball. Therefore no generation needs to occur. Which we can see as the case by looking at the answers file (https://github.com/theforeman/foreman-installer/blob/develop/config/foreman-proxy-content-answers.yaml#L13C1-L14C1):I think this is the correct solution at this point in time, as it restores the prior behavior and fixes the issues (as evidenced by the reproducer tests -- thanks @ekohl).
This issue has given me some ideas on how this could be improved in upcoming releases through some re-factoring and re-design.