Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for custom certificates to old PuppetDB #72

Merged
merged 2 commits into from
Jun 14, 2022
Merged

Add support for custom certificates to old PuppetDB #72

merged 2 commits into from
Jun 14, 2022

Conversation

bastelfreak
Copy link
Member

@bastelfreak bastelfreak commented Jun 9, 2022
edited
Loading

This implementation is based on a suggestion from Josh Cooper:

Yeah can use
https://www.rubydoc.info/gems/puppet/Puppet/X509/CertProvider to load
x509 certificates and then create a custom ssl context using
https://www.rubydoc.info/gems/puppet/Puppet/SSL/SSLProvider, and pass it
into any of the http client methods, e.g.
x509 = Puppet::X509::CertProvider.new
cacerts = x509.load_cacerts_from_pem(File.read('...', encoding: Encoding::UTF_8))
prov = Puppet::SSL::Provider.new
ctx = prov.create_context(cacerts: cacerts, revocation: false, ...)
response = Puppet.runtime[:http].get(URI('https://...', options: { ssl_context: ctx })

Slack link:
https://puppetcommunity.slack.com/archives/C0W1X7ZAL/p1652464163822119?thread_ts=1652453262.819079&cid=C0W1X7ZAL

depends on #68

@bastelfreak bastelfreak added the enhancement New feature or request label Jun 9, 2022
@bastelfreak bastelfreak self-assigned this Jun 9, 2022
@bastelfreak
Copy link
Member Author

Depends on #68

@bastelfreak bastelfreak changed the title Foo Add support for custom certificates to old PuppetDB Jun 9, 2022
@bastelfreak bastelfreak marked this pull request as ready for review June 10, 2022 10:15
@bastelfreak
Copy link
Member Author

requires some documentation, but the cods seems to be fine and working \o/

@bastelfreak
Copy link
Member Author

I think it's ready for review now :)

@bastelfreak
Add support for custom certificates to old PuppetDB
06c6c83 
This implementation is based on a suggestion from Josh Cooper:
```
Yeah can use
https://www.rubydoc.info/gems/puppet/Puppet/X509/CertProvider to load
x509 certificates and then create a custom ssl context using
https://www.rubydoc.info/gems/puppet/Puppet/SSL/SSLProvider, and pass it
into any of the http client methods, e.g.
x509 = Puppet::X509::CertProvider.new
cacerts = x509.load_cacerts_from_pem(File.read('...', encoding: Encoding::UTF_8))
prov = Puppet::SSL::Provider.new
ctx = prov.create_context(cacerts: cacerts, revocation: false, ...)
response = Puppet.runtime[:http].get(URI('https://...', options: { ssl_context: ctx })
```

Slack link:
https://puppetcommunity.slack.com/archives/C0W1X7ZAL/p1652464163822119?thread_ts=1652453262.819079&cid=C0W1X7ZAL
SimonHoenscheid
SimonHoenscheid reviewed Jun 14, 2022
View reviewed changes
Copy link
Member

@SimonHoenscheid SimonHoenscheid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

evgeni
evgeni approved these changes Jun 14, 2022
View reviewed changes
Copy link
Member

@evgeni evgeni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have a setup to test this, but the code reads correctly to me!

@bastelfreak bastelfreak merged commit 0cd3869 into voxpupuli:master Jun 14, 2022
@bastelfreak bastelfreak deleted the foo branch June 14, 2022 09:37
rwaffen
rwaffen reviewed Jun 14, 2022
View reviewed changes
Copy link
Member

@rwaffen rwaffen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rwaffen rwaffen rwaffen left review comments

@SimonHoenscheid SimonHoenscheid SimonHoenscheid left review comments

@evgeni evgeni evgeni approved these changes

Assignees

@bastelfreak bastelfreak

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bastelfreak @evgeni @rwaffen @SimonHoenscheid