Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(PUP-11896) Send auto-renew extension in CSR #9076

Merged
merged 1 commit into from
Jun 28, 2023
Merged

(PUP-11896) Send auto-renew extension in CSR #9076

merged 1 commit into from
Jun 28, 2023

Conversation

AriaXLi
Copy link
Contributor

@AriaXLi AriaXLi commented Jun 27, 2023

This commit adds an auto-renew extension to the CSR when it is generated if the agent supports auto-renewal of certificates. Agents that either do not have the hostcert_renewal_interval setting or have it set to 0 do not support auto-renewal.

@AriaXLi AriaXLi requested a review from a team as a code owner June 27, 2023 22:41
@AriaXLi
(PUP-11896) Send auto-renew extension in CSR
ae2cf20 
This commit adds an auto-renew extension to the CSR when it is generated if the
agent supports auto-renewal of certificates. Agents that either do not have the
hostcert_renewal_interval setting or have it set to 0 do not support auto-renewal.
@AriaXLi AriaXLi force-pushed the PUP-11896/auto-renew_extension branch from 57a5c91 to ae2cf20 Compare June 27, 2023 22:51
joshcooper
joshcooper reviewed Jun 27, 2023
View reviewed changes
Copy link
Contributor

@joshcooper joshcooper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Any idea why we jumped from ...1.3.1 to ...1.3.13? And whether adding ...1.3.2 is possibly squatting on an existing, but undocumented OID?

@AriaXLi
Copy link
Contributor Author

AriaXLi commented Jun 27, 2023
edited
Loading

LGTM!

Any idea why we jumped from ...1.3.1 to ...1.3.13? And whether adding ...1.3.2 is possibly squatting on an existing, but undocumented OID?

I'm not too sure...lemme ask Charlie about it just in case!

Edit: He also doesn't really know why there's a jump between them and ...1.3.2 should be available.

He did mention that 1.3.6.1.4.1.34380.1.3.39 is an undocumented OID that's used to allow puppetserver CA CLI tool to submit requests to the puppet-CA API that change the status of certificates (issue, revoke, destroy, etc.). There's a ticket, PUP-9964, to add that OID so I put up a PR (#9077) to add it.

@joshcooper joshcooper merged commit e6339f7 into puppetlabs:main Jun 28, 2023
9 checks passed
@AriaXLi AriaXLi deleted the PUP-11896/auto-renew_extension branch June 28, 2023 16:14
@austb austb mentioned this pull request Jun 29, 2023
Merged
AriaXLi added a commit to AriaXLi/puppet that referenced this pull request Jun 29, 2023
@AriaXLi
(PUP-11896) Send auto-renew attribute in CSR
1d3540c 
This commit adds an auto-renew attribute to the CSR when it is generated if the
agent supports auto-renewal of certificates. Agents that either do not have the
hostcert_renewal_interval setting or have it set to 0 do not support auto-renewal.

Originally, this was added as an auto-renew extension to the CSR (see puppetlabs#9076).
However, in its default (FOSS) configuration,  puppetserver rejects extensions
so the auto-renew will be implemented as an attribute instead.
@AriaXLi AriaXLi mentioned this pull request Jun 29, 2023
Merged
AriaXLi added a commit to AriaXLi/puppet that referenced this pull request Jun 29, 2023
@AriaXLi
(PUP-11896) Send auto-renew attribute in CSR
9580538 
This commit adds an auto-renew attribute to the CSR when it is generated if the
agent supports auto-renewal of certificates. Agents that either do not have the
hostcert_renewal_interval setting or have it set to 0 do not support auto-renewal.

Originally, this was added as an auto-renew extension to the CSR (see puppetlabs#9076).
However, in its default (FOSS) configuration,  puppetserver rejects extensions
so the auto-renew will be implemented as an attribute instead.
AriaXLi added a commit to AriaXLi/puppet that referenced this pull request Jun 29, 2023
@AriaXLi
(PUP-11896) Send auto-renew attribute in CSR
e42c0fa 
This commit adds an auto-renew attribute to the CSR when it is generated if the
agent supports auto-renewal of certificates. Agents that either do not have the
hostcert_renewal_interval setting or have it set to 0 do not support auto-renewal.

Originally, this was added as an auto-renew extension to the CSR (see puppetlabs#9076).
However, in its default (FOSS) configuration,  puppetserver rejects extensions
so the auto-renew will be implemented as an attribute instead.
AriaXLi added a commit to AriaXLi/puppet that referenced this pull request Jun 29, 2023
@AriaXLi
(PUP-11896) Send auto-renew attribute in CSR
334b053 
This commit adds an auto-renew attribute to the CSR when it is generated if the
agent supports auto-renewal of certificates. Agents that either do not have the
hostcert_renewal_interval setting or have it set to 0 do not support auto-renewal.

Originally, this was added as an auto-renew extension to the CSR (see puppetlabs#9076).
However, in its default (FOSS) configuration,  puppetserver rejects extensions
so the auto-renew will be implemented as an attribute instead.
AriaXLi added a commit to AriaXLi/puppet that referenced this pull request Jun 29, 2023
@AriaXLi
(PUP-11896) Send auto-renew attribute in CSR
bd2bfd9 
This commit adds an auto-renew attribute to the CSR when it is generated if the
agent supports auto-renewal of certificates. Agents that either do not have the
hostcert_renewal_interval setting or have it set to 0 do not support auto-renewal.

Originally, this was added as an auto-renew extension to the CSR (see puppetlabs#9076).
However, in its default (FOSS) configuration,  puppetserver rejects extensions
so the auto-renew will be implemented as an attribute instead.
AriaXLi added a commit to AriaXLi/puppet that referenced this pull request Jun 29, 2023
@AriaXLi
(PUP-11896) Send auto-renew attribute in CSR
a5df18b 
This commit adds an auto-renew attribute to the CSR when it is generated if the
agent supports auto-renewal of certificates. Agents that either do not have the
hostcert_renewal_interval setting or have it set to 0 do not support auto-renewal.

Originally, this was added as an auto-renew extension to the CSR (see puppetlabs#9076).
However, in its default (FOSS) configuration,  puppetserver rejects extensions
so the auto-renew will be implemented as an attribute instead.
joshcooper pushed a commit to AriaXLi/puppet that referenced this pull request Jun 30, 2023
@AriaXLi @joshcooper
(PUP-11896) Send auto-renew attribute in CSR
ec4529e 
This commit adds an auto-renew attribute to the CSR when it is generated if the
agent supports auto-renewal of certificates. Agents that either do not have the
hostcert_renewal_interval setting or have it set to 0 do not support auto-renewal.

Originally, this was added as an auto-renew extension to the CSR (see puppetlabs#9076).
However, in its default (FOSS) configuration,  puppetserver rejects extensions
so the auto-renew will be implemented as an attribute instead.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshcooper joshcooper joshcooper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AriaXLi @joshcooper