Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for certificate_content and private_key_content parameters #385

Merged
merged 1 commit into from
Mar 30, 2022
Merged

Add support for certificate_content and private_key_content parameters #385

merged 1 commit into from
Mar 30, 2022

Conversation

hajee
Copy link
Contributor

@hajee hajee commented Mar 15, 2022
edited
Loading

The current implementation only allows you to pass a file name to the certificate and private_key parameters. When you are fetching certificates from vault or another secure store, you'll first have to save them to a file. This is very innconveniant.

This PR add's the parameters certificate_content and private_key_content. These parameters are mutually exclusive from their file counterparts.

With this change, you can now fetch a certificate and/or a password from vault (through a hiera lookup for example) and use it directly on the type.

Because these values can be sensitive, both of the new parameters support passing the value as a sensitive data type.

@puppet-community-rangefinder
Copy link

java_ks is a type

Breaking changes to this file MAY impact these 19 modules (near match):

This module is declared in 6 of 579 indexed public Puppetfiles.

These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

@hajee hajee force-pushed the add_support_for_certificate_content branch from fa6e69e to 3dd4ecc Compare March 15, 2022 10:41
@CLAassistant
Copy link

CLAassistant commented Mar 15, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@hajee hajee force-pushed the add_support_for_certificate_content branch 2 times, most recently from 7198628 to bdee364 Compare March 15, 2022 14:53
@hajee hajee marked this pull request as ready for review March 15, 2022 14:53
@hajee hajee requested a review from a team as a code owner March 15, 2022 14:53
@hajee
Copy link
Contributor Author

hajee commented Mar 22, 2022

Is there a timeline for review end eventually merge of the PR?

@chelnak
Copy link
Contributor

chelnak commented Mar 22, 2022

Hey @hajee, thank you for your contribution and sorry for such a long wait.

I'm happy with your PR and would like to get it merged. I'm just going to re-kick CI by closing and re-opening the PR, then pending a green run, we are good to go.

@chelnak chelnak closed this Mar 22, 2022
@chelnak chelnak reopened this Mar 22, 2022
@puppet-community-rangefinder
Copy link

java_ks is a type

Breaking changes to this file MAY impact these 19 modules (near match):

This module is declared in 6 of 579 indexed public Puppetfiles.

These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

@chelnak chelnak closed this Mar 22, 2022
@chelnak chelnak reopened this Mar 22, 2022
@puppet-community-rangefinder
Copy link

java_ks is a type

Breaking changes to this file MAY impact these 19 modules (near match):

This module is declared in 6 of 579 indexed public Puppetfiles.

These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

@chelnak
Copy link
Contributor

chelnak commented Mar 23, 2022

Hey @hajee, please could you rebase so that this PR has the latest from main? That should get CI going again!

@hajee hajee force-pushed the add_support_for_certificate_content branch from bdee364 to cffcf77 Compare March 23, 2022 08:11
@hajee
Copy link
Contributor Author

hajee commented Mar 23, 2022

I don't think I can do something to ensure a running acceptance test, do I?

@hajee
Copy link
Contributor Author

hajee commented Mar 29, 2022

@chelnak What is the progress on this? Anything I can do?

@chelnak chelnak closed this Mar 29, 2022
@chelnak chelnak reopened this Mar 29, 2022
@puppet-community-rangefinder
Copy link

java_ks is a type

Breaking changes to this file MAY impact these 19 modules (near match):

This module is declared in 6 of 579 indexed public Puppetfiles.

These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

@chelnak
Copy link
Contributor

chelnak commented Mar 29, 2022

I've just re-kicked the CI jobs. Lets see what happens.

@chelnak chelnak self-requested a review March 29, 2022 14:50
chelnak
chelnak previously approved these changes Mar 29, 2022
View reviewed changes
@chelnak
Copy link
Contributor

chelnak commented Mar 29, 2022

@hajee Could you add an example to the certificates section of the README explaining how a developer might get started with the new feature?

Once that's done I think we will be ready to merge!

@hajee hajee force-pushed the add_support_for_certificate_content branch from cffcf77 to c153723 Compare March 30, 2022 07:11
@hajee
Copy link
Contributor Author

hajee commented Mar 30, 2022

@chelnak I added some text to the README and force pushed it so there is a clean git history

bastelfreak
bastelfreak previously approved these changes Mar 30, 2022
View reviewed changes
@chelnak
Copy link
Contributor

chelnak commented Mar 30, 2022

Fantastic thank you! I'll get this merged!

@chelnak
Copy link
Contributor

chelnak commented Mar 30, 2022

@hajee I just had a second look prior to merge and noticed a couple of things.

Firstly, we like to keep the scope of PRs limited to their intention. I noticed you'd updated the ToC in this contribution. Please could you revert the change here? I'd be happy to accept it in another PR!

Secondly I've added a comment where I think there may be a small typo in the example

chelnak
chelnak reviewed Mar 30, 2022
View reviewed changes
README.md Outdated Show resolved Hide resolved
chelnak
chelnak suggested changes Mar 30, 2022
View reviewed changes
Copy link
Contributor

@chelnak chelnak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a comment regarding the example

@hajee
Add support for certificate_content and private_key_content parameters
2875855 
The current implementation only allows you to pass a file name to the certificate
and private_key parameters. When you are fetching certificates from vault or another secure store,
you'll first have to save them to a file. This is very innconveniant.

This PR add's the parameters certificate_content and private_key_content. These parameters
are mutually exclusive from their file counterparts.

With this change, you can now fetch a certificate and/or a password from vault
(through a hiera lookup for example) and use it directly on the type.

Because these values can be sensitive, both of the new parameters support
passing the value as a sensitive data type.
@hajee hajee force-pushed the add_support_for_certificate_content branch from c153723 to 2875855 Compare March 30, 2022 08:28
@chelnak chelnak self-requested a review March 30, 2022 20:53
chelnak
chelnak approved these changes Mar 30, 2022
View reviewed changes
Copy link
Contributor

@chelnak chelnak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Thank you 🚀

@chelnak chelnak merged commit 9dfc366 into puppetlabs:main Mar 30, 2022
@hajee
Copy link
Contributor Author

hajee commented Mar 31, 2022

@chelnak Thanks for merging. The next question is of course: When is a release planned?

@hajee hajee deleted the add_support_for_certificate_content branch March 31, 2022 06:33
@chelnak
Copy link
Contributor

chelnak commented Mar 31, 2022
edited
Loading

I'll see if we can get something out soon!

alexjfisher
alexjfisher reviewed Oct 23, 2024
View reviewed changes
lib/puppet/provider/java_ks/keytool.rb

# When no certificate file is specified, we infer the usage of
# certificate content and create a tempfile containing this value.
# we leave it to to the tempfile to clean it up after the pupet run exists.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or... anytime after this method exits leading to a race condition. See #425

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexjfisher alexjfisher alexjfisher left review comments

@chelnak chelnak chelnak approved these changes

@bastelfreak bastelfreak bastelfreak left review comments

Assignees
No one assigned
Labels
community feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@hajee @CLAassistant @chelnak @alexjfisher @bastelfreak @david22swan