Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: refreshable exports #202

Merged
merged 8 commits into from
Jul 17, 2024
Merged

feat: refreshable exports #202

merged 8 commits into from
Jul 17, 2024

Conversation

pavelkovtunov
Copy link
Contributor

@pavelkovtunov pavelkovtunov commented Jul 15, 2024
edited by kenyon
Loading

Pull Request (PR) description

Add possibility to switch the underlying Execs to "refreshonly" mode and hand over subscriptions to resource(s) as parameter. This fixes also a bug when p12 file is not renewed after the input file changed. Backward compatibility fully given.

This Pull Request (PR) fixes the following issues

Fixes #131

@pavelkovtunov
feat: refreshable exports
9c862f7 
Add possibility to switch the underlying Execs to "refreshonly" mode and handle over subscriptions to resource(s) as parameter. This fixes also a bug when p12 file is not renewed after the input file changed. Backward compatibility fully given.
@pavelkovtunov
Update REFERENCE.md
a5febe7
@pavelkovtunov
Update README.md
7dbf3fe
@bastelfreak bastelfreak added the enhancement New feature or request label Jul 15, 2024
@pavelkovtunov
Copy link
Contributor Author

Missed unit tests, my bad, will update in the next days 🙏

kenyon
kenyon requested changes Jul 16, 2024
View reviewed changes
Copy link
Member

@kenyon kenyon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few improvements to the docs.

README.md Outdated Show resolved Hide resolved
manifests/export/pem_cert.pp Outdated Show resolved Hide resolved
manifests/export/pem_key.pp Outdated Show resolved Hide resolved
manifests/export/pkcs12.pp Outdated Show resolved Hide resolved
@pavelkovtunov pavelkovtunov force-pushed the feat_refreshable_exports branch from d0388eb to 4feddcc Compare July 16, 2024 07:20
@pavelkovtunov pavelkovtunov requested a review from kenyon July 16, 2024 07:22
kenyon
kenyon approved these changes Jul 16, 2024
View reviewed changes
Copy link
Member

@kenyon kenyon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not a big user of this module, so I'm not sure how this feature would be used, but the code looks fine to me.

@pavelkovtunov
Copy link
Contributor Author

It's a big issue in a project I'm currently working on: if the certificate/key pair changes, the p12 and decrypted key files are not updated. In our case, the input files are also defined as a file resource and puppet is aware of any changes on these files. The contents of certificate and key files is pulled from a DB. If there is an update - the file resources take care of it, but the downstream logic in this OpenSSL Module won't do anything because of static "creates" parameter.

Before creating this PR I've wrote some code for our private workaround - just added an Exec for deleting the p12 and key file in case the input files change. I suppose some other boys and girls out there did the same to fix the issue locally. But IMHO it's always a better way to implement a generic solution for everyone. Hope it matches the community expectations :)

@kenyon kenyon merged commit 81502ee into voxpupuli:master Jul 17, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kenyon kenyon kenyon approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PKCS12 export not rebuit when inputs change
3 participants
@pavelkovtunov @kenyon @bastelfreak