Project

General

Profile

Bug #111

Cleaning a puppet certificate logic is incomplete

Added by Paul Kelly over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
PuppetCA
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

A certificate removal should fail if there is no CA but succeed if there is no certificate in the CA

Associated revisions

Revision 7b3d57e3 (diff)
Added by Paul Kelly over 9 years ago

Fixes #111 - GW::puppetca#clean now logs an error and fails when there in no CA

History

#1 Updated by Ohad Levy over 9 years ago

  • Category set to PuppetCA
  • Assignee set to Paul Kelly
  • Target version set to 0.1-3

#2 Updated by Paul Kelly over 9 years ago

  • Status changed from New to Closed

The fix can be found on github.com/pkelly on bug/111

#3 Updated by Ohad Levy over 9 years ago

  • Status changed from Closed to Feedback

the PuppetCA.clean method returns true if something breaks, is this on purpose?

#4 Updated by Paul Kelly over 9 years ago

I guess that we have a misunderstanding about what constitutes an error.

An error condition is raised if the CA or puppetca are not available. This indicates in installation problem and should NEVER happen. I added this, per your request, as you were quite right about that oversight.

At this point we are requested to ensure that there is no certificate for the host.
If there is a certificate then we remove it using puppetca and return the status of puppetca as the status of the removal. Also, if this operation caused an exception then we return a failed response.

If there was no certificate for the host then I accept that this is unexpected, however I return true because the Foreman operation that I am expecting to perform is still able to progress. I could return false and abort the creation of the host but this would be unhelpful to the user. Do you want me to add a logger.warning message along the lines of "Unable to remove certificate for host XXX as it is already removed"?
It is also possible that a host may get it build button pressed repeatedly and this removes the certificate on the first press, so later ones will be unable to remove the certificate again.

What do you think?

#5 Updated by Paul Kelly over 9 years ago

  • Status changed from Feedback to Ready For Testing
  • % Done changed from 0 to 100

#6 Updated by Ohad Levy over 9 years ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF