Bug #111
closedCleaning a puppet certificate logic is incomplete
Description
A certificate removal should fail if there is no CA but succeed if there is no certificate in the CA
Updated by Ohad Levy about 15 years ago
- Category set to PuppetCA
- Assignee set to Paul Kelly
- Target version set to 0.1-3
Updated by Paul Kelly about 15 years ago
- Status changed from New to Closed
The fix can be found on github.com/pkelly on bug/111
Updated by Ohad Levy about 15 years ago
- Status changed from Closed to Feedback
the PuppetCA.clean method returns true if something breaks, is this on purpose?
Updated by Paul Kelly about 15 years ago
I guess that we have a misunderstanding about what constitutes an error.
An error condition is raised if the CA or puppetca are not available. This indicates in installation problem and should NEVER happen. I added this, per your request, as you were quite right about that oversight.
At this point we are requested to ensure that there is no certificate for the host.
If there is a certificate then we remove it using puppetca and return the status of puppetca as the status of the removal. Also, if this operation caused an exception then we return a failed response.
If there was no certificate for the host then I accept that this is unexpected, however I return true because the Foreman operation that I am expecting to perform is still able to progress. I could return false and abort the creation of the host but this would be unhelpful to the user. Do you want me to add a logger.warning message along the lines of "Unable to remove certificate for host XXX as it is already removed"?
It is also possible that a host may get it build button pressed repeatedly and this removes the certificate on the first press, so later ones will be unable to remove the certificate again.
What do you think?
Updated by Paul Kelly about 15 years ago
- Status changed from Feedback to Ready For Testing
- % Done changed from 0 to 100
Applied in changeset 7b3d57e3bd3bd63a175435f4f8ad265c8aa9161d.
Updated by Ohad Levy about 15 years ago
- Status changed from Ready For Testing to Closed