diff options
| author | Luke Kanies <luke@madstop.com> | 2008-04-17 14:47:27 -0500 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-04-17 14:47:27 -0500 |
| commit | daa8cd57b9f61c40c1b4e6954533f197ee5a2f1d (patch) | |
| tree | 995e10e5727ee9bccc54b209cac834a223f69338 /spec/integration/network | |
| parent | 7d2c05e86eb14bc7600dcf1d61ba447cd9b4cab8 (diff) | |
| download | puppet-daa8cd57b9f61c40c1b4e6954533f197ee5a2f1d.tar.gz puppet-daa8cd57b9f61c40c1b4e6954533f197ee5a2f1d.tar.xz puppet-daa8cd57b9f61c40c1b4e6954533f197ee5a2f1d.zip | |
Changing all of the SSL terminus classes to treat CA files specially.
This is a kind of weird design situation. For instance, we've got a
collection of certificates in the :certdir, but then there's a special
CA certificate off by itself. Rather than build a whole separate
infrastructure for managing those separate files (cert and key, at least),
I decided to add special support for specifying where to find the CA-specific
bits, and then code for handling them when necessary.
This requires that we have a standard way of knowing whether we should be
managing the CA bits or normal host files. The Puppet::SSL::Host class now has
a 'ca_name' method that returns the string we're using for the CA name; this
name is currently 'ca'. We have to use a name, because the name is the only
thing that all methods have access to (e.g., when trying to 'find' the right
cert, we only have the name available).
What this means is that if you want access to the CA key or cert, then create
a Puppet::SSL::Host instance with the name 'ca'.
You'll still get the CA cert created with the host's :certname; it will just
be stored in a different location.
Diffstat (limited to 'spec/integration/network')
0 files changed, 0 insertions, 0 deletions