Skip to content

Fix certificate renewal checks#82

Merged
myii merged 2 commits intosaltstack-formulas:masterfrom
netmanagers:master
Jun 23, 2021
Merged

Fix certificate renewal checks#82
myii merged 2 commits intosaltstack-formulas:masterfrom
netmanagers:master

Conversation

@javierbertoli
Copy link
Member

@javierbertoli javierbertoli commented Jun 14, 2021

PR progress checklist (to be filled in by reviewers)

  • Changes to documentation are appropriate (or tick if not required)
  • Changes to tests are appropriate (or tick if not required)
  • Reviews completed

What type of PR is this?

Primary type

  • [build] Changes related to the build system
  • [chore] Changes to the build process or auxiliary tools and libraries such as documentation generation
  • [ci] Changes to the continuous integration configuration
  • [feat] A new feature
  • [fix] A bug fix
  • [perf] A code change that improves performance
  • [refactor] A code change that neither fixes a bug nor adds a feature
  • [revert] A change used to revert a previous commit
  • [style] Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)

Secondary type

  • [docs] Documentation changes
  • [test] Adding missing or correcting existing tests

Does this PR introduce a BREAKING CHANGE?

No.

Related issues and/or pull requests

fixes #57

Describe the changes you're proposing

To avoid running a remote certificate renew each time, the domains.sls state was using an unless clause that verified if the existing certificate already existed. However, as described here, if a new SAN is added to the certificate, the check will only verify that the cert exists, but will not verify its contents, therefore skipping the modification to it.

This new PR modifies this clause to check the certificate existence with all the desired domains in it.

Also modified the check for the git-based installation, which was broken.

Pillar / config required to test the proposed changes

Debug log showing how the proposed changes work

Documentation checklist

  • Updated the README (e.g. Available states).
  • Updated pillar.example.

Testing checklist

  • Included in Kitchen (i.e. under state_top).
  • Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
  • Updated the relevant test pillar.

Additional context

@javierbertoli javierbertoli requested a review from daks June 21, 2021 19:23
daks
daks approved these changes Jun 23, 2021
View reviewed changes
Copy link
Member

@daks daks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just did a visual review, did not test it, but it seems fine for me

@myii myii merged commit 2a4643a into saltstack-formulas:master Jun 23, 2021
@myii
Copy link

myii commented Jun 23, 2021

Merged. Thanks to @javierbertoli for the PR and to @daks for the review.

@saltstack-formulas-travis
Copy link

saltstack-formulas-travis commented Jun 23, 2021

🎉 This PR is included in version 2.1.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daks daks daks approved these changes

@baby-gnu baby-gnu Awaiting requested review from baby-gnu

@sticky-note sticky-note Awaiting requested review from sticky-note

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Adding a new SubjectAlternativeName to a set doesn't cause a renew

4 participants

@javierbertoli @myii @saltstack-formulas-travis @daks