Jira (PUP-9720) puppet agent --fingerprint is broken

[Josh Cooper (JIRA)]

Josh Cooper created an issue

Puppet / PUP-9720 puppet agent --fingerprint is broken Issue Type: Task Assignee: Unassigned Created: 2019/05/24 3:09 PM Priority: Normal Reporter: Josh Cooper Prior to 6.4, puppet agent --fingerprint would print the hash of the client cert or client's CSR. It would generate a private key, submit the CSR, as part of that process. In 6.4 the option doesn't work, because it's trying to pass onetime: true keyword arguments, which the state machine doesn't accept. It also doesn't print the hash of the CSR, which is important for things like PUP-9715. Add Comment

This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9720 puppet agent --fingerprint is broken

Change By: Josh Cooper Team: Coremunity

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9720 puppet agent --fingerprint is broken

Change By: Josh Cooper Fix Version/s: PUP 6.5.0

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9720 puppet agent --fingerprint is broken

Change By: Josh Cooper Sprint: Coremunity Hopper

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9720 puppet agent --fingerprint is broken

Change By: Josh Cooper Fix Version/s: PUP 6.4.3

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9720 puppet agent --fingerprint is broken

Change By: Josh Cooper Affects Version/s: PUP 6.4.0

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9720 puppet agent --fingerprint is broken Change By: Josh Cooper

Prior to 6.4, {{puppet agent --fingerprint}} would print the hash of the client cert or client's CSR. It In the process it would generate a private key, submit the CSR, as part of that process attempt to download the client cert (which might be signed due to autosigning) and print the cert fingerprint (if we got one) or fallback to the CSR fingerprint .

In 6.4 the option doesn't work, because it's trying to pass {{onetime: true}} keyword arguments, which the state machine doesn't accept. It also doesn't print the hash of the CSR, which is important for things like PUP-9715.

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9720 puppet agent --fingerprint is broken Change By: Josh Cooper

Prior to 6.4, {{puppet agent --fingerprint}} would print the hash of the client cert or client's CSR. In the process it would generate a private key, submit download the CSR CA cert and CRL , attempt to download the client cert (which might be signed due to autosigning) , and print the cert 's fingerprint (if we got one) . If that failed it would attempt to load the client's CSR locally or fallback retrieve the CSR from the server, and print its fingerprint. Note {{puppet agent --fingerprint}} never submitted the CSR, but it might seem to work if a previous agent run had already submitted the CSR , and either due to manual intervention or autosigning, the CSR is signed before {{puppet agent -- fingerprint }} is run .

In 6.4 the option doesn't work, because it's trying to pass {{onetime: true}} keyword arguments, which the state machine doesn't accept. It also doesn't print the hash of the CSR, which is important for things like PUP-9715.

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9720 puppet agent --fingerprint is broken

Change By: Josh Cooper Sprint: Coremunity Hopper Platform Core KANBAN

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9720 puppet agent --fingerprint is broken

Change By: Josh Cooper Fix Version/s: PUP 6.5.0 Fix Version/s: PUP 6.6.0

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9720 puppet agent --fingerprint is broken

Change By: Josh Cooper Release Notes Summary: If the agent doesn't have a client cert yet, then `puppet agent --fingerprint` will now print the SHA256 digest of the certificate request (CSR) like it used to do in Puppet < 6.4. Release Notes: Bug Fix

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9720 puppet agent --fingerprint is broken

Change By: Josh Cooper Release Notes Summary: If the agent doesn't have a client cert yet, then `puppet agent --fingerprint` will now print the SHA256 digest of the certificate request (CSR) like it used to do in Puppet < 6.4. Note this the digest of the DER encoded certificate or CSR.

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper assigned an issue to Josh Cooper

Puppet / PUP-9720 puppet agent --fingerprint is broken

Change By: Josh Cooper Assignee: Josh Cooper

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper commented on PUP-9720

Re: puppet agent --fingerprint is broken Merged to 6.4.x in https://github.com/puppetlabs/puppet/commit/b0bc814212a0cbb271f245f7ddd700d1dd913da4

Add Comment

[Octavian Larion (JIRA)]

Octavian Larion commented on PUP-9720

Re: puppet agent --fingerprint is broken

This has arrived on master and is included in 6.6.0 release, closing this ticket.

Add Comment

[Jean Bond (JIRA)]

Jean Bond updated an issue

Puppet / PUP-9720

puppet agent --fingerprint is broken

Change By: Jean Bond Labels: resolved-issue-added

Add Comment