Hi,
I'm trying to create an autosign policy which checks for a custom attribute in the CSR but I'm having some issue with the master not signing the request.
My client has the following in /etc/puppet/csr_attributes.yaml
custom_attributes:
1.2.840.113549.1.9.7: foo
My policy is a simple bash script, in this case checking for foo
#!/bin/bash
CUSTOM_ATTR=$(echo "$(cat)" | grep "challengePassword" | awk -F ":" '{print$2}')
if [[ "$CUSTOM_ATTR" == "foo" ]]
then
exit 0
else
exit 1
fi I had tested with the following, I'm guessing the issue is with my script not reading in the CSR from puppet? If anyone has any examples of policies they have created I would love to see them (this seems to be lacking in the puppet documentation).
sudo openssl req -noout -text -in /var/lib/puppet/ssl/ca/requests/mynode.pem | /etc/puppet/autosign.sh; echo $?
0Many thanks,
George