Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix v6 server-side use of missing APIs #91

Closed
izgeri opened this issue Jun 25, 2020 · 0 comments
Closed

Fix v6 server-side use of missing APIs #91

izgeri opened this issue Jun 25, 2020 · 0 comments
Assignees
@sgnn7 @doodlesbykumbi
Labels
component/puppet kind/bug severity/medium
Milestone
Conjur Puppet Int...

Comments

@izgeri
Copy link
Contributor

izgeri commented Jun 25, 2020

When running the e2e smoketest with Puppet v6 server, we get 500 errors.

Running e2e and monitoring the server container logs, error can be seen here:

2020-06-25 20:02:55,317 ERROR [p.r.core] Internal Server Error: org.jruby.exceptions.NotImplementedError: (NotImplementedError) NotImplementedError
        at RUBY.create_session(/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/http/external_client.rb:77)
        at RUBY.initialize(/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/ssl/state_machine.rb:376)
        at RUBY.certificate(/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/ssl/host.rb:126)
        at RUBY.localhost(/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/ssl/host.rb:28)
        at RUBY.decrypt(/etc/puppetlabs/code/environments/production/modules/conjur/lib/puppet/functions/conjur/decrypt.rb:11)

in this block of code: https://github.com/cyberark/conjur-puppet/blob/v2.0.3/lib/puppet/functions/conjur/decrypt.rb#L11

Relevant block:

  def decrypt pkcs7
    host = Puppet::SSL::Host.localhost
    key = host.key.content
    certificate = host.certificate.content
    decryptor = OpenSSL::PKCS7.new pkcs7
    sensitive.new decryptor.decrypt key, certificate
  end
@izgeri izgeri mentioned this issue Jun 25, 2020
Closed
sgnn7 added a commit that referenced this issue Jun 25, 2020
@sgnn7
Fix use of missing APIs in decrypt.rb when used w/ v6 server
928a3e5 
We now use the newer way to get certificate and key from the server
since the v5 APIs we used have been removed. In case we do end up
running on server v5, we still fall back on the original certificate
logic for backward compatibility.

Connected to #91
@sgnn7 sgnn7 mentioned this issue Jun 25, 2020
Merged
6 tasks
sgnn7 added a commit that referenced this issue Jun 25, 2020
@sgnn7
Fix use of missing APIs in decrypt.rb when used w/ v6 server
1190526 
We now use the newer way to get certificate and key from the server
since the v5 APIs we used have been removed. In case we do end up
running on server v5, we still fall back on the original certificate
logic for backward compatibility.

Connected to #91
sgnn7 added a commit that referenced this issue Jun 26, 2020
@sgnn7
Fix use of missing APIs in decrypt.rb when used w/ v6 server
6593503 
We now use the newer way to get certificate and key from the server
since the v5 APIs we used have been removed. In case we do end up
running on server v5, we still fall back on the original certificate
logic for backward compatibility.

Connected to #91
@izgeri izgeri mentioned this issue Jul 9, 2020
Closed
1 task
@izgeri izgeri closed this as completed Jul 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sgnn7 sgnn7

@doodlesbykumbi doodlesbykumbi

Labels
component/puppet kind/bug severity/medium
Projects
None yet
Milestone
Conjur Puppet Integration Supports Pu...
Development

No branches or pull requests
3 participants
@sgnn7 @doodlesbykumbi @izgeri