Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ssl_password_file directive to support encrypted ssl keys #1346

Merged
merged 5 commits into from
Sep 24, 2019

Conversation

joernott
Copy link
Contributor

Pull Request (PR) description

This pull request adds support for the ssl_password_file directive of nginx. This directive is needed, if the ssl key file is password encrypted (should be standard nowadays).

This Pull Request (PR) fixes the following issues

n/a (I didn't create an issue first but tried to not only raise a request but also deliver the solution)

@puppet-community-rangefinder
Copy link

nginx::resource::server is a type

The enclosing module is declared in 11 of 577 indexed public Puppetfiles.

Breaking changes to this file WILL impact these modules (exact match):

Breaking changes to this file MAY impact these modules (near match):


These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

@joernott
Copy link
Contributor Author

Note: I designed this change to be non-breaking

@bastelfreak bastelfreak added enhancement New feature or request needs-tests labels Sep 23, 2019
@bastelfreak
Copy link
Member

Hi @joernott, thanks for the PR. Can you please add tests to it?

@joernott
Copy link
Contributor Author

I did not find where you get your certificates from. Or is a simple test like "I added the directive and it shows up in the config file" sufficient?

@bastelfreak
Copy link
Member

It's okay to add an rspec test that verifies the content of the file.

@joernott
Copy link
Contributor Author

Hmm, the password file itself is not handled by the nginx class. It is used by nginx to decrypt the ssl key. As the nginx module does not provide the content of the certificate file but just uses these files, it handles the password to the key the same way. Everything else would be illogical.

I'll try to find a way to inject an encrypted ssl key somewhere and the key file for it and then have nginx use the key/cert.

@bastelfreak
Copy link
Member

Thanks for the awesome acceptance test!

@bastelfreak bastelfreak merged commit 9ddae82 into voxpupuli:master Sep 24, 2019
Rubueno pushed a commit to Rubueno/puppet-nginx that referenced this pull request Oct 19, 2020
…file

Add ssl_password_file directive to support encrypted ssl keys
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants