Majic Projects ~ [CLOSED] MAR-150 - On-the-fly generation of private keys and certificates for role tests

Majic Projects

Majic Ansible Roles

Projects
Wiki
- Quick links
- Wiki
- Project wikis
- Conntrackt
- Django Pydenticon
- Gimmecert
- Majic Ansible Roles
- Pydenticon
- Scripts
- Global content

You are not logged in

Majic Ansible Roles / Closed Enhancement MAR-150 On-the-fly generation of private keys and certificates for role tests

This issue has been closed with status "Closed" and resolution "RESOLVED".

- No additional actions available

Issue basics

Type of issue

Enhancement Unknown issue type
Issue label

No label set
Category

Not determined
Targetted for

5.0.0 Not determined
Status

Closed

Status not determined
Progress
Priority

Not determined

Affected by this issue (0)

There are no items

People involved

Posted by
branko (@branko)

Branko Majic
@branko

Last seen online at Sep 29, 2024 - 18:46

Show user details
Owned by

Not owned by anyone
Assigned to
branko (@branko)

Branko Majic
@branko

Last seen online at Sep 29, 2024 - 18:46

Show user details
Not assigned to anyone
Subscribers

0 subscriber(s)

Click here to show the list of subscribers

Times and dates

Posted at

Jan 05, 2020
Last updated

Sep 15, 2020
Estimated time

16 hours Not estimated
Time spent

No time spent

Click here to see time logged against this issue

Issue details

Resolution

RESOLVED Not determined
Reproducability

Not determined
Severity

Not determined

Attachments (0)

There is nothing attached to this issue

Child issues (0)

This issue does not have any child issues

Duplicate issues (0)

This issue does not have any duplicates

Show / hide more details »

Description

Current implementation of tests for the Majic Ansible Roles relies on using pre-generated private keys and X.509 certificates. This has a couple of drawbacks:

Making any kind of naming changes around test machine hostnames etc requires issuing new certificates by hand.
Certificates need to be renewed by hand upon expiration.
Truststores also need to be updated by hand.

It would be much better if the private key and certificate generation was performed "on-the-fly" during the test runs instead.

The following should be done:

Switch to using Gimmecert, small tool for quickly generating private keys, CA hierarchies, and issuing certificates.
Update roles:
- ldap_server
- mail_forwarder
- mail_server
- php_website
- web_server
- wsgi_website
- xmpp_server
Remove statically generated private keys/certificates.
Private key/certificate generation should be kept for the test site itself - only the role tests should be switched over to using Gimmecert.
Switch to using the .cert.pem and .key.pem as default extensions for certificates and private keys.
Update the release notes.
Update the role reference documentation.

Todos (0 / 0)

Options

There are no comments

Welcome to The Bug Genie

Log in with your username and password