diff --git a/lib/puppet/ssl/oids.rb b/lib/puppet/ssl/oids.rb index 675204489ea..f9897724304 100644 --- a/lib/puppet/ssl/oids.rb +++ b/lib/puppet/ssl/oids.rb @@ -71,7 +71,7 @@ module Puppet::SSL::Oids ["1.3.6.1.4.1.34380.1.3", 'ppAuthCertExt', 'Puppet Certificate Authorization Extension'], ["1.3.6.1.4.1.34380.1.3.1", 'pp_authorization', 'Certificate Extension Authorization'], - ["1.3.6.1.4.1.34380.1.3.2", 'pp_auth_auto_renew', 'Auto-Renew Certificate Extension'], + ["1.3.6.1.4.1.34380.1.3.2", 'pp_auth_auto_renew', 'Auto-Renew Certificate Attribute'], ["1.3.6.1.4.1.34380.1.3.13", 'pp_auth_role', 'Puppet Node Role Name for Authorization'], ["1.3.6.1.4.1.34380.1.3.39", 'pp_cli_auth', 'Puppetserver CA CLI Authorization'], ] diff --git a/lib/puppet/x509/cert_provider.rb b/lib/puppet/x509/cert_provider.rb index faa11f8eb2e..e9c9ac8a2ac 100644 --- a/lib/puppet/x509/cert_provider.rb +++ b/lib/puppet/x509/cert_provider.rb @@ -311,11 +311,11 @@ def create_request(name, private_key) options[:extension_requests] = csr_attributes.extension_requests end - # Adds auto-renew extension to CSR if the agent supports auto-renewal of + # Adds auto-renew attribute to CSR if the agent supports auto-renewal of # certificates if Puppet[:hostcert_renewal_interval] && Puppet[:hostcert_renewal_interval] > 0 - options[:extension_requests] ||= {} - options[:extension_requests].merge!({'1.3.6.1.4.1.34380.1.3.2' => 'true'}) + options[:csr_attributes] ||= {} + options[:csr_attributes].merge!({'1.3.6.1.4.1.34380.1.3.2' => 'true'}) end csr = Puppet::SSL::CertificateRequest.new(name) diff --git a/spec/unit/ssl/state_machine_spec.rb b/spec/unit/ssl/state_machine_spec.rb index 938638e7dd1..f32225af356 100644 --- a/spec/unit/ssl/state_machine_spec.rb +++ b/spec/unit/ssl/state_machine_spec.rb @@ -820,7 +820,8 @@ def write_csr_attributes(data) csr.custom_attributes ).to contain_exactly( {'oid' => '1.3.6.1.4.1.34380.1.2.1', 'value' => 'CSR specific info'}, - {'oid' => '1.3.6.1.4.1.34380.1.2.2', 'value' => 'more CSR specific info'} + {'oid' => '1.3.6.1.4.1.34380.1.2.2', 'value' => 'more CSR specific info'}, + {'oid' => '1.3.6.1.4.1.34380.1.3.2', 'value' => 'true'} ) end.to_return(status: 200) @@ -843,8 +844,7 @@ def write_csr_attributes(data) csr.request_extensions ).to contain_exactly( {'oid' => '1.3.6.1.4.1.34380.1.1.31415', 'value' => 'pi'}, - {'oid' => '1.3.6.1.4.1.34380.1.1.2718', 'value' => 'e'}, - {'oid' => 'pp_auth_auto_renew', 'value' => 'true'} + {'oid' => '1.3.6.1.4.1.34380.1.1.2718', 'value' => 'e'} ) end.to_return(status: 200) diff --git a/spec/unit/x509/cert_provider_spec.rb b/spec/unit/x509/cert_provider_spec.rb index c71dd6d58c0..ae46eb60855 100644 --- a/spec/unit/x509/cert_provider_spec.rb +++ b/spec/unit/x509/cert_provider_spec.rb @@ -593,18 +593,18 @@ def expects_private_file(path) let(:provider) { create_provider(requestdir: requestdir) } let(:key) { OpenSSL::PKey::RSA.new(Puppet[:keylength]) } - it 'has the auto-renew extension by default for agents that support automatic renewal' do + it 'has the auto-renew attribute by default for agents that support automatic renewal' do csr = provider.create_request(name, key) - # need to create CertificateRequest instance from csr in order to use request_extensions() + # need to create CertificateRequest instance from csr in order to view CSR attributes wrapped_csr = Puppet::SSL::CertificateRequest.from_instance csr - expect(wrapped_csr.request_extensions).to include('oid' => 'pp_auth_auto_renew', 'value' => 'true') + expect(wrapped_csr.custom_attributes).to include('oid' => 'pp_auth_auto_renew', 'value' => 'true') end - it 'does not have the auto-renew extension for agents that do not support automatic renewal' do + it 'does not have the auto-renew attribute for agents that do not support automatic renewal' do Puppet[:hostcert_renewal_interval] = 0 csr = provider.create_request(name, key) wrapped_csr = Puppet::SSL::CertificateRequest.from_instance csr - expect(wrapped_csr.request_extensions.length).to eq(0) + expect(wrapped_csr.custom_attributes.length).to eq(0) end end end