Add ssl_password_file directive to support encrypted ssl keys #1346
Conversation
nginx::resource::server is a typeThe enclosing module is declared in 11 of 577 indexed public Puppetfiles. Breaking changes to this file WILL impact these modules (exact match):
Breaking changes to this file MAY impact these modules (near match): These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report. Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only. |
|
Note: I designed this change to be non-breaking |
|
Hi @joernott, thanks for the PR. Can you please add tests to it? |
Co-Authored-By: Tim Meusel <tim@bastelfreak.de>
|
I did not find where you get your certificates from. Or is a simple test like "I added the directive and it shows up in the config file" sufficient? |
|
It's okay to add an rspec test that verifies the content of the file. |
|
Hmm, the password file itself is not handled by the nginx class. It is used by nginx to decrypt the ssl key. As the nginx module does not provide the content of the certificate file but just uses these files, it handles the password to the key the same way. Everything else would be illogical. I'll try to find a way to inject an encrypted ssl key somewhere and the key file for it and then have nginx use the key/cert. |
|
Thanks for the awesome acceptance test! |
…file Add ssl_password_file directive to support encrypted ssl keys
Pull Request (PR) description
This pull request adds support for the ssl_password_file directive of nginx. This directive is needed, if the ssl key file is password encrypted (should be standard nowadays).
This Pull Request (PR) fixes the following issues
n/a (I didn't create an issue first but tried to not only raise a request but also deliver the solution)