Enforce correct attributes for acme.sh private keys
Needs ReviewPublic
Actions

Authored by dereckson on Fri, Oct 10, 22:19.

Details

Reviewers

Maniphest Tasks

T2132: Propagate acme.sh certificate so Dovecot can read it

Summary

Apply logic from 421712d5da56 to private key files too, so several applications
can access the certificate private key they need.

Ref T2132

Test Plan

When run on Hervil, confirmed no-op as keys are already 640/600.

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Passed

Unit

No Test Coverage

Branch

certificates-640

Build Status

Buildable 5983
Build 6265: arc lint + arc unit

Event Timeline

dereckson requested review of this revision.Fri, Oct 10, 22:19

dereckson created this revision.

Harbormaster completed remote builds in B5983: Diff 9652.Fri, Oct 10, 22:19

Complector

$ salt hervil state.apply roles/core/certificates/acmesh test=True
[...]
----------                                                                                                
          ID: /var/certificates/mail.nasqueron.org/key.pem                                                
    Function: file.managed
      Result: True
     Comment: File /var/certificates/mail.nasqueron.org/key.pem not updated
     Started: 22:16:57.301699
    Duration: 1.387 ms
     Changes:   
----------
[...]

dereckson mentioned this in T2132: Propagate acme.sh certificate so Dovecot can read it.Fri, Oct 10, 22:25

Revision Contents
Changeset List

Path

Size

roles/

core/

certificates/

acmesh.sls

11 lines

Diff 9652

View Options

roles/core/certificates/acmesh.sls

Enforce correct attributes for acme.sh private keysNeeds ReviewPublicActions