Entrust cagw certificate #671
Conversation
Add new module to community.crypto for Entrust CA Gateway that support Entrust and other private/public PKIs. These are the integration tests for the same
New module added to perform certificate requests and management via Certificate Authorities supported by Entrust CAGW
Docs Build 📝This PR is closed and any previously published docsite has been unpublished. |
There was a problem hiding this comment.
Thanks for your contribution! Please check out the failed sanity tests, they point out several code formating problems that need to be fixed. I've added some first comments, mostly on the documentation. The docs comments often apply to multiple places, I pointed out the most important ones I spotted so you can go through all documentation to update it accordingly.
| - request type i.e. new (stands for enrollment), get (stands for get certificate), action (stands for action to be taken on the certificate) | ||
| type: str | ||
| choices: [ 'new', 'action', 'get' ] | ||
| required: true |
There was a problem hiding this comment.
The UX might be cleaner if you have multiple modules for these operations. Like entrust_cagw_certificate_info for getting a certificate, entrust_cagw_certificate for creating a new one, and entrust_cagw_certificate_action for applying an action.
There was a problem hiding this comment.
I have done this mapping vis-a-vis the certificate module within the Entrust CA Gateway where the operations i.e. new, action, and get are like crud operations on an entity i.e. certificate. I can break the module but that will be slightly mis-aligned with the CAGW API specs. Do you see this as a must have?
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
|
@felixfontein I incorporated all of your comments and fixed other indentation related issues. |
@felixfontein I figured it out and fixed this problem. This problem was because of unused imports. Thanks.. |
|
@felixfontein / maintaineres: hold on merging please, potential partner joining and I don't to merge this just for it to be pulled out in another PR for certification. |
|
I would suggest to mark PRs that should maybe not merged as a draft the next time. I've done so now. |
|
Any news on this? |
@felixfontein I am working with RedHat channel partner to push it as a collection instead of making it as community.crypto module |
|
@sapnajainEntrust ok. In that case, would you mind closing this PR? If this isn't going to be merged in the community.crypto collection there's no reason to keep it open. |
|
@felixfontein I am closing this. |
SUMMARY
I am trying to add a new module for the crypto collection i.e. entrust_cagw_certificate and the purpose of the module is to be able to request private/public PKI certs from CAs like Entrust Security Manager, Entrust PKIaaS, Entrust SSL CA, and third party CAs like Microsoft.
This is how it is different from the existing Entrust plugin ecs_certificate within the community crypto collection -
Unlike ECS, this plugin can issue certs from both public and private Certificate Authorities supported by CAGW.
Entrust CA Gateway(CAGW) provides a REST based interface that talks to different Certificate Authorities as mentioned above and this new module is supposed to interact with CAGW over API interface.
I am at a point where I have been able to code complete the module, test with different CAs and even have my integration test suite ready.
ISSUE TYPE
Feature Idea
COMPONENT NAME
entrust_cagw_certificate
ADDITIONAL INFORMATION
entrust_cagw_certificate:
path: '{{ output_cert_path }}'
csr: '{{ csr_path }}'
host: '{{ entrust_host }}'
port: '{{ entrust_port }}'
certificate_authority_id: '{{ ca_id }}'
certificate_profile_id: '{{ cert_profile_id }}'
cagw_api_client_cert_path: '{{ entrust_cagw_api_cert }}'
cagw_api_client_cert_key_path: '{{ entrust_cagw_api_cert_key }}'
cagw_api_specification_path: '{{ cagw_api_specification_path }}'
request_type: '{{ request_type }}'
enrollment_format: '{{ enrollment_format }}'
connector_name: SM
force: '{{ force }}'
validate_certs: '{{ validate_certs }}'