457e5723f1f208281ed5c6d01bd0164903c640ad - salt-formulas/salt

commit	457e5723f1f208281ed5c6d01bd0164903c640ad	[log] [tgz]
author	Elena Ezhova <eezhova@mirantis.com>	Tue Aug 01 11:32:40 2017 +0400
committer	Elena Ezhova <eezhova@mirantis.com>	Wed Aug 09 14:47:21 2017 +0400
tree	f7976eff8eefad3179bccc921ff8134cd8a47bd4
parent	8d606a9616c175ecf66b66e3212cc652a401a893 [diff]

Don't send CA keys to mine

Exposing CA keys in a mine creates a security flaw, thus such
should be avoided.
This change removes code responsible for putting and retrieving
CA key from a mine and changes the ca.sls state to allow configuring
where CA cert and its key would be generated as well as their owners.

Fixes PROD-13439

Change-Id: I6d78b13dcb3754c51606edd7e2d8158e128244a4

salt/meta/salt.yml[diff]
salt/minion/ca.sls[diff]
salt/minion/cert.sls[diff]
tests/pillar/minion_pki_ca.sls[diff]
tests/pillar/minion_pki_cert.sls[diff]

5 files changed

tree: f7976eff8eefad3179bccc921ff8134cd8a47bd4

_modules/
_returners/
debian/
metadata/
salt/
tests/
.gitignore
.kitchen.yml
.travis.yml
CHANGELOG.rst
LICENSE
Makefile
metadata.yml
README.rst
VERSION