Don't send CA keys to mine Exposing CA keys in a mine creates a security flaw, thus such should be avoided. This change removes code responsible for putting and retrieving CA key from a mine and changes the ca.sls state to allow configuring where CA cert and its key would be generated as well as their owners. Fixes PROD-13439 Change-Id: I6d78b13dcb3754c51606edd7e2d8158e128244a4

commit: 457e5723f1f208281ed5c6d01bd0164903c640ad [log] [tgz]
author: Elena Ezhova <eezhova@mirantis.com> Tue Aug 01 11:32:40 2017 +0400
committer: Elena Ezhova <eezhova@mirantis.com> Wed Aug 09 14:47:21 2017 +0400
tree: f7976eff8eefad3179bccc921ff8134cd8a47bd4
parent: 8d606a9616c175ecf66b66e3212cc652a401a893 [diff] [blame]
diff --git a/tests/pillar/minion_pki_ca.sls b/tests/pillar/minion_pki_ca.sls
index 935014b..d11adbf 100644
--- a/tests/pillar/minion_pki_ca.sls
+++ b/tests/pillar/minion_pki_ca.sls

@@ -44,3 +44,28 @@
           ca_intermediate:
             type: v3_intermediate_ca
             minions: '*'
+      salt-ca-alt:
+        common_name: Alt CA Testing
+        country: Czech
+        state: Prague
+        locality: Cesky Krumlov
+        days_valid:
+          authority: 3650
+          certificate: 90
+        signing_policy:
+          cert_server:
+            type: v3_edge_cert_server
+            minions: '*'
+          cert_client:
+            type: v3_edge_cert_client
+            minions: '*'
+          ca_edge:
+            type: v3_edge_ca
+            minions: '*'
+          ca_intermediate:
+            type: v3_intermediate_ca
+            minions: '*'
+        ca_file: '/etc/test/ca.crt'
+        ca_key_file: '/etc/test/ca.key'
+        user: test
+        group: test
commit	457e5723f1f208281ed5c6d01bd0164903c640ad	[log] [tgz]
author	Elena Ezhova <eezhova@mirantis.com>	Tue Aug 01 11:32:40 2017 +0400
committer	Elena Ezhova <eezhova@mirantis.com>	Wed Aug 09 14:47:21 2017 +0400
tree	f7976eff8eefad3179bccc921ff8134cd8a47bd4
parent	8d606a9616c175ecf66b66e3212cc652a401a893 [diff] [blame]