New option: puppetdb_ssl_crl

[Lavaburn]

Puppet 6 support: The CRL file is required by newer versions of Puppet.

Overview

On Puppet 6.21.1, the following issue is thrown when using PuppetDB with SSL verification: "The CRL is missing from '/tmp/.../var/ssl/crl.pem'

With this option, the CRL file can be copied into the builddir.

Checklist

• REQUIRED: Add new file in lib/octocatalog-diff/cli/options
• REQUIRED: Add corresponding test in spec/octocatalog-diff/tests/cli/options
• OPTIONAL: Add default value in lib/octocatalog-diff/cli.rb
• OPTIONAL: Add configuration example in examples/octocatalog-diff.cfg.rb
• REQUIRED: Add code to implement your option in lib
• REQUIRED: Add corresponding tests for code to implement your option in spec/octocatalog-diff/tests
• OPTIONAL: Add an integration test to test your option in spec/octocatalog-diff/integration

[ahayworth]

Thanks @Lavaburn! Two questions:

1. Do you know which version started requiring a CRL? Could we put that in the docs perhaps?
2. Is there a way we could detect when passing a CRL is required and notify users that they've not passed a needed option?

[Lavaburn]

@ahayworth

1a. I am not sure, as I can't test with older versions, but from what I can see in Puppet code, the error message was introduced in 6.4.0. I have confirmed the issue is present with 6.5.0 - 6.21.1
1b. We could definitely add in the documentation that when using Puppet >= 6 and receiving the following error: "The CRL is missing", this option would be required.
2a. I doubt, the error is thrown by the puppet agent. There is probably an obscure option to disable this requirement, so just relying on the Puppet version would be "overkill".
2b. You could issue a debug notice when the option is not used and the agent is version >= 6.4.0.

[ahayworth]

That all makes sense! If you want to just update the PR with a documentation note, I think that will suffice. :)

[DLeich]

Just wanted to note that I see this issue still present in Puppet 7 (7.13.1 to be exact). What's needed to push this pull request along? Without this, octocatalog-diff is not usable for modern versions of Puppet.

[claviola]

just stumbled upon this as well. @ahayworth is there something still pending?

[ahayworth]

@claviola the PR was previously stalled on documentation:

That all makes sense! If you want to just update the PR with a documentation note, I think that will suffice. :)

However, we could probably move forward with this regardless. Unfortunately, I am no longer an admin on this repo since I left GitHub. I know @claytono was recently moving some of my previous responsibilities (around RubyGems) - perhaps he would be kind enough to pass this along to the current maintainer of octocatalog-diff?

[claytono]

@ahayworth I pinged the folks I believe are the current owners.

[ahayworth]

@claytono Thank you kindly, I appreciate it!

[claviola]

@claviola the PR was previously stalled on documentation:

Thanks! I noticed that you had asked for more in regards to docs, but I was wondering where, because I'd also gladly jump in on that. I don't have a lot of experience with Ruby but I'd love to get this in shape for current versions of Puppet at least.

[anth1y]

this is awesome and thank you all for your work here... @claytono & @ahayworth thank you for the heads up. I'll get this merged shortly...

[claviola]

hi @anth1y! is there anything one can help you with to get this through?

[anth1y]

Apologies @claviola I let this slip through I'll get this on my todo for this week

[anth1y]

apologies for getting back to this soo late. It looks like I dont have write access

[iheartski]

Any updates on the merge??

[ahayworth]

@anth1y were you able to find anyone with access, or to obtain access somehow?

[anth1y]

@anth1y were you able to find anyone with access, or to obtain access somehow?

i somehow got write access