add ability to provide an untrusted cert to snapped MAAS
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Invalid
|
Undecided
|
Unassigned | ||
snapd |
Fix Released
|
Low
|
Unassigned |
Bug Description
MAAS 2.8/stable 2.8.2-8577-
Currently, there is no way to natively add an untrusted CA to MAAS without unpacking/repacking the entire snap and manually adding the certificate.
The use case for this is, if a user is attempting to talk to a UCS Manager API that is using either self-signed or privately signed certificate and has SSL redirect enabled, then MAAS will error attempting to talk to this API URL.
In a deb packaged MAAS scenario, a user simply adds the cert to /usr/local/
There should be an ability to "drop in" a certificate somewhere in the confined space (/var/snap/maas/) so that there is no need to unpack/repack the snap.
Changed in snapd: | |
status: | Triaged → Incomplete |
Changed in maas: | |
status: | Incomplete → New |
importance: | Wishlist → Undecided |
As a suggestion: RBAC snap could be configured in the following way:
sudo snap set canonical-rbac ssl.ca="$(cat /path/to/ self/signed/ CA.crt cat /path/to/ self/signed/ intermediate_ CA.crt) "
Could we re-use the same approach to inject custom CA certs into the MAAS snap?