update the x509 submodule to get non-root application access to key file enhancement

put the leap-webapp user in the 'ssl-cert' group pass group => 'leap-webapp' to the leap_client_ca.key so the application can access it
author: Micah Anderson <micah@riseup.net> 2013-01-31 18:31:02 -0500
committer: Micah Anderson <micah@riseup.net> 2013-01-31 18:31:02 -0500
commit: 5a825f7f6045cea00d94bcebf339c8e2dff5b067 (patch)
tree: d0d2b0438ddace8a22366c4f6202e7ef86a4a3b7
parent: c4805af340ae63e9129696e0c96f9896417eb9c4 (diff)
3 files changed, 2 insertions, 0 deletions
diff --git a/puppet/modules/site_webapp/manifests/client_ca.pp b/puppet/modules/site_webapp/manifests/client_ca.pp
index 53c49d69..0d9b15d6 100644
--- a/puppet/modules/site_webapp/manifests/client_ca.pp
+++ b/puppet/modules/site_webapp/manifests/client_ca.pp
@@ -13,6 +13,7 @@ class site_webapp::client_ca {
   x509::key {
     'leap_client_ca':
       source => $x509['client_ca_key'],
+      group  => 'leap-webapp',
       notify  => Service[apache];
   }
 
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 592241c1..d59cebba 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -27,6 +27,7 @@ class site_webapp {
     ensure    => present,
     allowdupe => false,
     gid       => 'leap-webapp',
+    groups    => 'ssl-cert',
     home      => '/srv/leap-webapp',
     require   => [ Group['leap-webapp'] ];
   }
diff --git a/puppet/modules/x509 b/puppet/modules/x509
-Subproject d7a252b77db843e800ed9fc92a56d5214f43202
+Subproject 456212d16e55e1299c2d9bfcc7965b40e0318cb
author	Micah Anderson <micah@riseup.net>	2013-01-31 18:31:02 -0500
committer	Micah Anderson <micah@riseup.net>	2013-01-31 18:31:02 -0500
commit	5a825f7f6045cea00d94bcebf339c8e2dff5b067 (patch)
tree	d0d2b0438ddace8a22366c4f6202e7ef86a4a3b7
parent	c4805af340ae63e9129696e0c96f9896417eb9c4 (diff)