From 5a825f7f6045cea00d94bcebf339c8e2dff5b067 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Thu, 31 Jan 2013 18:31:02 -0500
Subject: update the x509 submodule to get non-root application access to key
 file enhancement put the leap-webapp user in the 'ssl-cert' group pass group
 => 'leap-webapp' to the leap_client_ca.key so the application can access it

---
 puppet/modules/site_webapp/manifests/client_ca.pp | 1 +
 puppet/modules/site_webapp/manifests/init.pp      | 1 +
 puppet/modules/x509                               | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'puppet')

diff --git a/puppet/modules/site_webapp/manifests/client_ca.pp b/puppet/modules/site_webapp/manifests/client_ca.pp
index 53c49d69..0d9b15d6 100644
--- a/puppet/modules/site_webapp/manifests/client_ca.pp
+++ b/puppet/modules/site_webapp/manifests/client_ca.pp
@@ -13,6 +13,7 @@ class site_webapp::client_ca {
   x509::key {
     'leap_client_ca':
       source => $x509['client_ca_key'],
+      group  => 'leap-webapp',
       notify  => Service[apache];
   }
 
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 592241c1..d59cebba 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -27,6 +27,7 @@ class site_webapp {
     ensure    => present,
     allowdupe => false,
     gid       => 'leap-webapp',
+    groups    => 'ssl-cert',
     home      => '/srv/leap-webapp',
     require   => [ Group['leap-webapp'] ];
   }
diff --git a/puppet/modules/x509 b/puppet/modules/x509
index d7a252b7..456212d1 160000
--- a/puppet/modules/x509
+++ b/puppet/modules/x509
@@ -1 +1 @@
-Subproject commit d7a252b77db843e800ed9fc92a56d5214f432026
+Subproject commit 456212d16e55e1299c2d9bfcc7965b40e0318cb4
-- 
cgit v1.2.3