credhub
credhub copied to clipboard
cloudfoundry
[Bug] Creating a new version of a certificate does not set flag `certificate_authority` properly
What version of the credhub server you are using? 2.9.0
What version of the credhub cli you are using? 2.9.0
If you were attempting to accomplish a task, what was it you were attempting to do?
I was attempting to replace/update a CA certificate with one coming from an external PKI. In order to do so, I used the endpoint POST api/v1/certificates/<ca_id>/versions to create a new version of the certificate.
What did you expect to happen?
When using the previously mentioned endpoint I expect that the new CA certificate is imported with the flags transitional as well as certificate_authority set to true.
What was the actual behavior?
When using this endpoint, the transitional flag is set properly, however the certificate_authority flag is always set to false and cannot be changed.
Steps to reproduce:
- generate a CA /my-ca
- use the api/v1//certificate endpoint to GET /my-ca and see that certificate_authority: true
- use api/v1/certificate endpoint to create a new version of /my-ca with some CA data, and receive a response where certificate_authority: false
- use the api/v1/certificate endpoint to GET /my-ca and see that certificate_authority: false
This issue was already discussed in slack with more information that can be found there: https://cloudfoundry.slack.com/archives/C3EN0BFC0/p1622027604005700
Please confirm where necessary:
- [ ] I have included a log output
- [ ] My log includes an error message
- [x] I have included steps for reproduction
If you are a PCF customer with an Operation Manager (PCF Ops Manager) please direct your questions to support (https://support.pivotal.io/)
We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/178534707
The labels on this github issue will be updated when the story is started.
FYI, we do still have this sitting on a large backlog of stories to work on.
