-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for Contacts #24
Comments
Hello @klewan, Could you help us better understand your use case? Also, when you say Contacts do you mean the Contact structure, like the following?
The best practice on TPP for contacts is to assign them by policy instead of by object (Certificate, etc.), this way the objects created under that policy all inherit the contact. Would this option address your issue? |
Hi, Thanks for your support. |
Thank you for explaining more about your use case @klewan. One of the objectives we have for our open source integrations is to help make it easy for customers follow the best practices for our products. As @rvelaVenafi said, the best practice for TPP is to assign contacts (and permissions) for certificates by policy such that any certificate under the folder has the same "owners". So the way we intended to support your use case is by extending our Certificate Policy Management feature to allow owners to be specified as part of the policy specification and we'll do so in such a way that owners are specified by user/group name instead of by unfriendly UUIDs. When we designed our Certificate Policy Management feature we also understood the challenge you described with creating folders for each team in order to follow our best practices. The good news is that you can still have your user's certificates in a single parent folder because our Certificate Policy Management feature will automatically create any missing folder structure in the |
BUSINESS PROBLEM
Our internal rules for TPP require us to use Contacts property while requesting a certificate.
Would it be possible to add Contacts parameter to the venafi_certificate Ansible module and use it in /vedsdk/Certificates/Request endpoint?
CURRENT ALTERNATIVES
None
The text was updated successfully, but these errors were encountered: