Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Contacts #24

Open
klewan opened this issue Mar 23, 2022 · 3 comments
Open

Support for Contacts #24

klewan opened this issue Mar 23, 2022 · 3 comments
Assignees
@ricrodriguezg
Labels
enhancement New feature or request

Comments

@klewan
Copy link

klewan commented Mar 23, 2022

BUSINESS PROBLEM
Our internal rules for TPP require us to use Contacts property while requesting a certificate.
Would it be possible to add Contacts parameter to the venafi_certificate Ansible module and use it in /vedsdk/Certificates/Request endpoint?

CURRENT ALTERNATIVES
None
@klewan klewan added the enhancement New feature or request label Mar 23, 2022
@ricrodriguezg ricrodriguezg self-assigned this Mar 23, 2022
@rvelaVenafi
Copy link
Contributor

Hello @klewan,

Could you help us better understand your use case?
Which version of TPP are you using?

Also, when you say Contacts do you mean the Contact structure, like the following?

          {
            "Prefix": "string",
            "PrefixedName": "string",
            "PrefixedUniversal": "string",
            "Name": "string",
            "FullName": "string",
            "Universal": "string",
            "IsGroup": true,
            "Type": 0,
            "Disabled": true
          }

The best practice on TPP for contacts is to assign them by policy instead of by object (Certificate, etc.), this way the objects created under that policy all inherit the contact.

Would this option address your issue?

@klewan
Copy link
Author

klewan commented Mar 24, 2022

Hi,

Thanks for your support.
I'm referring to Contacts property we may set through /vedsdk/Certificates/Request POST call.
Unfortunately, in our case we cannot use the one assigned to the policy, since we have one policy and certificates are requested by different teams. Each team is responsible for their own certificates life cycle and, therefore, we need contact persons be assigned to the certificates directly.

@tr1ck3r
Copy link
Member

tr1ck3r commented Mar 28, 2022

Thank you for explaining more about your use case @klewan. One of the objectives we have for our open source integrations is to help make it easy for customers follow the best practices for our products. As @rvelaVenafi said, the best practice for TPP is to assign contacts (and permissions) for certificates by policy such that any certificate under the folder has the same "owners". So the way we intended to support your use case is by extending our Certificate Policy Management feature to allow owners to be specified as part of the policy specification and we'll do so in such a way that owners are specified by user/group name instead of by unfriendly UUIDs.

When we designed our Certificate Policy Management feature we also understood the challenge you described with creating folders for each team in order to follow our best practices. The good news is that you can still have your user's certificates in a single parent folder because our Certificate Policy Management feature will automatically create any missing folder structure in the zone you specify. Each team will get their own folder containing the certificates that they own and once we've implemented the enhancement to assign owners by policy those will be set on their folder.

@tr1ck3r tr1ck3r mentioned this issue Mar 28, 2022
Open
@maelvls maelvls mentioned this issue Apr 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ricrodriguezg ricrodriguezg

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tr1ck3r @klewan @rvelaVenafi @ricrodriguezg