Enh ssl

[twerthi]

Adding ability to use an existing SSL certificate during configuration and create the SSL binding.

[BenAkor]

Looks like a good start. As mentioned in slack, I'm somewhat hesitant on this (though I'm not saying no to it) as while adding this makes some situations easier, it also makes the DSC more complicated to use and maintain.

I'm wondering if we could rely on something in the readme (saying how to use a script task / third party DSC resource)?

Or even, what if we made this change a cOctopusSslCertificate resource of its own? That might be nicest? That will make it nice and self contained from both a maintenance and a usage basis?

I'd definitely like to see some tests around this too.

If this will be difficult to maintain. Could the ForceSSL be adjusted to nullable bool as the AutologinEnabled is set?

[matt-richardson]

If this will be difficult to maintain. Could the ForceSSL be adjusted to nullable bool as the AutologinEnabled is set?

I'm not sure I follow, @BenAkor. I'm not sure how ForceSSL & AutoLoginEnabled related to this PR? Can you expand?

[BenAkor]

If this will be difficult to maintain. Could the ForceSSL be adjusted to nullable bool as the AutologinEnabled is set?

I'm not sure I follow, @BenAkor. I'm not sure how ForceSSL & AutoLoginEnabled related to this PR? Can you expand?

I initiated the need for the Octopus Server DSC resource to install and bind certificate (self-signed or other) in this support forum post. At this time we have a work around to do that. But since the ForceSSL is set to False by default we will always have ForceSSL set to False and then back to True on every run which seems unacceptable for desired state. So by setting a nullable bool on the ForceSSL then it could be set to null by default instead of False. In that case it will not be setting force ssl to false and then to true on every run. Since the ForceSSL needs a certificate bound when set to true and Octopus Server DSC resource does not have bind certificate, the ForceSSL can only be used after the DSC resource runs. Hope this gives you some idea here.

[matt-richardson]

If this will be difficult to maintain. Could the ForceSSL be adjusted to nullable bool as the AutologinEnabled is set?

I'm not sure I follow, @BenAkor. I'm not sure how ForceSSL & AutoLoginEnabled related to this PR? Can you expand?

I initiated the need for the Octopus Server DSC resource to install and bind certificate (self-signed or other) in this support forum post. At this time we have a work around to do that. But since the ForceSSL is set to False by default we will always have ForceSSL set to False and then back to True on every run which seems unacceptable for desired state. So by setting a nullable bool on the ForceSSL then it could be set to null by default instead of False. In that case it will not be setting force ssl to false and then to true on every run. Since the ForceSSL needs a certificate bound when set to true and Octopus Server DSC resource does not have bind certificate, the ForceSSL can only be used after the DSC resource runs. Hope this gives you some idea here.

I don't think I'm clear on why ForceSSL needs to be set to false? What is stopping you from setting it to true? What error messages are you seeing?

Since the ForceSSL needs a certificate bound when set to true I'm really not clear here. It doesn't need a certificate bound?

Looking forward to getting to the bottom of this.

While we're digging into this, did you want to take a look at https://github.com/OctopusDeploy/OctopusDSC/pull/265? This is a bit of a spike to implement the nullable bool as you've requested. Would that work for your scenario?

[twerthi]

Closing this PR as the SSL functionality has been moved to a new DSC resource instead of being included in OctopusServer. Refer to https://github.com/OctopusDeploy/OctopusDSC/pull/267 for the new resource.