This adds the concept of the CA determining if a given agent CSR can support renewal or not. As a stop-gap, this introspects the x-puppet-version header to check the version of the agent. If it is present, and >= 8.2.0, then it is assumed that the agent supports the feature. Also as a stop-gap, a file is written alongside of the csr to indicate that the agent supports the feature. Future work will be to use this file to choose a short ttl (assuming renewal is enabled), and clean up the temporary file as appropriate.
Additional follow-on work will include leveraging attributes/extensions present in the CSR instead of the version to indicate that the agent supports renewal.
This adds the concept of the CA determining if a given agent CSR can support renewal or not. As a stop-gap, this introspects the x-puppet-version header to check the version of the agent. If it is present, and >= 8.2.0, then it is assumed that the agent supports the feature. Also as a stop-gap, a file is written alongside of the csr to indicate that the agent supports the feature. Future work will be to use this file to choose a short ttl (assuming renewal is enabled), and clean up the temporary file as appropriate.
Additional follow-on work will include leveraging attributes/extensions present in the CSR instead of the version to indicate that the agent supports renewal.
Also as part of this work, the puppet function
versioncmpwas ported into clojure and included. Similar tests to what is found in puppet were added. See https://github.com/puppetlabs/puppet/blob/6b400f35193e5d6871fd679d6ad49776d1cb6072/lib/puppet/util/package.rb#L3