diff --git a/pkg/playbook/app/domain/installation.go b/pkg/playbook/app/domain/installation.go index 6b4fadc8..5a73f40c 100644 --- a/pkg/playbook/app/domain/installation.go +++ b/pkg/playbook/app/domain/installation.go @@ -32,8 +32,10 @@ const ( capiLocationLocalMachine = "localmachine" ) -var validStoreNames = []string{"addressbook", "authroot", "certificateauthority", "disallowed", "my", "root", - "trustedpeople", "trustedpublisher"} +// Recommend removing store validation - this can cause conflicts for scenarios such as SNI: +// https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability +// var validStoreNames = []string{"addressbook", "authroot", "certificateauthority", "disallowed", "my", "root", +// "trustedpeople", "trustedpublisher"} // Installation represents a location in which a certificate will be installed, // along with the format in which it will be installed @@ -128,17 +130,20 @@ func validateCAPI(installation Installation) error { // valid store names from https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.storename?view=net-7.0 // Although it is unlikely that you'd want to install a certificate and private key in anything but "my", here for completeness - isValidStoreName := false - for _, v := range validStoreNames { - if v == strings.ToLower(segments[1]) { - isValidStoreName = true - break - } - } - if !isValidStoreName { - return ErrInvalidCAPIStoreName - } + // Removing validation check. Web Hosting is a common CAPI store location specifically designed to scale for IIS installations using a large number of certificates: + // https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability + // isValidStoreName := false + // for _, v := range validStoreNames { + // if v == strings.ToLower(segments[1]) { + // isValidStoreName = true + // break + // } + // } + + // if !isValidStoreName { + // return ErrInvalidCAPIStoreName + // } return nil } diff --git a/pkg/playbook/app/domain/playbook_test.go b/pkg/playbook/app/domain/playbook_test.go index fe868bbc..f27d28f8 100644 --- a/pkg/playbook/app/domain/playbook_test.go +++ b/pkg/playbook/app/domain/playbook_test.go @@ -505,25 +505,27 @@ func (s *PlaybookSuite) SetupTest() { }, }, }, - { - err: ErrInvalidCAPIStoreName, - name: "InvalidCAPIStoreName", - pb: Playbook{ - Config: config, - CertificateTasks: CertificateTasks{ - CertificateTask{ - Name: "testTask", - Request: req, - Installations: Installations{ - Installation{ - Type: FormatCAPI, - Location: "LocalMachine\\foo", - }, - }, - }, - }, - }, - }, + // Removing to facilitate changes referenced in installation.go: + // https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability + // { + // err: ErrInvalidCAPIStoreName, + // name: "InvalidCAPIStoreName", + // pb: Playbook{ + // Config: config, + // CertificateTasks: CertificateTasks{ + // CertificateTask{ + // Name: "testTask", + // Request: req, + // Installations: Installations{ + // Installation{ + // Type: FormatCAPI, + // Location: "LocalMachine\\foo", + // }, + // }, + // }, + // }, + // }, + // }, { err: nil, name: "ValidCAPIConfig",