puppetserver-ca 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -0
- data/lib/puppetserver/ca/cli.rb +2 -2
- data/lib/puppetserver/ca/config_utils.rb +11 -0
- data/lib/puppetserver/ca/{setup_action.rb → import_action.rb} +5 -5
- data/lib/puppetserver/ca/puppet_config.rb +6 -8
- data/lib/puppetserver/ca/puppetserver_config.rb +83 -0
- data/lib/puppetserver/ca/version.rb +1 -1
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f41aeb772961d07711e18252a727800b7962e11a
|
4
|
+
data.tar.gz: ebc595c85433ec3a4c14d2660e0e92237bee3690
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 315814ed7b351eea57fc5620bd08e8e406d6c489a24cc4e0e2e6048844d2ed2ef85260a6fc5c1de8f923f999708aaf0679388b3a23af865f04538f14f6a617e2
|
7
|
+
data.tar.gz: b482951edd70310b07d1aa2a8f988a34bc3a08d3a5ddf75e10799a2b86ad09e0dfd8eee0b683ee0fd665eb90e795c0c422517371dedb68124c49d6544283bec6
|
data/Gemfile
CHANGED
data/lib/puppetserver/ca/cli.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
require 'optparse'
|
2
2
|
require 'puppetserver/ca/version'
|
3
|
-
require 'puppetserver/ca/
|
3
|
+
require 'puppetserver/ca/import_action'
|
4
4
|
require 'puppetserver/ca/logger'
|
5
5
|
|
6
6
|
module Puppetserver
|
@@ -13,7 +13,7 @@ Manage the Private Key Infrastructure for
|
|
13
13
|
Puppet Server's built-in Certificate Authority
|
14
14
|
BANNER
|
15
15
|
|
16
|
-
VALID_ACTIONS = {'
|
16
|
+
VALID_ACTIONS = {'import' => ImportAction}
|
17
17
|
|
18
18
|
ACTION_LIST = "\nAvailable Actions:\n" +
|
19
19
|
VALID_ACTIONS.map do |action, cls|
|
@@ -6,13 +6,13 @@ require 'puppetserver/ca/puppet_config'
|
|
6
6
|
|
7
7
|
module Puppetserver
|
8
8
|
module Ca
|
9
|
-
class
|
9
|
+
class ImportAction
|
10
10
|
|
11
|
-
SUMMARY = "
|
11
|
+
SUMMARY = "Import the CA's key, certs, and crls"
|
12
12
|
BANNER = <<-BANNER
|
13
13
|
Usage:
|
14
|
-
puppetserver ca
|
15
|
-
puppetserver ca
|
14
|
+
puppetserver ca import [--help|--version]
|
15
|
+
puppetserver ca import [--config PATH]
|
16
16
|
--private-key PATH --cert-bundle PATH --crl-chain PATH
|
17
17
|
|
18
18
|
Description:
|
@@ -175,7 +175,7 @@ BANNER
|
|
175
175
|
def self.parser(parsed = {})
|
176
176
|
OptionParser.new do |opts|
|
177
177
|
opts.banner = BANNER
|
178
|
-
opts.on('--help', 'Display this
|
178
|
+
opts.on('--help', 'Display this import specific help output') do |help|
|
179
179
|
parsed['help'] = true
|
180
180
|
end
|
181
181
|
opts.on('--version', 'Output the version') do |v|
|
@@ -1,11 +1,14 @@
|
|
1
|
+
require 'puppetserver/ca/config_utils'
|
1
2
|
|
2
3
|
module Puppetserver
|
3
4
|
module Ca
|
4
|
-
# Provides an interface for asking for Puppet
|
5
|
-
#
|
6
|
-
#
|
5
|
+
# Provides an interface for asking for Puppet settings w/o loading
|
6
|
+
# Puppet. Includes a simple ini parser that will ignore Puppet's
|
7
|
+
# more complicated conventions.
|
7
8
|
class PuppetConfig
|
8
9
|
|
10
|
+
include Puppetserver::Ca::ConfigUtils
|
11
|
+
|
9
12
|
def self.parse(config_path = nil)
|
10
13
|
instance = new(config_path)
|
11
14
|
instance.load
|
@@ -119,16 +122,11 @@ module Puppetserver
|
|
119
122
|
res
|
120
123
|
end
|
121
124
|
|
122
|
-
|
123
125
|
private
|
124
126
|
|
125
127
|
def explicitly_given_config_file_or_default_config_exists?
|
126
128
|
!@using_default_location || File.exist?(@config_path)
|
127
129
|
end
|
128
|
-
|
129
|
-
def running_as_root?
|
130
|
-
!Gem.win_platform? && Process::UID.eid == 0
|
131
|
-
end
|
132
130
|
end
|
133
131
|
end
|
134
132
|
end
|
@@ -0,0 +1,83 @@
|
|
1
|
+
require 'hocon'
|
2
|
+
require 'puppetserver/ca/config_utils'
|
3
|
+
|
4
|
+
module Puppetserver
|
5
|
+
module Ca
|
6
|
+
# Provides an interface for querying Puppetserver settings w/o loading
|
7
|
+
# Puppetserver or any TK config service. Uses the ruby-hocon gem for parsing.
|
8
|
+
class PuppetserverConfig
|
9
|
+
|
10
|
+
include Puppetserver::Ca::ConfigUtils
|
11
|
+
|
12
|
+
def self.parse(config_path = nil)
|
13
|
+
instance = new(config_path)
|
14
|
+
instance.load
|
15
|
+
|
16
|
+
return instance
|
17
|
+
end
|
18
|
+
|
19
|
+
attr_reader :errors, :settings
|
20
|
+
|
21
|
+
def initialize(supplied_config_path = nil)
|
22
|
+
@using_default_location = !supplied_config_path
|
23
|
+
@config_path = supplied_config_path || "/etc/puppetlabs/puppetserver/conf.d/ca.conf"
|
24
|
+
|
25
|
+
@settings = nil
|
26
|
+
@errors = []
|
27
|
+
end
|
28
|
+
|
29
|
+
# Populate this config object with the CA-related settings
|
30
|
+
def load
|
31
|
+
if explicitly_given_config_file_or_default_config_exists?
|
32
|
+
begin
|
33
|
+
results = Hocon.load(@config_path)
|
34
|
+
rescue Hocon::ConfigError => e
|
35
|
+
errors << e.message
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
overrides = results || {}
|
40
|
+
@settings = supply_defaults(overrides).freeze
|
41
|
+
end
|
42
|
+
|
43
|
+
private
|
44
|
+
|
45
|
+
# Return the correct confdir. We check for being root on *nix,
|
46
|
+
# else the user path. We do not include a check for running
|
47
|
+
# as Adminstrator since non-development scenarios for Puppet Server
|
48
|
+
# on Windows are unsupported.
|
49
|
+
# Note that Puppet Server runs as the [pe-]puppet user but to
|
50
|
+
# start/stop it you must be root.
|
51
|
+
def user_specific_ca_dir
|
52
|
+
if running_as_root?
|
53
|
+
'/etc/puppetlabs/puppetserver/ca'
|
54
|
+
else
|
55
|
+
"#{ENV['HOME']}/.puppetlabs/etc/puppetserver/ca"
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
# Supply defaults for any CA settings not present in the config file
|
60
|
+
# @param [Hash] overrides setting names and values loaded from the config file,
|
61
|
+
# for overriding the defaults
|
62
|
+
# @return [Hash] CA-related settings
|
63
|
+
def supply_defaults(overrides = {})
|
64
|
+
ca_settings = overrides['certificate-authority'] || {}
|
65
|
+
settings = {}
|
66
|
+
|
67
|
+
cadir = settings[:cadir] = ca_settings.fetch('cadir', user_specific_ca_dir)
|
68
|
+
|
69
|
+
settings[:cacert] = ca_settings.fetch('cacert', "#{cadir}/ca_crt.pem")
|
70
|
+
settings[:cakey] = ca_settings.fetch('cakey', "#{cadir}/ca_key.pem")
|
71
|
+
settings[:cacrl] = ca_settings.fetch('cacrl', "#{cadir}/ca_crl.pem")
|
72
|
+
settings[:serial] = ca_settings.fetch('serial', "#{cadir}/serial")
|
73
|
+
settings[:cert_inventory] = ca_settings.fetch('cert-inventory', "#{cadir}/inventory.txt")
|
74
|
+
|
75
|
+
return settings
|
76
|
+
end
|
77
|
+
|
78
|
+
def explicitly_given_config_file_or_default_config_exists?
|
79
|
+
!@using_default_location || File.exist?(@config_path)
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppetserver-ca
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Puppet, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-07-
|
11
|
+
date: 2018-07-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -74,9 +74,11 @@ files:
|
|
74
74
|
- exe/puppetserver-ca
|
75
75
|
- lib/puppetserver/ca.rb
|
76
76
|
- lib/puppetserver/ca/cli.rb
|
77
|
+
- lib/puppetserver/ca/config_utils.rb
|
78
|
+
- lib/puppetserver/ca/import_action.rb
|
77
79
|
- lib/puppetserver/ca/logger.rb
|
78
80
|
- lib/puppetserver/ca/puppet_config.rb
|
79
|
-
- lib/puppetserver/ca/
|
81
|
+
- lib/puppetserver/ca/puppetserver_config.rb
|
80
82
|
- lib/puppetserver/ca/stub.rb
|
81
83
|
- lib/puppetserver/ca/version.rb
|
82
84
|
- lib/puppetserver/ca/x509_loader.rb
|