puppetserver-ca 0.7.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1d0f3441468d38c6a0385a7c2ed7e3056e9e7407
4
- data.tar.gz: 84e643ade9ca258be16166e16b1577dd454ec9f8
3
+ metadata.gz: 4aae686f8f63d4fb8c675758fd9c910f8608187a
4
+ data.tar.gz: 36404974656f555dbd6253aaa6a5792b9b3b0069
5
5
  SHA512:
6
- metadata.gz: 6dd35a352ff2ca7aec331efd573781224471e03efcd451fd35d5c13416b6f2d2cceec34339d0ff9016840a77af321b9821d6fff1f2d6d42a568316786b8e19bd
7
- data.tar.gz: 6e460d0db0cf328e17968950741eade841198ce165e306b5ca07e81343d1c29045b3baab88ce0be78c90c3a50c969fc4323c6e626f195814bd7fba6f08707e78
6
+ metadata.gz: 4f43caf76164963786227c950886504fa2d3c7ffa583228cbe82256bca53c8a6867ba7c7cb3278bc604e3730f79dcb934146a22bd209642aa1a347fb5ea86811
7
+ data.tar.gz: 98b4178cadbc8ec770585a97b5ce9d44a770956d5d85b839cc5553962a1377998853b93a67378519577a13f032cf1ac6bd954641dab013fbeedd480b9e369944
@@ -87,9 +87,15 @@ BANNER
87
87
  puppet = Config::Puppet.parse(config)
88
88
  return 1 if CliParsing.handle_errors(@logger, puppet.errors)
89
89
 
90
- passed = clean_certs(certnames, puppet.settings)
91
-
92
- return passed ? 0 : 1
90
+ result = clean_certs(certnames, puppet.settings)
91
+ case result
92
+ when :success
93
+ return 0
94
+ when :invalid
95
+ return 24
96
+ when :not_found, :error
97
+ return 1
98
+ end
93
99
  end
94
100
 
95
101
  def clean_certs(certnames, settings)
@@ -86,9 +86,16 @@ BANNER
86
86
  puppet = Config::Puppet.parse(config)
87
87
  return 1 if CliParsing.handle_errors(@logger, puppet.errors)
88
88
 
89
- passed = revoke_certs(certnames, puppet.settings)
90
-
91
- return passed ? 0 : 1
89
+ result = revoke_certs(certnames, puppet.settings)
90
+
91
+ case result
92
+ when :success
93
+ return 0
94
+ when :invalid
95
+ return 24
96
+ when :not_found, :error
97
+ return 1
98
+ end
92
99
  end
93
100
 
94
101
  def revoke_certs(certnames, settings)
@@ -18,31 +18,49 @@ module Puppetserver
18
18
  @ca_port = settings[:ca_port]
19
19
  end
20
20
 
21
+ def worst_result(previous_result, current_result)
22
+ %i{success invalid not_found error}.each do |state|
23
+ if previous_result == state
24
+ return current_result
25
+ elsif current_result == state
26
+ return previous_result
27
+ else
28
+ next
29
+ end
30
+ end
31
+ end
32
+
21
33
  # Returns a URI-like wrapper around CA specific urls
22
34
  def make_ca_url(resource_type = nil, certname = nil)
23
35
  HttpClient::URL.new('https', @ca_server, @ca_port, 'puppet-ca', 'v1', resource_type, certname)
24
36
  end
25
37
 
26
38
  def sign_certs(certnames)
27
- put(certnames,
28
- resource_type: 'certificate_status',
29
- body: SIGN_BODY,
30
- type: :sign)
39
+ results = put(certnames,
40
+ resource_type: 'certificate_status',
41
+ body: SIGN_BODY,
42
+ type: :sign)
43
+
44
+ results.all? {|result| result == :success }
31
45
  end
32
46
 
33
47
  def revoke_certs(certnames)
34
- put(certnames,
35
- resource_type: 'certificate_status',
36
- body: REVOKE_BODY,
37
- type: :revoke)
48
+ results = put(certnames,
49
+ resource_type: 'certificate_status',
50
+ body: REVOKE_BODY,
51
+ type: :revoke)
52
+
53
+ results.reduce {|prev, curr| worst_result(prev, curr) }
38
54
  end
39
55
 
40
56
  def submit_certificate_request(certname, csr)
41
- put([certname],
42
- resource_type: 'certificate_request',
43
- body: csr.to_pem,
44
- headers: {'Content-Type' => 'text/plain'},
45
- type: :submit)
57
+ results = put([certname],
58
+ resource_type: 'certificate_request',
59
+ body: csr.to_pem,
60
+ headers: {'Content-Type' => 'text/plain'},
61
+ type: :submit)
62
+
63
+ results.all? {|result| result == :success }
46
64
  end
47
65
 
48
66
  # Make an HTTP PUT request to CA
@@ -60,8 +78,6 @@ module Puppetserver
60
78
  process_results(type, certname, result)
61
79
  end
62
80
  end
63
-
64
- results.all?
65
81
  end
66
82
 
67
83
  # logs the action and returns true/false for success
@@ -71,45 +87,49 @@ module Puppetserver
71
87
  case result.code
72
88
  when '204'
73
89
  @logger.inform "Successfully signed certificate request for #{certname}"
74
- return true
90
+ return :success
75
91
  when '404'
76
92
  @logger.err 'Error:'
77
93
  @logger.err " Could not find certificate request for #{certname}"
78
- return false
94
+ return :not_found
79
95
  else
80
96
  @logger.err 'Error:'
81
97
  @logger.err " When attempting to sign certificate request '#{certname}', received"
82
98
  @logger.err " code: #{result.code}"
83
99
  @logger.err " body: #{result.body.to_s}" if result.body
84
- return false
100
+ return :error
85
101
  end
86
102
  when :revoke
87
103
  case result.code
88
104
  when '200', '204'
89
105
  @logger.inform "Revoked certificate for #{certname}"
90
- return true
106
+ return :success
91
107
  when '404'
92
108
  @logger.err 'Error:'
93
109
  @logger.err " Could not find certificate for #{certname}"
94
- return false
110
+ return :not_found
111
+ when '409'
112
+ @logger.err 'Error:'
113
+ @logger.err " Could not revoke unsigned csr for #{certname}"
114
+ return :invalid
95
115
  else
96
116
  @logger.err 'Error:'
97
117
  @logger.err " When attempting to revoke certificate '#{certname}', received:"
98
118
  @logger.err " code: #{result.code}"
99
119
  @logger.err " body: #{result.body.to_s}" if result.body
100
- return false
120
+ return :error
101
121
  end
102
122
  when :submit
103
123
  case result.code
104
124
  when '200', '204'
105
125
  @logger.inform "Successfully submitted certificate request for #{certname}"
106
- return true
126
+ return :success
107
127
  else
108
128
  @logger.err 'Error:'
109
129
  @logger.err " When attempting to submit certificate request for '#{certname}', received:"
110
130
  @logger.err " code: #{result.code}"
111
131
  @logger.err " body: #{result.body.to_s}" if result.body
112
- return false
132
+ return :error
113
133
  end
114
134
  end
115
135
  end
@@ -132,11 +152,24 @@ module Puppetserver
132
152
  cleaned = check_clean(certname, clean_result)
133
153
  end
134
154
 
135
- cleaned == :success && [:success, :not_found].include?(revoked)
155
+ if revoked == :error || cleaned != :success
156
+ :error
157
+
158
+ # If we get passed the first conditional we know that
159
+ # cleaned must == :success and revoked must be one of
160
+ # :invalid, :not_found, or :success. We'll treat both
161
+ # :not_found and :success of revocation here as successes.
162
+ # However we'll treat invalid's specially.
163
+ elsif revoked == :invalid
164
+ :invalid
165
+
166
+ else
167
+ :success
168
+ end
136
169
  end
137
170
  end
138
171
 
139
- return results.all?
172
+ return results.reduce {|prev, curr| worst_result(prev, curr) }
140
173
  end
141
174
 
142
175
  # possibly logs the action, always returns a status symbol 👑
@@ -145,6 +178,8 @@ module Puppetserver
145
178
  when '200', '204'
146
179
  @logger.inform "Revoked certificate for #{certname}"
147
180
  return :success
181
+ when '409'
182
+ return :invalid
148
183
  when '404'
149
184
  return :not_found
150
185
  else
@@ -1,5 +1,5 @@
1
1
  module Puppetserver
2
2
  module Ca
3
- VERSION = "0.7.0"
3
+ VERSION = "1.0.0"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puppetserver-ca
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Puppet, Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-09-12 00:00:00.000000000 Z
11
+ date: 2018-09-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: facter