puppetserver-ca 0.7.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4aae686f8f63d4fb8c675758fd9c910f8608187a
|
|
4
|
+
data.tar.gz: 36404974656f555dbd6253aaa6a5792b9b3b0069
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4f43caf76164963786227c950886504fa2d3c7ffa583228cbe82256bca53c8a6867ba7c7cb3278bc604e3730f79dcb934146a22bd209642aa1a347fb5ea86811
|
|
7
|
+
data.tar.gz: 98b4178cadbc8ec770585a97b5ce9d44a770956d5d85b839cc5553962a1377998853b93a67378519577a13f032cf1ac6bd954641dab013fbeedd480b9e369944
|
|
@@ -87,9 +87,15 @@ BANNER
|
|
|
87
87
|
puppet = Config::Puppet.parse(config)
|
|
88
88
|
return 1 if CliParsing.handle_errors(@logger, puppet.errors)
|
|
89
89
|
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
90
|
+
result = clean_certs(certnames, puppet.settings)
|
|
91
|
+
case result
|
|
92
|
+
when :success
|
|
93
|
+
return 0
|
|
94
|
+
when :invalid
|
|
95
|
+
return 24
|
|
96
|
+
when :not_found, :error
|
|
97
|
+
return 1
|
|
98
|
+
end
|
|
93
99
|
end
|
|
94
100
|
|
|
95
101
|
def clean_certs(certnames, settings)
|
|
@@ -86,9 +86,16 @@ BANNER
|
|
|
86
86
|
puppet = Config::Puppet.parse(config)
|
|
87
87
|
return 1 if CliParsing.handle_errors(@logger, puppet.errors)
|
|
88
88
|
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
89
|
+
result = revoke_certs(certnames, puppet.settings)
|
|
90
|
+
|
|
91
|
+
case result
|
|
92
|
+
when :success
|
|
93
|
+
return 0
|
|
94
|
+
when :invalid
|
|
95
|
+
return 24
|
|
96
|
+
when :not_found, :error
|
|
97
|
+
return 1
|
|
98
|
+
end
|
|
92
99
|
end
|
|
93
100
|
|
|
94
101
|
def revoke_certs(certnames, settings)
|
|
@@ -18,31 +18,49 @@ module Puppetserver
|
|
|
18
18
|
@ca_port = settings[:ca_port]
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
+
def worst_result(previous_result, current_result)
|
|
22
|
+
%i{success invalid not_found error}.each do |state|
|
|
23
|
+
if previous_result == state
|
|
24
|
+
return current_result
|
|
25
|
+
elsif current_result == state
|
|
26
|
+
return previous_result
|
|
27
|
+
else
|
|
28
|
+
next
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
21
33
|
# Returns a URI-like wrapper around CA specific urls
|
|
22
34
|
def make_ca_url(resource_type = nil, certname = nil)
|
|
23
35
|
HttpClient::URL.new('https', @ca_server, @ca_port, 'puppet-ca', 'v1', resource_type, certname)
|
|
24
36
|
end
|
|
25
37
|
|
|
26
38
|
def sign_certs(certnames)
|
|
27
|
-
put(certnames,
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
39
|
+
results = put(certnames,
|
|
40
|
+
resource_type: 'certificate_status',
|
|
41
|
+
body: SIGN_BODY,
|
|
42
|
+
type: :sign)
|
|
43
|
+
|
|
44
|
+
results.all? {|result| result == :success }
|
|
31
45
|
end
|
|
32
46
|
|
|
33
47
|
def revoke_certs(certnames)
|
|
34
|
-
put(certnames,
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
48
|
+
results = put(certnames,
|
|
49
|
+
resource_type: 'certificate_status',
|
|
50
|
+
body: REVOKE_BODY,
|
|
51
|
+
type: :revoke)
|
|
52
|
+
|
|
53
|
+
results.reduce {|prev, curr| worst_result(prev, curr) }
|
|
38
54
|
end
|
|
39
55
|
|
|
40
56
|
def submit_certificate_request(certname, csr)
|
|
41
|
-
put([certname],
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
57
|
+
results = put([certname],
|
|
58
|
+
resource_type: 'certificate_request',
|
|
59
|
+
body: csr.to_pem,
|
|
60
|
+
headers: {'Content-Type' => 'text/plain'},
|
|
61
|
+
type: :submit)
|
|
62
|
+
|
|
63
|
+
results.all? {|result| result == :success }
|
|
46
64
|
end
|
|
47
65
|
|
|
48
66
|
# Make an HTTP PUT request to CA
|
|
@@ -60,8 +78,6 @@ module Puppetserver
|
|
|
60
78
|
process_results(type, certname, result)
|
|
61
79
|
end
|
|
62
80
|
end
|
|
63
|
-
|
|
64
|
-
results.all?
|
|
65
81
|
end
|
|
66
82
|
|
|
67
83
|
# logs the action and returns true/false for success
|
|
@@ -71,45 +87,49 @@ module Puppetserver
|
|
|
71
87
|
case result.code
|
|
72
88
|
when '204'
|
|
73
89
|
@logger.inform "Successfully signed certificate request for #{certname}"
|
|
74
|
-
return
|
|
90
|
+
return :success
|
|
75
91
|
when '404'
|
|
76
92
|
@logger.err 'Error:'
|
|
77
93
|
@logger.err " Could not find certificate request for #{certname}"
|
|
78
|
-
return
|
|
94
|
+
return :not_found
|
|
79
95
|
else
|
|
80
96
|
@logger.err 'Error:'
|
|
81
97
|
@logger.err " When attempting to sign certificate request '#{certname}', received"
|
|
82
98
|
@logger.err " code: #{result.code}"
|
|
83
99
|
@logger.err " body: #{result.body.to_s}" if result.body
|
|
84
|
-
return
|
|
100
|
+
return :error
|
|
85
101
|
end
|
|
86
102
|
when :revoke
|
|
87
103
|
case result.code
|
|
88
104
|
when '200', '204'
|
|
89
105
|
@logger.inform "Revoked certificate for #{certname}"
|
|
90
|
-
return
|
|
106
|
+
return :success
|
|
91
107
|
when '404'
|
|
92
108
|
@logger.err 'Error:'
|
|
93
109
|
@logger.err " Could not find certificate for #{certname}"
|
|
94
|
-
return
|
|
110
|
+
return :not_found
|
|
111
|
+
when '409'
|
|
112
|
+
@logger.err 'Error:'
|
|
113
|
+
@logger.err " Could not revoke unsigned csr for #{certname}"
|
|
114
|
+
return :invalid
|
|
95
115
|
else
|
|
96
116
|
@logger.err 'Error:'
|
|
97
117
|
@logger.err " When attempting to revoke certificate '#{certname}', received:"
|
|
98
118
|
@logger.err " code: #{result.code}"
|
|
99
119
|
@logger.err " body: #{result.body.to_s}" if result.body
|
|
100
|
-
return
|
|
120
|
+
return :error
|
|
101
121
|
end
|
|
102
122
|
when :submit
|
|
103
123
|
case result.code
|
|
104
124
|
when '200', '204'
|
|
105
125
|
@logger.inform "Successfully submitted certificate request for #{certname}"
|
|
106
|
-
return
|
|
126
|
+
return :success
|
|
107
127
|
else
|
|
108
128
|
@logger.err 'Error:'
|
|
109
129
|
@logger.err " When attempting to submit certificate request for '#{certname}', received:"
|
|
110
130
|
@logger.err " code: #{result.code}"
|
|
111
131
|
@logger.err " body: #{result.body.to_s}" if result.body
|
|
112
|
-
return
|
|
132
|
+
return :error
|
|
113
133
|
end
|
|
114
134
|
end
|
|
115
135
|
end
|
|
@@ -132,11 +152,24 @@ module Puppetserver
|
|
|
132
152
|
cleaned = check_clean(certname, clean_result)
|
|
133
153
|
end
|
|
134
154
|
|
|
135
|
-
|
|
155
|
+
if revoked == :error || cleaned != :success
|
|
156
|
+
:error
|
|
157
|
+
|
|
158
|
+
# If we get passed the first conditional we know that
|
|
159
|
+
# cleaned must == :success and revoked must be one of
|
|
160
|
+
# :invalid, :not_found, or :success. We'll treat both
|
|
161
|
+
# :not_found and :success of revocation here as successes.
|
|
162
|
+
# However we'll treat invalid's specially.
|
|
163
|
+
elsif revoked == :invalid
|
|
164
|
+
:invalid
|
|
165
|
+
|
|
166
|
+
else
|
|
167
|
+
:success
|
|
168
|
+
end
|
|
136
169
|
end
|
|
137
170
|
end
|
|
138
171
|
|
|
139
|
-
return results.
|
|
172
|
+
return results.reduce {|prev, curr| worst_result(prev, curr) }
|
|
140
173
|
end
|
|
141
174
|
|
|
142
175
|
# possibly logs the action, always returns a status symbol 👑
|
|
@@ -145,6 +178,8 @@ module Puppetserver
|
|
|
145
178
|
when '200', '204'
|
|
146
179
|
@logger.inform "Revoked certificate for #{certname}"
|
|
147
180
|
return :success
|
|
181
|
+
when '409'
|
|
182
|
+
return :invalid
|
|
148
183
|
when '404'
|
|
149
184
|
return :not_found
|
|
150
185
|
else
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: puppetserver-ca
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Puppet, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-09-
|
|
11
|
+
date: 2018-09-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: facter
|