puppetserver-ca 1.11.4 → 1.11.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f87fa83d3ff569fee855447005639494a385d4d01a20d2e32ed88e4a163f2719
-  data.tar.gz: 5b7a864f4a2740c9d86e4de14bf040863fdbe0d865f3b0840a0a043c646c1862
+  metadata.gz: fb0be6c52e215c90fd1859e0a9e3460f08e0a1762f96bd0ffd200b3617879b24
+  data.tar.gz: ee870c87865bca5e5ac1ad1168c4087fc49c6911f0c68503896a42dd153184a0
 SHA512:
-  metadata.gz: e2f557beb7b22e3c216f43f07f3b48eb4f186db777d59568dff0b20dd2e7fd67167fb1b5d37ec14744dbc28bd5f0083807760678dbcad27c96999b759c1dd507
-  data.tar.gz: 7d1f4778efd450240815353c8b144675d5ff54f4508233ffcc0a166381916ace5dda560ab6ef02f240a405b5a2d2d14af7c72be87cb4bbda01ede68fe69a0dcb
+  metadata.gz: 073140413ae3ed5ea3755dca89ed0b2e8bc2db901cb5d3dbcf089367721b003aa68549da569bca706e73cb428bd988318e983117825eb4db0da94ad86f204944
+  data.tar.gz: 31bc27af9474c15261c652568e6b99afd29da33bbc8ad4cfcf4f62eeea215e6c00999d3efeb4a504efa78c4fdcd9a3decb372ebfb33a2d80b3231d3b6722de52

data/lib/puppetserver/ca/action/generate.rb

@@ -26,7 +26,7 @@ Usage:
   puppetserver ca generate [--help]
   puppetserver ca generate --certname NAME[,NAME] [--config PATH]
                            [--subject-alt-names NAME[,NAME]]
-                           [--ca-client]
+                           [--ca-client [--force]]
 
 Description:
   Generates a new certificate signed by the intermediate CA
@@ -75,6 +75,10 @@ BANNER
                     'Causes the cert to be generated offline.') do |ca_client|
               parsed['ca-client'] = true
             end
+            opts.on('--force', 'Suppress errors when signing cert offline.',
+                    "To be used with '--ca-client'") do |force|
+              parsed['force'] = true
+            end
             opts.on('--ttl TTL', 'The time-to-live for each cert generated and signed') do |ttl|
               parsed['ttl'] = ttl
             end
@@ -139,8 +143,21 @@ BANNER
 
           # Generate and save certs and associated keys
           if input['ca-client']
-            # Refused to generate certs offfline if the CA service is running
-            return 1 if HttpClient.check_server_online(puppet.settings, @logger)
+            # Refuse to generate certs offline if the CA service is running
+            begin
+              return 1 if HttpClient.check_server_online(puppet.settings, @logger)
+            rescue Puppetserver::Ca::ConnectionFailed => e
+              base_message = "Could not determine whether Puppet Server is online."
+              if input['force']
+                @logger.inform("#{base_message} Connection check failed with " \
+                  "error: #{e.wrapped}\nContinuing with certificate signing.")
+              else
+                @logger.inform("#{base_message} If you are certain that the " \
+                  "Puppetserver service is stopped, run this command again " \
+                  "with the '--force' flag.")
+                raise e
+              end
+            end
             all_passed = generate_authorized_certs(certnames, alt_names, puppet.settings, signer.digest)
           else
             all_passed = generate_certs(certnames, alt_names, puppet.settings, signer.digest, input['ttl'])

data/lib/puppetserver/ca/action/list.rb

@@ -89,12 +89,23 @@ Options:
           end
 
           if (all || certnames.any?)
-            all_certs = get_certs_or_csrs(puppet.settings).select { |cert| filter_names.call(cert) }
+            found_certs = get_certs_or_csrs(puppet.settings)
+            if found_certs.nil?
+               # nil is different from no certs found
+               @logger.err('Error while getting certificates')
+               return 1
+            end
+            all_certs = found_certs.select { |cert| filter_names.call(cert) }
             requested, signed, revoked = separate_certs(all_certs)
             missing = certnames - all_certs.map { |cert| cert['name'] }
             output_certs_by_state(all, output_format, requested, signed, revoked, missing)
           else
             all_csrs = get_certs_or_csrs(puppet.settings, "requested")
+            if all_csrs.nil?
+               # nil is different from no certs found
+               @logger.err('Error while getting certificate requests')
+               return 1
+            end
             output_certs_by_state(all, output_format, all_csrs)
           end
 
@@ -217,7 +228,7 @@ Options:
           if result
             return JSON.parse(result.body)
           else
-            return []
+            return nil
           end
         end
 

data/lib/puppetserver/ca/version.rb

@@ -1,5 +1,5 @@
 module Puppetserver
   module Ca
-    VERSION = "1.11.4"
+    VERSION = "1.11.7"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppetserver-ca
 version: !ruby/object:Gem::Version
-  version: 1.11.4
+  version: 1.11.7
 platform: ruby
 authors:
 - Puppet, Inc.
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-08-26 00:00:00.000000000 Z
+date: 2022-03-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter
@@ -140,7 +140,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.8
+rubygems_version: 3.0.9
 signing_key: 
 specification_version: 4
 summary: A simple CLI tool for interacting with Puppet Server's Certificate Authority