puppetserver-ca 2.3.3 → 2.3.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 145cb62d733040dca7ad410a86146e0a0c82c29746a2c7de392004ad98737ed5
-  data.tar.gz: bd0db987a4af957208395f53134c3d59ab45f3c76d2e5d4205b589b75b1b9873
+  metadata.gz: 752967f94498efd749219a41bd66937700a3d9118847ab4bdccb3029abe993d9
+  data.tar.gz: 3207d8be773911373ceec30ad9153416ff869060aec1dc9288340bd2bc2bb3d1
 SHA512:
-  metadata.gz: d5ec57e3cfd1d2947521b50a2923892452f25c4ae43c0daa45e9a0ba17ebd969431933f17d71866ff8e9e15bcdeb633c754084c618ea8bd2b1891ae0438751a5
-  data.tar.gz: ebfc68d10303eea0d66b61a636b069986e6f4d65e1af4a222bfea5d74a45951edb2d6f01192f4d0bafdbe3392e80a356074c334212651d2489e5d2dae0e8120b
+  metadata.gz: a60ee59b29cee51967a5a2e56bfd953d04826e09366e83a4246e6ab1f4965e47c41216975cef7e57f37d0506a94a12bcf9d09b78ec9cf13ef94c0377e3ba2292
+  data.tar.gz: 44a29a8098048df7a1d6db75400194c567371ae8bdda5f791872e2db23b58bb7c68d075fd3863f09abbddbc50501cbab4b31fe4910f32384506832a44697bceb

data/lib/puppetserver/ca/action/generate.rb

@@ -26,7 +26,7 @@ Usage:
   puppetserver ca generate [--help]
   puppetserver ca generate --certname NAME[,NAME] [--config PATH]
                            [--subject-alt-names NAME[,NAME]]
-                           [--ca-client]
+                           [--ca-client [--force]]
 
 Description:
   Generates a new certificate signed by the intermediate CA
@@ -75,6 +75,10 @@ BANNER
                     'Causes the cert to be generated offline.') do |ca_client|
               parsed['ca-client'] = true
             end
+            opts.on('--force', 'Suppress errors when signing cert offline.',
+                    "To be used with '--ca-client'") do |force|
+              parsed['force'] = true
+            end
             opts.on('--ttl TTL', 'The time-to-live for each cert generated and signed') do |ttl|
               parsed['ttl'] = ttl
             end
@@ -139,8 +143,21 @@ BANNER
 
           # Generate and save certs and associated keys
           if input['ca-client']
-            # Refused to generate certs offfline if the CA service is running
-            return 1 if HttpClient.check_server_online(puppet.settings, @logger)
+            # Refuse to generate certs offline if the CA service is running
+            begin
+              return 1 if HttpClient.check_server_online(puppet.settings, @logger)
+            rescue Puppetserver::Ca::ConnectionFailed => e
+              base_message = "Could not determine whether Puppet Server is online."
+              if input['force']
+                @logger.inform("#{base_message} Connection check failed with " \
+                  "error: #{e.wrapped}\nContinuing with certificate signing.")
+              else
+                @logger.inform("#{base_message} If you are certain that the " \
+                  "Puppetserver service is stopped, run this command again " \
+                  "with the '--force' flag.")
+                raise e
+              end
+            end
             all_passed = generate_authorized_certs(certnames, alt_names, puppet.settings, signer.digest)
           else
             all_passed = generate_certs(certnames, alt_names, puppet.settings, signer.digest, input['ttl'])

data/lib/puppetserver/ca/action/list.rb

@@ -89,12 +89,23 @@ Options:
           end
 
           if (all || certnames.any?)
-            all_certs = get_certs_or_csrs(puppet.settings).select { |cert| filter_names.call(cert) }
+            found_certs = get_certs_or_csrs(puppet.settings)
+            if found_certs.nil?
+               # nil is different from no certs found
+               @logger.err('Error while getting certificates')
+               return 1
+            end
+            all_certs = found_certs.select { |cert| filter_names.call(cert) }
             requested, signed, revoked = separate_certs(all_certs)
             missing = certnames - all_certs.map { |cert| cert['name'] }
             output_certs_by_state(all, output_format, requested, signed, revoked, missing)
           else
             all_csrs = get_certs_or_csrs(puppet.settings, "requested")
+            if all_csrs.nil?
+               # nil is different from no certs found
+               @logger.err('Error while getting certificate requests')
+               return 1
+            end
             output_certs_by_state(all, output_format, all_csrs)
           end
 
@@ -217,7 +228,7 @@ Options:
           if result
             return JSON.parse(result.body)
           else
-            return []
+            return nil
           end
         end
 

data/lib/puppetserver/ca/action/prune.rb

@@ -1,5 +1,6 @@
 require 'optparse'
 require 'openssl'
+require 'set'
 require 'puppetserver/ca/errors'
 require 'puppetserver/ca/utils/cli_parsing'
 require 'puppetserver/ca/utils/file_system'

data/lib/puppetserver/ca/version.rb

@@ -1,5 +1,5 @@
 module Puppetserver
   module Ca
-    VERSION = "2.3.3"
+    VERSION = "2.3.6"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppetserver-ca
 version: !ruby/object:Gem::Version
-  version: 2.3.3
+  version: 2.3.6
 platform: ruby
 authors:
 - Puppet, Inc.
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-08-19 00:00:00.000000000 Z
+date: 2022-03-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter
@@ -140,7 +140,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.8
+rubygems_version: 3.0.9
 signing_key: 
 specification_version: 4
 summary: A simple CLI tool for interacting with Puppet Server's Certificate Authority