puppetserver-ca 2.3.3 → 2.3.6
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 752967f94498efd749219a41bd66937700a3d9118847ab4bdccb3029abe993d9
|
4
|
+
data.tar.gz: 3207d8be773911373ceec30ad9153416ff869060aec1dc9288340bd2bc2bb3d1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a60ee59b29cee51967a5a2e56bfd953d04826e09366e83a4246e6ab1f4965e47c41216975cef7e57f37d0506a94a12bcf9d09b78ec9cf13ef94c0377e3ba2292
|
7
|
+
data.tar.gz: 44a29a8098048df7a1d6db75400194c567371ae8bdda5f791872e2db23b58bb7c68d075fd3863f09abbddbc50501cbab4b31fe4910f32384506832a44697bceb
|
@@ -26,7 +26,7 @@ Usage:
|
|
26
26
|
puppetserver ca generate [--help]
|
27
27
|
puppetserver ca generate --certname NAME[,NAME] [--config PATH]
|
28
28
|
[--subject-alt-names NAME[,NAME]]
|
29
|
-
[--ca-client]
|
29
|
+
[--ca-client [--force]]
|
30
30
|
|
31
31
|
Description:
|
32
32
|
Generates a new certificate signed by the intermediate CA
|
@@ -75,6 +75,10 @@ BANNER
|
|
75
75
|
'Causes the cert to be generated offline.') do |ca_client|
|
76
76
|
parsed['ca-client'] = true
|
77
77
|
end
|
78
|
+
opts.on('--force', 'Suppress errors when signing cert offline.',
|
79
|
+
"To be used with '--ca-client'") do |force|
|
80
|
+
parsed['force'] = true
|
81
|
+
end
|
78
82
|
opts.on('--ttl TTL', 'The time-to-live for each cert generated and signed') do |ttl|
|
79
83
|
parsed['ttl'] = ttl
|
80
84
|
end
|
@@ -139,8 +143,21 @@ BANNER
|
|
139
143
|
|
140
144
|
# Generate and save certs and associated keys
|
141
145
|
if input['ca-client']
|
142
|
-
#
|
143
|
-
|
146
|
+
# Refuse to generate certs offline if the CA service is running
|
147
|
+
begin
|
148
|
+
return 1 if HttpClient.check_server_online(puppet.settings, @logger)
|
149
|
+
rescue Puppetserver::Ca::ConnectionFailed => e
|
150
|
+
base_message = "Could not determine whether Puppet Server is online."
|
151
|
+
if input['force']
|
152
|
+
@logger.inform("#{base_message} Connection check failed with " \
|
153
|
+
"error: #{e.wrapped}\nContinuing with certificate signing.")
|
154
|
+
else
|
155
|
+
@logger.inform("#{base_message} If you are certain that the " \
|
156
|
+
"Puppetserver service is stopped, run this command again " \
|
157
|
+
"with the '--force' flag.")
|
158
|
+
raise e
|
159
|
+
end
|
160
|
+
end
|
144
161
|
all_passed = generate_authorized_certs(certnames, alt_names, puppet.settings, signer.digest)
|
145
162
|
else
|
146
163
|
all_passed = generate_certs(certnames, alt_names, puppet.settings, signer.digest, input['ttl'])
|
@@ -89,12 +89,23 @@ Options:
|
|
89
89
|
end
|
90
90
|
|
91
91
|
if (all || certnames.any?)
|
92
|
-
|
92
|
+
found_certs = get_certs_or_csrs(puppet.settings)
|
93
|
+
if found_certs.nil?
|
94
|
+
# nil is different from no certs found
|
95
|
+
@logger.err('Error while getting certificates')
|
96
|
+
return 1
|
97
|
+
end
|
98
|
+
all_certs = found_certs.select { |cert| filter_names.call(cert) }
|
93
99
|
requested, signed, revoked = separate_certs(all_certs)
|
94
100
|
missing = certnames - all_certs.map { |cert| cert['name'] }
|
95
101
|
output_certs_by_state(all, output_format, requested, signed, revoked, missing)
|
96
102
|
else
|
97
103
|
all_csrs = get_certs_or_csrs(puppet.settings, "requested")
|
104
|
+
if all_csrs.nil?
|
105
|
+
# nil is different from no certs found
|
106
|
+
@logger.err('Error while getting certificate requests')
|
107
|
+
return 1
|
108
|
+
end
|
98
109
|
output_certs_by_state(all, output_format, all_csrs)
|
99
110
|
end
|
100
111
|
|
@@ -217,7 +228,7 @@ Options:
|
|
217
228
|
if result
|
218
229
|
return JSON.parse(result.body)
|
219
230
|
else
|
220
|
-
return
|
231
|
+
return nil
|
221
232
|
end
|
222
233
|
end
|
223
234
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppetserver-ca
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.3.
|
4
|
+
version: 2.3.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Puppet, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-03-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: facter
|
@@ -140,7 +140,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
140
140
|
- !ruby/object:Gem::Version
|
141
141
|
version: '0'
|
142
142
|
requirements: []
|
143
|
-
rubygems_version: 3.0.
|
143
|
+
rubygems_version: 3.0.9
|
144
144
|
signing_key:
|
145
145
|
specification_version: 4
|
146
146
|
summary: A simple CLI tool for interacting with Puppet Server's Certificate Authority
|