puppetserver-ca 2.3.5 → 2.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/snyk.yaml +31 -0
- data/lib/puppetserver/ca/action/list.rb +13 -2
- data/lib/puppetserver/ca/host.rb +4 -4
- data/lib/puppetserver/ca/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6df60141ee08a19cc170166263abff7028ee6085bf833981efad3458cef5ce26
|
4
|
+
data.tar.gz: 4da9da0d545605f13bd0dfa2a6272a301dfe46251d0277663e8d09e6d3f65a29
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 15891316786fa4fcd63c3f86ac2f66051841fb3e680fe63e5d0d6ceb025241cc5c122ae1f3b2819c9b1063f7c1a166efd1ebd010b35921fb2c6f3fef2917da88
|
7
|
+
data.tar.gz: fee93fa98f038ab7eb660fe55ca466874221cb980e5794c8d32c7561a2dfa069cdc003046799b89ef99b0f6b7bc97b58928e788b1e057f5ef68362bd864c16c7
|
@@ -0,0 +1,31 @@
|
|
1
|
+
---
|
2
|
+
name: Snyk Monitor
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches:
|
6
|
+
- main
|
7
|
+
jobs:
|
8
|
+
snyk_monitor:
|
9
|
+
if: ${{ github.repository_owner == 'puppetlabs' }}
|
10
|
+
runs-on: ubuntu-latest
|
11
|
+
name: Snyk Monitor
|
12
|
+
steps:
|
13
|
+
- name: Checkout current PR
|
14
|
+
uses: actions/checkout@v2
|
15
|
+
- name: Setup Ruby
|
16
|
+
uses: ruby/setup-ruby@v1
|
17
|
+
with:
|
18
|
+
ruby-version: 2.7
|
19
|
+
- name: Install dependencies
|
20
|
+
run: bundle install --jobs 3 --retry 3
|
21
|
+
- name: Extract branch name
|
22
|
+
shell: bash
|
23
|
+
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
|
24
|
+
id: extract_branch
|
25
|
+
- name: Run Snyk to check for vulnerabilities
|
26
|
+
uses: snyk/actions/ruby@master
|
27
|
+
env:
|
28
|
+
SNYK_TOKEN: ${{ secrets.SNYK_FOSS_KEY }}
|
29
|
+
with:
|
30
|
+
command: monitor
|
31
|
+
args: --org=puppet-foss --project-name=${{ github.repository }}#${{ steps.extract_branch.outputs.branch }}
|
@@ -89,12 +89,23 @@ Options:
|
|
89
89
|
end
|
90
90
|
|
91
91
|
if (all || certnames.any?)
|
92
|
-
|
92
|
+
found_certs = get_certs_or_csrs(puppet.settings)
|
93
|
+
if found_certs.nil?
|
94
|
+
# nil is different from no certs found
|
95
|
+
@logger.err('Error while getting certificates')
|
96
|
+
return 1
|
97
|
+
end
|
98
|
+
all_certs = found_certs.select { |cert| filter_names.call(cert) }
|
93
99
|
requested, signed, revoked = separate_certs(all_certs)
|
94
100
|
missing = certnames - all_certs.map { |cert| cert['name'] }
|
95
101
|
output_certs_by_state(all, output_format, requested, signed, revoked, missing)
|
96
102
|
else
|
97
103
|
all_csrs = get_certs_or_csrs(puppet.settings, "requested")
|
104
|
+
if all_csrs.nil?
|
105
|
+
# nil is different from no certs found
|
106
|
+
@logger.err('Error while getting certificate requests')
|
107
|
+
return 1
|
108
|
+
end
|
98
109
|
output_certs_by_state(all, output_format, all_csrs)
|
99
110
|
end
|
100
111
|
|
@@ -217,7 +228,7 @@ Options:
|
|
217
228
|
if result
|
218
229
|
return JSON.parse(result.body)
|
219
230
|
else
|
220
|
-
return
|
231
|
+
return nil
|
221
232
|
end
|
222
233
|
end
|
223
234
|
|
data/lib/puppetserver/ca/host.rb
CHANGED
@@ -63,14 +63,14 @@ module Puppetserver
|
|
63
63
|
# and if neither exist we generate a new key. This logic is necessary for
|
64
64
|
# proper bootstrapping for certain server workflows.
|
65
65
|
def create_private_key(keylength, private_path = '', public_path = '')
|
66
|
-
if File.
|
66
|
+
if File.exist?(private_path) && File.exist?(public_path)
|
67
67
|
return OpenSSL::PKey.read(File.read(private_path))
|
68
|
-
elsif !File.
|
68
|
+
elsif !File.exist?(private_path) && !File.exist?(public_path)
|
69
69
|
return OpenSSL::PKey::RSA.new(keylength)
|
70
|
-
elsif !File.
|
70
|
+
elsif !File.exist?(private_path) && File.exist?(public_path)
|
71
71
|
@errors << "Missing private key to match public key at #{public_path}"
|
72
72
|
return nil
|
73
|
-
elsif File.
|
73
|
+
elsif File.exist?(private_path) && !File.exist?(public_path)
|
74
74
|
@errors << "Missing public key to match private key at #{private_path}"
|
75
75
|
return nil
|
76
76
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppetserver-ca
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Puppet, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-01-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: facter
|
@@ -80,6 +80,7 @@ executables:
|
|
80
80
|
extensions: []
|
81
81
|
extra_rdoc_files: []
|
82
82
|
files:
|
83
|
+
- ".github/workflows/snyk.yaml"
|
83
84
|
- ".gitignore"
|
84
85
|
- ".rspec"
|
85
86
|
- ".travis.yml"
|
@@ -140,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
140
141
|
- !ruby/object:Gem::Version
|
141
142
|
version: '0'
|
142
143
|
requirements: []
|
143
|
-
rubygems_version: 3.0.
|
144
|
+
rubygems_version: 3.0.9
|
144
145
|
signing_key:
|
145
146
|
specification_version: 4
|
146
147
|
summary: A simple CLI tool for interacting with Puppet Server's Certificate Authority
|