puppetserver-ca 2.3.5 → 2.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 37981ba97c1f259e077b807b2903ea73d4726c56c4fb28b1e7e506fa456c2002
-  data.tar.gz: 15fab6a94a112e748d6605cb7d1b9a511fb17f663e6c25b59a2552d254f5c155
+  metadata.gz: 6df60141ee08a19cc170166263abff7028ee6085bf833981efad3458cef5ce26
+  data.tar.gz: 4da9da0d545605f13bd0dfa2a6272a301dfe46251d0277663e8d09e6d3f65a29
 SHA512:
-  metadata.gz: 993aa454173c018b817f5028bd0726679fd71c9588cf96aa75e4534e3726919b0b851b83c7bd04628c2cf9e58146739678d9b856e0b64fea8ca0fea98b78f567
-  data.tar.gz: ea9b4e92cf2a607274bee95d882f8e69c34fa5ae4dcf338aee4fae7697ed82d39f0cb1ffa16ba8466a88d2040e75d3d96b01f6b2c528adaf8170779966b2e366
+  metadata.gz: 15891316786fa4fcd63c3f86ac2f66051841fb3e680fe63e5d0d6ceb025241cc5c122ae1f3b2819c9b1063f7c1a166efd1ebd010b35921fb2c6f3fef2917da88
+  data.tar.gz: fee93fa98f038ab7eb660fe55ca466874221cb980e5794c8d32c7561a2dfa069cdc003046799b89ef99b0f6b7bc97b58928e788b1e057f5ef68362bd864c16c7

data/.github/workflows/snyk.yaml

@@ -0,0 +1,31 @@
+---
+name: Snyk Monitor
+on:
+  push:
+    branches:
+      - main
+jobs:
+  snyk_monitor:
+    if: ${{ github.repository_owner == 'puppetlabs' }}
+    runs-on: ubuntu-latest
+    name: Snyk Monitor
+    steps:
+      - name: Checkout current PR
+        uses: actions/checkout@v2
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.7
+      - name: Install dependencies
+        run: bundle install --jobs 3 --retry 3
+      - name: Extract branch name
+        shell: bash
+        run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+        id: extract_branch
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/ruby@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_FOSS_KEY }}
+        with:
+          command: monitor
+          args: --org=puppet-foss --project-name=${{ github.repository }}#${{ steps.extract_branch.outputs.branch }}

data/lib/puppetserver/ca/action/list.rb

@@ -89,12 +89,23 @@ Options:
           end
 
           if (all || certnames.any?)
-            all_certs = get_certs_or_csrs(puppet.settings).select { |cert| filter_names.call(cert) }
+            found_certs = get_certs_or_csrs(puppet.settings)
+            if found_certs.nil?
+               # nil is different from no certs found
+               @logger.err('Error while getting certificates')
+               return 1
+            end
+            all_certs = found_certs.select { |cert| filter_names.call(cert) }
             requested, signed, revoked = separate_certs(all_certs)
             missing = certnames - all_certs.map { |cert| cert['name'] }
             output_certs_by_state(all, output_format, requested, signed, revoked, missing)
           else
             all_csrs = get_certs_or_csrs(puppet.settings, "requested")
+            if all_csrs.nil?
+               # nil is different from no certs found
+               @logger.err('Error while getting certificate requests')
+               return 1
+            end
             output_certs_by_state(all, output_format, all_csrs)
           end
 
@@ -217,7 +228,7 @@ Options:
           if result
             return JSON.parse(result.body)
           else
-            return []
+            return nil
           end
         end
 

data/lib/puppetserver/ca/host.rb

@@ -63,14 +63,14 @@ module Puppetserver
       # and if neither exist we generate a new key. This logic is necessary for
       # proper bootstrapping for certain server workflows.
       def create_private_key(keylength, private_path = '', public_path = '')
-        if File.exists?(private_path) && File.exists?(public_path)
+        if File.exist?(private_path) && File.exist?(public_path)
           return OpenSSL::PKey.read(File.read(private_path))
-        elsif !File.exists?(private_path) && !File.exists?(public_path)
+        elsif !File.exist?(private_path) && !File.exist?(public_path)
           return OpenSSL::PKey::RSA.new(keylength)
-        elsif !File.exists?(private_path) && File.exists?(public_path)
+        elsif !File.exist?(private_path) && File.exist?(public_path)
           @errors << "Missing private key to match public key at #{public_path}"
           return nil
-        elsif File.exists?(private_path) && !File.exists?(public_path)
+        elsif File.exist?(private_path) && !File.exist?(public_path)
           @errors << "Missing public key to match private key at #{private_path}"
           return nil
         end

data/lib/puppetserver/ca/version.rb

@@ -1,5 +1,5 @@
 module Puppetserver
   module Ca
-    VERSION = "2.3.5"
+    VERSION = "2.4.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppetserver-ca
 version: !ruby/object:Gem::Version
-  version: 2.3.5
+  version: 2.4.0
 platform: ruby
 authors:
 - Puppet, Inc.
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-09-07 00:00:00.000000000 Z
+date: 2023-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter
@@ -80,6 +80,7 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/snyk.yaml"
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
@@ -140,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.8
+rubygems_version: 3.0.9
 signing_key: 
 specification_version: 4
 summary: A simple CLI tool for interacting with Puppet Server's Certificate Authority