puppetserver-ca 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -0
- data/lib/puppetserver/ca/cli.rb +2 -2
- data/lib/puppetserver/ca/config_utils.rb +11 -0
- data/lib/puppetserver/ca/{setup_action.rb → import_action.rb} +5 -5
- data/lib/puppetserver/ca/puppet_config.rb +6 -8
- data/lib/puppetserver/ca/puppetserver_config.rb +83 -0
- data/lib/puppetserver/ca/version.rb +1 -1
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f41aeb772961d07711e18252a727800b7962e11a
|
4
|
+
data.tar.gz: ebc595c85433ec3a4c14d2660e0e92237bee3690
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 315814ed7b351eea57fc5620bd08e8e406d6c489a24cc4e0e2e6048844d2ed2ef85260a6fc5c1de8f923f999708aaf0679388b3a23af865f04538f14f6a617e2
|
7
|
+
data.tar.gz: b482951edd70310b07d1aa2a8f988a34bc3a08d3a5ddf75e10799a2b86ad09e0dfd8eee0b683ee0fd665eb90e795c0c422517371dedb68124c49d6544283bec6
|
data/Gemfile
CHANGED
data/lib/puppetserver/ca/cli.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
require 'optparse'
|
2
2
|
require 'puppetserver/ca/version'
|
3
|
-
require 'puppetserver/ca/
|
3
|
+
require 'puppetserver/ca/import_action'
|
4
4
|
require 'puppetserver/ca/logger'
|
5
5
|
|
6
6
|
module Puppetserver
|
@@ -13,7 +13,7 @@ Manage the Private Key Infrastructure for
|
|
13
13
|
Puppet Server's built-in Certificate Authority
|
14
14
|
BANNER
|
15
15
|
|
16
|
-
VALID_ACTIONS = {'
|
16
|
+
VALID_ACTIONS = {'import' => ImportAction}
|
17
17
|
|
18
18
|
ACTION_LIST = "\nAvailable Actions:\n" +
|
19
19
|
VALID_ACTIONS.map do |action, cls|
|
@@ -6,13 +6,13 @@ require 'puppetserver/ca/puppet_config'
|
|
6
6
|
|
7
7
|
module Puppetserver
|
8
8
|
module Ca
|
9
|
-
class
|
9
|
+
class ImportAction
|
10
10
|
|
11
|
-
SUMMARY = "
|
11
|
+
SUMMARY = "Import the CA's key, certs, and crls"
|
12
12
|
BANNER = <<-BANNER
|
13
13
|
Usage:
|
14
|
-
puppetserver ca
|
15
|
-
puppetserver ca
|
14
|
+
puppetserver ca import [--help|--version]
|
15
|
+
puppetserver ca import [--config PATH]
|
16
16
|
--private-key PATH --cert-bundle PATH --crl-chain PATH
|
17
17
|
|
18
18
|
Description:
|
@@ -175,7 +175,7 @@ BANNER
|
|
175
175
|
def self.parser(parsed = {})
|
176
176
|
OptionParser.new do |opts|
|
177
177
|
opts.banner = BANNER
|
178
|
-
opts.on('--help', 'Display this
|
178
|
+
opts.on('--help', 'Display this import specific help output') do |help|
|
179
179
|
parsed['help'] = true
|
180
180
|
end
|
181
181
|
opts.on('--version', 'Output the version') do |v|
|
@@ -1,11 +1,14 @@
|
|
1
|
+
require 'puppetserver/ca/config_utils'
|
1
2
|
|
2
3
|
module Puppetserver
|
3
4
|
module Ca
|
4
|
-
# Provides an interface for asking for Puppet
|
5
|
-
#
|
6
|
-
#
|
5
|
+
# Provides an interface for asking for Puppet settings w/o loading
|
6
|
+
# Puppet. Includes a simple ini parser that will ignore Puppet's
|
7
|
+
# more complicated conventions.
|
7
8
|
class PuppetConfig
|
8
9
|
|
10
|
+
include Puppetserver::Ca::ConfigUtils
|
11
|
+
|
9
12
|
def self.parse(config_path = nil)
|
10
13
|
instance = new(config_path)
|
11
14
|
instance.load
|
@@ -119,16 +122,11 @@ module Puppetserver
|
|
119
122
|
res
|
120
123
|
end
|
121
124
|
|
122
|
-
|
123
125
|
private
|
124
126
|
|
125
127
|
def explicitly_given_config_file_or_default_config_exists?
|
126
128
|
!@using_default_location || File.exist?(@config_path)
|
127
129
|
end
|
128
|
-
|
129
|
-
def running_as_root?
|
130
|
-
!Gem.win_platform? && Process::UID.eid == 0
|
131
|
-
end
|
132
130
|
end
|
133
131
|
end
|
134
132
|
end
|
@@ -0,0 +1,83 @@
|
|
1
|
+
require 'hocon'
|
2
|
+
require 'puppetserver/ca/config_utils'
|
3
|
+
|
4
|
+
module Puppetserver
|
5
|
+
module Ca
|
6
|
+
# Provides an interface for querying Puppetserver settings w/o loading
|
7
|
+
# Puppetserver or any TK config service. Uses the ruby-hocon gem for parsing.
|
8
|
+
class PuppetserverConfig
|
9
|
+
|
10
|
+
include Puppetserver::Ca::ConfigUtils
|
11
|
+
|
12
|
+
def self.parse(config_path = nil)
|
13
|
+
instance = new(config_path)
|
14
|
+
instance.load
|
15
|
+
|
16
|
+
return instance
|
17
|
+
end
|
18
|
+
|
19
|
+
attr_reader :errors, :settings
|
20
|
+
|
21
|
+
def initialize(supplied_config_path = nil)
|
22
|
+
@using_default_location = !supplied_config_path
|
23
|
+
@config_path = supplied_config_path || "/etc/puppetlabs/puppetserver/conf.d/ca.conf"
|
24
|
+
|
25
|
+
@settings = nil
|
26
|
+
@errors = []
|
27
|
+
end
|
28
|
+
|
29
|
+
# Populate this config object with the CA-related settings
|
30
|
+
def load
|
31
|
+
if explicitly_given_config_file_or_default_config_exists?
|
32
|
+
begin
|
33
|
+
results = Hocon.load(@config_path)
|
34
|
+
rescue Hocon::ConfigError => e
|
35
|
+
errors << e.message
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
overrides = results || {}
|
40
|
+
@settings = supply_defaults(overrides).freeze
|
41
|
+
end
|
42
|
+
|
43
|
+
private
|
44
|
+
|
45
|
+
# Return the correct confdir. We check for being root on *nix,
|
46
|
+
# else the user path. We do not include a check for running
|
47
|
+
# as Adminstrator since non-development scenarios for Puppet Server
|
48
|
+
# on Windows are unsupported.
|
49
|
+
# Note that Puppet Server runs as the [pe-]puppet user but to
|
50
|
+
# start/stop it you must be root.
|
51
|
+
def user_specific_ca_dir
|
52
|
+
if running_as_root?
|
53
|
+
'/etc/puppetlabs/puppetserver/ca'
|
54
|
+
else
|
55
|
+
"#{ENV['HOME']}/.puppetlabs/etc/puppetserver/ca"
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
# Supply defaults for any CA settings not present in the config file
|
60
|
+
# @param [Hash] overrides setting names and values loaded from the config file,
|
61
|
+
# for overriding the defaults
|
62
|
+
# @return [Hash] CA-related settings
|
63
|
+
def supply_defaults(overrides = {})
|
64
|
+
ca_settings = overrides['certificate-authority'] || {}
|
65
|
+
settings = {}
|
66
|
+
|
67
|
+
cadir = settings[:cadir] = ca_settings.fetch('cadir', user_specific_ca_dir)
|
68
|
+
|
69
|
+
settings[:cacert] = ca_settings.fetch('cacert', "#{cadir}/ca_crt.pem")
|
70
|
+
settings[:cakey] = ca_settings.fetch('cakey', "#{cadir}/ca_key.pem")
|
71
|
+
settings[:cacrl] = ca_settings.fetch('cacrl', "#{cadir}/ca_crl.pem")
|
72
|
+
settings[:serial] = ca_settings.fetch('serial', "#{cadir}/serial")
|
73
|
+
settings[:cert_inventory] = ca_settings.fetch('cert-inventory', "#{cadir}/inventory.txt")
|
74
|
+
|
75
|
+
return settings
|
76
|
+
end
|
77
|
+
|
78
|
+
def explicitly_given_config_file_or_default_config_exists?
|
79
|
+
!@using_default_location || File.exist?(@config_path)
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppetserver-ca
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Puppet, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-07-
|
11
|
+
date: 2018-07-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -74,9 +74,11 @@ files:
|
|
74
74
|
- exe/puppetserver-ca
|
75
75
|
- lib/puppetserver/ca.rb
|
76
76
|
- lib/puppetserver/ca/cli.rb
|
77
|
+
- lib/puppetserver/ca/config_utils.rb
|
78
|
+
- lib/puppetserver/ca/import_action.rb
|
77
79
|
- lib/puppetserver/ca/logger.rb
|
78
80
|
- lib/puppetserver/ca/puppet_config.rb
|
79
|
-
- lib/puppetserver/ca/
|
81
|
+
- lib/puppetserver/ca/puppetserver_config.rb
|
80
82
|
- lib/puppetserver/ca/stub.rb
|
81
83
|
- lib/puppetserver/ca/version.rb
|
82
84
|
- lib/puppetserver/ca/x509_loader.rb
|