puppetserver-ca 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3ce9f1836cdf33c3a90c4ead5503c9e3bd77dd4c
-  data.tar.gz: 4c935b843c029cce7626c9b5ae5ec4d2e3d7a483
+  metadata.gz: f41aeb772961d07711e18252a727800b7962e11a
+  data.tar.gz: ebc595c85433ec3a4c14d2660e0e92237bee3690
 SHA512:
-  metadata.gz: 136312e8f3183ba47e97d7e256c6887e22b044bc4b455cb0d7f7e635835b511a83e2a78d53c87b6c45f12c1b11ff149a82dd02346324fde2a75dcb656de4c688
-  data.tar.gz: 1bff6c715e519f6cc4fcb238059c318659b244a7fad493d8a4b446a7d204a9947464838adb76f213a80fbf7416088b49231dab4531013318c8703abf01b6b579
+  metadata.gz: 315814ed7b351eea57fc5620bd08e8e406d6c489a24cc4e0e2e6048844d2ed2ef85260a6fc5c1de8f923f999708aaf0679388b3a23af865f04538f14f6a617e2
+  data.tar.gz: b482951edd70310b07d1aa2a8f988a34bc3a08d3a5ddf75e10799a2b86ad09e0dfd8eee0b683ee0fd665eb90e795c0c422517371dedb68124c49d6544283bec6

data/Gemfile

@@ -7,3 +7,4 @@ gemspec
 
 gem 'pry'
 gem 'pry-byebug'
+gem 'hocon', '~> 1.2', require: false

data/lib/puppetserver/ca/cli.rb

@@ -1,6 +1,6 @@
 require 'optparse'
 require 'puppetserver/ca/version'
-require 'puppetserver/ca/setup_action'
+require 'puppetserver/ca/import_action'
 require 'puppetserver/ca/logger'
 
 module Puppetserver
@@ -13,7 +13,7 @@ Manage the Private Key Infrastructure for
 Puppet Server's built-in Certificate Authority
 BANNER
 
-      VALID_ACTIONS = {'setup' => SetupAction}
+      VALID_ACTIONS = {'import' => ImportAction}
 
       ACTION_LIST = "\nAvailable Actions:\n" +
         VALID_ACTIONS.map do |action, cls|

data/lib/puppetserver/ca/config_utils.rb

@@ -0,0 +1,11 @@
+module Puppetserver
+  module Ca
+    module ConfigUtils
+
+      def running_as_root?
+        !Gem.win_platform? && Process::UID.eid == 0
+      end
+
+    end
+  end
+end

data/lib/puppetserver/ca/{setup_action.rb → import_action.rb}

@@ -6,13 +6,13 @@ require 'puppetserver/ca/puppet_config'
 
 module Puppetserver
   module Ca
-    class SetupAction
+    class ImportAction
 
-      SUMMARY = "Set up the CA's key, certs, and crls"
+      SUMMARY = "Import the CA's key, certs, and crls"
       BANNER = <<-BANNER
 Usage:
-  puppetserver ca setup [--help|--version]
-  puppetserver ca setup [--config PATH]
+  puppetserver ca import [--help|--version]
+  puppetserver ca import [--config PATH]
       --private-key PATH --cert-bundle PATH --crl-chain PATH
 
 Description:
@@ -175,7 +175,7 @@ BANNER
       def self.parser(parsed = {})
         OptionParser.new do |opts|
           opts.banner = BANNER
-          opts.on('--help', 'Display this setup specific help output') do |help|
+          opts.on('--help', 'Display this import specific help output') do |help|
             parsed['help'] = true
           end
           opts.on('--version', 'Output the version') do |v|

data/lib/puppetserver/ca/puppet_config.rb

@@ -1,11 +1,14 @@
+require 'puppetserver/ca/config_utils'
 
 module Puppetserver
   module Ca
-    # Provides an interface for asking for Puppet[ Server] settings w/o loading
-    # either Puppet or Puppet Server. Includes a simple ini parser that will
-    # ignore Puppet's more complicated conventions.
+    # Provides an interface for asking for Puppet settings w/o loading
+    # Puppet. Includes a simple ini parser that will ignore Puppet's
+    # more complicated conventions.
     class PuppetConfig
 
+      include Puppetserver::Ca::ConfigUtils
+
       def self.parse(config_path = nil)
         instance = new(config_path)
         instance.load
@@ -119,16 +122,11 @@ module Puppetserver
         res
       end
 
-
      private
 
       def explicitly_given_config_file_or_default_config_exists?
         !@using_default_location || File.exist?(@config_path)
       end
-
-      def running_as_root?
-        !Gem.win_platform? && Process::UID.eid == 0
-      end
     end
   end
 end

data/lib/puppetserver/ca/puppetserver_config.rb

@@ -0,0 +1,83 @@
+require 'hocon'
+require 'puppetserver/ca/config_utils'
+
+module Puppetserver
+  module Ca
+    # Provides an interface for querying Puppetserver settings w/o loading
+    # Puppetserver or any TK config service. Uses the ruby-hocon gem for parsing.
+    class PuppetserverConfig
+
+      include Puppetserver::Ca::ConfigUtils
+
+      def self.parse(config_path = nil)
+        instance = new(config_path)
+        instance.load
+
+        return instance
+      end
+
+      attr_reader :errors, :settings
+
+      def initialize(supplied_config_path = nil)
+        @using_default_location = !supplied_config_path
+        @config_path = supplied_config_path || "/etc/puppetlabs/puppetserver/conf.d/ca.conf"
+
+        @settings = nil
+        @errors = []
+      end
+
+      # Populate this config object with the CA-related settings
+      def load
+        if explicitly_given_config_file_or_default_config_exists?
+          begin
+            results = Hocon.load(@config_path)
+          rescue Hocon::ConfigError => e
+            errors << e.message
+          end
+        end
+
+        overrides = results || {}
+        @settings = supply_defaults(overrides).freeze
+      end
+
+      private
+
+      # Return the correct confdir. We check for being root on *nix,
+      # else the user path. We do not include a check for running
+      # as Adminstrator since non-development scenarios for Puppet Server
+      # on Windows are unsupported.
+      # Note that Puppet Server runs as the [pe-]puppet user but to
+      # start/stop it you must be root.
+      def user_specific_ca_dir
+        if running_as_root?
+          '/etc/puppetlabs/puppetserver/ca'
+        else
+          "#{ENV['HOME']}/.puppetlabs/etc/puppetserver/ca"
+        end
+      end
+
+      # Supply defaults for any CA settings not present in the config file
+      # @param [Hash] overrides setting names and values loaded from the config file,
+      #                         for overriding the defaults
+      # @return [Hash] CA-related settings
+      def supply_defaults(overrides = {})
+        ca_settings = overrides['certificate-authority'] || {}
+        settings = {}
+
+        cadir = settings[:cadir] = ca_settings.fetch('cadir', user_specific_ca_dir)
+
+        settings[:cacert] = ca_settings.fetch('cacert', "#{cadir}/ca_crt.pem")
+        settings[:cakey] = ca_settings.fetch('cakey', "#{cadir}/ca_key.pem")
+        settings[:cacrl] = ca_settings.fetch('cacrl', "#{cadir}/ca_crl.pem")
+        settings[:serial] = ca_settings.fetch('serial', "#{cadir}/serial")
+        settings[:cert_inventory] = ca_settings.fetch('cert-inventory', "#{cadir}/inventory.txt")
+
+        return settings
+      end
+
+      def explicitly_given_config_file_or_default_config_exists?
+        !@using_default_location || File.exist?(@config_path)
+      end
+    end
+  end
+end

data/lib/puppetserver/ca/version.rb

@@ -1,5 +1,5 @@
 module Puppetserver
   module Ca
-    VERSION = "0.1.0"
+    VERSION = "0.2.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppetserver-ca
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Puppet, Inc.
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-07-19 00:00:00.000000000 Z
+date: 2018-07-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -74,9 +74,11 @@ files:
 - exe/puppetserver-ca
 - lib/puppetserver/ca.rb
 - lib/puppetserver/ca/cli.rb
+- lib/puppetserver/ca/config_utils.rb
+- lib/puppetserver/ca/import_action.rb
 - lib/puppetserver/ca/logger.rb
 - lib/puppetserver/ca/puppet_config.rb
-- lib/puppetserver/ca/setup_action.rb
+- lib/puppetserver/ca/puppetserver_config.rb
 - lib/puppetserver/ca/stub.rb
 - lib/puppetserver/ca/version.rb
 - lib/puppetserver/ca/x509_loader.rb