puppetserver-ca 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/puppetserver/ca/clean_action.rb +1 -3
- data/lib/puppetserver/ca/create_action.rb +1 -3
- data/lib/puppetserver/ca/list_action.rb +1 -3
- data/lib/puppetserver/ca/puppet_config.rb +4 -1
- data/lib/puppetserver/ca/revoke_action.rb +1 -3
- data/lib/puppetserver/ca/sign_action.rb +1 -3
- data/lib/puppetserver/ca/version.rb +1 -1
- data/lib/puppetserver/utils/http_client.rb +15 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e4ce165ce36009a209f855a3be43baf46d9f3149
|
|
4
|
+
data.tar.gz: 1dff6f4475def4e3dcbd069e48bfcd1d9f7401b0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c667523644d19b2d835507b473c8a8e33c5ac397faa43ad272283289c5fb228ebb35f32bd62fb31ce93842a6065b6aae7f579685e1addcfb07257771eb3d2bff
|
|
7
|
+
data.tar.gz: 8e37ef678e3fef24eb89b7e6ca51662323e3014f656582d54a05751f2de440e8bc8304b970bef3fac250538e567de5cee7abfbc2e7effaebfa1e0dcd86918165
|
|
@@ -93,9 +93,7 @@ BANNER
|
|
|
93
93
|
end
|
|
94
94
|
|
|
95
95
|
def clean_certs(certnames, settings)
|
|
96
|
-
client = HttpClient.new(settings
|
|
97
|
-
settings[:certificate_revocation],
|
|
98
|
-
settings[:hostcrl])
|
|
96
|
+
client = HttpClient.new(settings)
|
|
99
97
|
|
|
100
98
|
url = client.make_ca_url(settings[:ca_server],
|
|
101
99
|
settings[:ca_port],
|
|
@@ -141,9 +141,7 @@ BANNER
|
|
|
141
141
|
end
|
|
142
142
|
|
|
143
143
|
def http_client(settings)
|
|
144
|
-
@client ||= HttpClient.new(settings
|
|
145
|
-
settings[:certificate_revocation],
|
|
146
|
-
settings[:hostcrl])
|
|
144
|
+
@client ||= HttpClient.new(settings)
|
|
147
145
|
end
|
|
148
146
|
|
|
149
147
|
# Make an HTTP request to submit certificate requests to CA
|
|
@@ -101,9 +101,7 @@ Options:
|
|
|
101
101
|
end
|
|
102
102
|
|
|
103
103
|
def http_client(settings)
|
|
104
|
-
@client ||= HttpClient.new(settings
|
|
105
|
-
settings[:certificate_revocation],
|
|
106
|
-
settings[:hostcrl])
|
|
104
|
+
@client ||= HttpClient.new(settings)
|
|
107
105
|
end
|
|
108
106
|
|
|
109
107
|
def get_certificate_statuses(settings)
|
|
@@ -101,6 +101,9 @@ module Puppetserver
|
|
|
101
101
|
server = overrides.fetch(:server, '$certname')
|
|
102
102
|
settings[:server] = substitutions['$server'] = server.sub(unresolved_setting, substitutions)
|
|
103
103
|
|
|
104
|
+
privatekeydir = overrides.fetch(:privatekeydir, '$ssldir/private_keys')
|
|
105
|
+
settings[:privatekeydir] = substitutions['$privatekeydir'] = privatekeydir.sub(unresolved_setting, substitutions)
|
|
106
|
+
|
|
104
107
|
settings[:masterport] = substitutions['$masterport'] = overrides.fetch(:masterport, '8140')
|
|
105
108
|
|
|
106
109
|
settings[:ca_name] = overrides.fetch(:ca_name, 'Puppet CA: $certname')
|
|
@@ -125,7 +128,7 @@ module Puppetserver
|
|
|
125
128
|
settings[:localcacert] = overrides.fetch(:localcacert, '$certdir/ca.pem')
|
|
126
129
|
settings[:hostcert] = overrides.fetch(:hostcert, '$certdir/$certname.pem')
|
|
127
130
|
settings[:hostcrl] = overrides.fetch(:hostcrl, '$ssldir/crl.pem')
|
|
128
|
-
settings[:
|
|
131
|
+
settings[:hostprivkey] = overrides.fetch(:hostprivkey, '$privatekeydir/$certname.pem')
|
|
129
132
|
settings[:publickeydir] = overrides.fetch(:publickeydir, '$ssldir/public_keys')
|
|
130
133
|
settings[:certificate_revocation] = parse_crl_usage(overrides.fetch(:certificate_revocation, 'true'))
|
|
131
134
|
|
|
@@ -93,9 +93,7 @@ BANNER
|
|
|
93
93
|
end
|
|
94
94
|
|
|
95
95
|
def revoke_certs(certnames, settings)
|
|
96
|
-
client = HttpClient.new(settings
|
|
97
|
-
settings[:certificate_revocation],
|
|
98
|
-
settings[:hostcrl])
|
|
96
|
+
client = HttpClient.new(settings)
|
|
99
97
|
|
|
100
98
|
url = client.make_ca_url(settings[:ca_server],
|
|
101
99
|
settings[:ca_port],
|
|
@@ -14,8 +14,20 @@ module Puppetserver
|
|
|
14
14
|
|
|
15
15
|
attr_reader :store
|
|
16
16
|
|
|
17
|
-
def initialize(
|
|
18
|
-
@store = make_store(localcacert,
|
|
17
|
+
def initialize(settings)
|
|
18
|
+
@store = make_store(settings[:localcacert],
|
|
19
|
+
settings[:certificate_revocation],
|
|
20
|
+
settings[:hostcrl])
|
|
21
|
+
@cert = load_cert(settings[:hostcert])
|
|
22
|
+
@key = load_key(settings[:hostprivkey])
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def load_cert(cert_path)
|
|
26
|
+
OpenSSL::X509::Certificate.new(File.read(cert_path))
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def load_key(key_path)
|
|
30
|
+
OpenSSL::PKey.read(File.read(key_path))
|
|
19
31
|
end
|
|
20
32
|
|
|
21
33
|
# Returns a URI-like wrapper around CA specific urls
|
|
@@ -32,6 +44,7 @@ module Puppetserver
|
|
|
32
44
|
|
|
33
45
|
Net::HTTP.start(url.host, url.port,
|
|
34
46
|
use_ssl: true, cert_store: @store,
|
|
47
|
+
cert: @cert, key: @key,
|
|
35
48
|
&request)
|
|
36
49
|
end
|
|
37
50
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: puppetserver-ca
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Puppet, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-08-
|
|
11
|
+
date: 2018-08-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: facter
|