puppetserver-ca 0.7.0 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/puppetserver/ca/action/clean.rb +9 -3
  3. data/lib/puppetserver/ca/action/revoke.rb +10 -3
  4. data/lib/puppetserver/ca/certificate_authority.rb +60 -25
  5. data/lib/puppetserver/ca/version.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1d0f3441468d38c6a0385a7c2ed7e3056e9e7407
4
- data.tar.gz: 84e643ade9ca258be16166e16b1577dd454ec9f8
3
+ metadata.gz: 4aae686f8f63d4fb8c675758fd9c910f8608187a
4
+ data.tar.gz: 36404974656f555dbd6253aaa6a5792b9b3b0069
5
5
  SHA512:
6
- metadata.gz: 6dd35a352ff2ca7aec331efd573781224471e03efcd451fd35d5c13416b6f2d2cceec34339d0ff9016840a77af321b9821d6fff1f2d6d42a568316786b8e19bd
7
- data.tar.gz: 6e460d0db0cf328e17968950741eade841198ce165e306b5ca07e81343d1c29045b3baab88ce0be78c90c3a50c969fc4323c6e626f195814bd7fba6f08707e78
6
+ metadata.gz: 4f43caf76164963786227c950886504fa2d3c7ffa583228cbe82256bca53c8a6867ba7c7cb3278bc604e3730f79dcb934146a22bd209642aa1a347fb5ea86811
7
+ data.tar.gz: 98b4178cadbc8ec770585a97b5ce9d44a770956d5d85b839cc5553962a1377998853b93a67378519577a13f032cf1ac6bd954641dab013fbeedd480b9e369944
data/lib/puppetserver/ca/action/clean.rb CHANGED
@@ -87,9 +87,15 @@ BANNER
87
87
  puppet = Config::Puppet.parse(config)
88
88
  return 1 if CliParsing.handle_errors(@logger, puppet.errors)
89
89
 
90
- passed = clean_certs(certnames, puppet.settings)
91
-
92
- return passed ? 0 : 1
90
+ result = clean_certs(certnames, puppet.settings)
91
+ case result
92
+ when :success
93
+ return 0
94
+ when :invalid
95
+ return 24
96
+ when :not_found, :error
97
+ return 1
98
+ end
93
99
  end
94
100
 
95
101
  def clean_certs(certnames, settings)
data/lib/puppetserver/ca/action/revoke.rb CHANGED
@@ -86,9 +86,16 @@ BANNER
86
86
  puppet = Config::Puppet.parse(config)
87
87
  return 1 if CliParsing.handle_errors(@logger, puppet.errors)
88
88
 
89
- passed = revoke_certs(certnames, puppet.settings)
90
-
91
- return passed ? 0 : 1
89
+ result = revoke_certs(certnames, puppet.settings)
90
+
91
+ case result
92
+ when :success
93
+ return 0
94
+ when :invalid
95
+ return 24
96
+ when :not_found, :error
97
+ return 1
98
+ end
92
99
  end
93
100
 
94
101
  def revoke_certs(certnames, settings)
data/lib/puppetserver/ca/certificate_authority.rb CHANGED
@@ -18,31 +18,49 @@ module Puppetserver
18
18
  @ca_port = settings[:ca_port]
19
19
  end
20
20
 
21
+ def worst_result(previous_result, current_result)
22
+ %i{success invalid not_found error}.each do |state|
23
+ if previous_result == state
24
+ return current_result
25
+ elsif current_result == state
26
+ return previous_result
27
+ else
28
+ next
29
+ end
30
+ end
31
+ end
32
+
21
33
  # Returns a URI-like wrapper around CA specific urls
22
34
  def make_ca_url(resource_type = nil, certname = nil)
23
35
  HttpClient::URL.new('https', @ca_server, @ca_port, 'puppet-ca', 'v1', resource_type, certname)
24
36
  end
25
37
 
26
38
  def sign_certs(certnames)
27
- put(certnames,
28
- resource_type: 'certificate_status',
29
- body: SIGN_BODY,
30
- type: :sign)
39
+ results = put(certnames,
40
+ resource_type: 'certificate_status',
41
+ body: SIGN_BODY,
42
+ type: :sign)
43
+
44
+ results.all? {|result| result == :success }
31
45
  end
32
46
 
33
47
  def revoke_certs(certnames)
34
- put(certnames,
35
- resource_type: 'certificate_status',
36
- body: REVOKE_BODY,
37
- type: :revoke)
48
+ results = put(certnames,
49
+ resource_type: 'certificate_status',
50
+ body: REVOKE_BODY,
51
+ type: :revoke)
52
+
53
+ results.reduce {|prev, curr| worst_result(prev, curr) }
38
54
  end
39
55
 
40
56
  def submit_certificate_request(certname, csr)
41
- put([certname],
42
- resource_type: 'certificate_request',
43
- body: csr.to_pem,
44
- headers: {'Content-Type' => 'text/plain'},
45
- type: :submit)
57
+ results = put([certname],
58
+ resource_type: 'certificate_request',
59
+ body: csr.to_pem,
60
+ headers: {'Content-Type' => 'text/plain'},
61
+ type: :submit)
62
+
63
+ results.all? {|result| result == :success }
46
64
  end
47
65
 
48
66
  # Make an HTTP PUT request to CA
@@ -60,8 +78,6 @@ module Puppetserver
60
78
  process_results(type, certname, result)
61
79
  end
62
80
  end
63
-
64
- results.all?
65
81
  end
66
82
 
67
83
  # logs the action and returns true/false for success
@@ -71,45 +87,49 @@ module Puppetserver
71
87
  case result.code
72
88
  when '204'
73
89
  @logger.inform "Successfully signed certificate request for #{certname}"
74
- return true
90
+ return :success
75
91
  when '404'
76
92
  @logger.err 'Error:'
77
93
  @logger.err " Could not find certificate request for #{certname}"
78
- return false
94
+ return :not_found
79
95
  else
80
96
  @logger.err 'Error:'
81
97
  @logger.err " When attempting to sign certificate request '#{certname}', received"
82
98
  @logger.err " code: #{result.code}"
83
99
  @logger.err " body: #{result.body.to_s}" if result.body
84
- return false
100
+ return :error
85
101
  end
86
102
  when :revoke
87
103
  case result.code
88
104
  when '200', '204'
89
105
  @logger.inform "Revoked certificate for #{certname}"
90
- return true
106
+ return :success
91
107
  when '404'
92
108
  @logger.err 'Error:'
93
109
  @logger.err " Could not find certificate for #{certname}"
94
- return false
110
+ return :not_found
111
+ when '409'
112
+ @logger.err 'Error:'
113
+ @logger.err " Could not revoke unsigned csr for #{certname}"
114
+ return :invalid
95
115
  else
96
116
  @logger.err 'Error:'
97
117
  @logger.err " When attempting to revoke certificate '#{certname}', received:"
98
118
  @logger.err " code: #{result.code}"
99
119
  @logger.err " body: #{result.body.to_s}" if result.body
100
- return false
120
+ return :error
101
121
  end
102
122
  when :submit
103
123
  case result.code
104
124
  when '200', '204'
105
125
  @logger.inform "Successfully submitted certificate request for #{certname}"
106
- return true
126
+ return :success
107
127
  else
108
128
  @logger.err 'Error:'
109
129
  @logger.err " When attempting to submit certificate request for '#{certname}', received:"
110
130
  @logger.err " code: #{result.code}"
111
131
  @logger.err " body: #{result.body.to_s}" if result.body
112
- return false
132
+ return :error
113
133
  end
114
134
  end
115
135
  end
@@ -132,11 +152,24 @@ module Puppetserver
132
152
  cleaned = check_clean(certname, clean_result)
133
153
  end
134
154
 
135
- cleaned == :success && [:success, :not_found].include?(revoked)
155
+ if revoked == :error || cleaned != :success
156
+ :error
157
+
158
+ # If we get passed the first conditional we know that
159
+ # cleaned must == :success and revoked must be one of
160
+ # :invalid, :not_found, or :success. We'll treat both
161
+ # :not_found and :success of revocation here as successes.
162
+ # However we'll treat invalid's specially.
163
+ elsif revoked == :invalid
164
+ :invalid
165
+
166
+ else
167
+ :success
168
+ end
136
169
  end
137
170
  end
138
171
 
139
- return results.all?
172
+ return results.reduce {|prev, curr| worst_result(prev, curr) }
140
173
  end
141
174
 
142
175
  # possibly logs the action, always returns a status symbol 👑
@@ -145,6 +178,8 @@ module Puppetserver
145
178
  when '200', '204'
146
179
  @logger.inform "Revoked certificate for #{certname}"
147
180
  return :success
181
+ when '409'
182
+ return :invalid
148
183
  when '404'
149
184
  return :not_found
150
185
  else
data/lib/puppetserver/ca/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Puppetserver
2
2
  module Ca
3
- VERSION = "0.7.0"
3
+ VERSION = "1.0.0"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puppetserver-ca
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Puppet, Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-09-12 00:00:00.000000000 Z
11
+ date: 2018-09-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: facter