puppetserver-ca 0.7.0 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4aae686f8f63d4fb8c675758fd9c910f8608187a
|
4
|
+
data.tar.gz: 36404974656f555dbd6253aaa6a5792b9b3b0069
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4f43caf76164963786227c950886504fa2d3c7ffa583228cbe82256bca53c8a6867ba7c7cb3278bc604e3730f79dcb934146a22bd209642aa1a347fb5ea86811
|
7
|
+
data.tar.gz: 98b4178cadbc8ec770585a97b5ce9d44a770956d5d85b839cc5553962a1377998853b93a67378519577a13f032cf1ac6bd954641dab013fbeedd480b9e369944
|
@@ -87,9 +87,15 @@ BANNER
|
|
87
87
|
puppet = Config::Puppet.parse(config)
|
88
88
|
return 1 if CliParsing.handle_errors(@logger, puppet.errors)
|
89
89
|
|
90
|
-
|
91
|
-
|
92
|
-
|
90
|
+
result = clean_certs(certnames, puppet.settings)
|
91
|
+
case result
|
92
|
+
when :success
|
93
|
+
return 0
|
94
|
+
when :invalid
|
95
|
+
return 24
|
96
|
+
when :not_found, :error
|
97
|
+
return 1
|
98
|
+
end
|
93
99
|
end
|
94
100
|
|
95
101
|
def clean_certs(certnames, settings)
|
@@ -86,9 +86,16 @@ BANNER
|
|
86
86
|
puppet = Config::Puppet.parse(config)
|
87
87
|
return 1 if CliParsing.handle_errors(@logger, puppet.errors)
|
88
88
|
|
89
|
-
|
90
|
-
|
91
|
-
|
89
|
+
result = revoke_certs(certnames, puppet.settings)
|
90
|
+
|
91
|
+
case result
|
92
|
+
when :success
|
93
|
+
return 0
|
94
|
+
when :invalid
|
95
|
+
return 24
|
96
|
+
when :not_found, :error
|
97
|
+
return 1
|
98
|
+
end
|
92
99
|
end
|
93
100
|
|
94
101
|
def revoke_certs(certnames, settings)
|
@@ -18,31 +18,49 @@ module Puppetserver
|
|
18
18
|
@ca_port = settings[:ca_port]
|
19
19
|
end
|
20
20
|
|
21
|
+
def worst_result(previous_result, current_result)
|
22
|
+
%i{success invalid not_found error}.each do |state|
|
23
|
+
if previous_result == state
|
24
|
+
return current_result
|
25
|
+
elsif current_result == state
|
26
|
+
return previous_result
|
27
|
+
else
|
28
|
+
next
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
21
33
|
# Returns a URI-like wrapper around CA specific urls
|
22
34
|
def make_ca_url(resource_type = nil, certname = nil)
|
23
35
|
HttpClient::URL.new('https', @ca_server, @ca_port, 'puppet-ca', 'v1', resource_type, certname)
|
24
36
|
end
|
25
37
|
|
26
38
|
def sign_certs(certnames)
|
27
|
-
put(certnames,
|
28
|
-
|
29
|
-
|
30
|
-
|
39
|
+
results = put(certnames,
|
40
|
+
resource_type: 'certificate_status',
|
41
|
+
body: SIGN_BODY,
|
42
|
+
type: :sign)
|
43
|
+
|
44
|
+
results.all? {|result| result == :success }
|
31
45
|
end
|
32
46
|
|
33
47
|
def revoke_certs(certnames)
|
34
|
-
put(certnames,
|
35
|
-
|
36
|
-
|
37
|
-
|
48
|
+
results = put(certnames,
|
49
|
+
resource_type: 'certificate_status',
|
50
|
+
body: REVOKE_BODY,
|
51
|
+
type: :revoke)
|
52
|
+
|
53
|
+
results.reduce {|prev, curr| worst_result(prev, curr) }
|
38
54
|
end
|
39
55
|
|
40
56
|
def submit_certificate_request(certname, csr)
|
41
|
-
put([certname],
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
57
|
+
results = put([certname],
|
58
|
+
resource_type: 'certificate_request',
|
59
|
+
body: csr.to_pem,
|
60
|
+
headers: {'Content-Type' => 'text/plain'},
|
61
|
+
type: :submit)
|
62
|
+
|
63
|
+
results.all? {|result| result == :success }
|
46
64
|
end
|
47
65
|
|
48
66
|
# Make an HTTP PUT request to CA
|
@@ -60,8 +78,6 @@ module Puppetserver
|
|
60
78
|
process_results(type, certname, result)
|
61
79
|
end
|
62
80
|
end
|
63
|
-
|
64
|
-
results.all?
|
65
81
|
end
|
66
82
|
|
67
83
|
# logs the action and returns true/false for success
|
@@ -71,45 +87,49 @@ module Puppetserver
|
|
71
87
|
case result.code
|
72
88
|
when '204'
|
73
89
|
@logger.inform "Successfully signed certificate request for #{certname}"
|
74
|
-
return
|
90
|
+
return :success
|
75
91
|
when '404'
|
76
92
|
@logger.err 'Error:'
|
77
93
|
@logger.err " Could not find certificate request for #{certname}"
|
78
|
-
return
|
94
|
+
return :not_found
|
79
95
|
else
|
80
96
|
@logger.err 'Error:'
|
81
97
|
@logger.err " When attempting to sign certificate request '#{certname}', received"
|
82
98
|
@logger.err " code: #{result.code}"
|
83
99
|
@logger.err " body: #{result.body.to_s}" if result.body
|
84
|
-
return
|
100
|
+
return :error
|
85
101
|
end
|
86
102
|
when :revoke
|
87
103
|
case result.code
|
88
104
|
when '200', '204'
|
89
105
|
@logger.inform "Revoked certificate for #{certname}"
|
90
|
-
return
|
106
|
+
return :success
|
91
107
|
when '404'
|
92
108
|
@logger.err 'Error:'
|
93
109
|
@logger.err " Could not find certificate for #{certname}"
|
94
|
-
return
|
110
|
+
return :not_found
|
111
|
+
when '409'
|
112
|
+
@logger.err 'Error:'
|
113
|
+
@logger.err " Could not revoke unsigned csr for #{certname}"
|
114
|
+
return :invalid
|
95
115
|
else
|
96
116
|
@logger.err 'Error:'
|
97
117
|
@logger.err " When attempting to revoke certificate '#{certname}', received:"
|
98
118
|
@logger.err " code: #{result.code}"
|
99
119
|
@logger.err " body: #{result.body.to_s}" if result.body
|
100
|
-
return
|
120
|
+
return :error
|
101
121
|
end
|
102
122
|
when :submit
|
103
123
|
case result.code
|
104
124
|
when '200', '204'
|
105
125
|
@logger.inform "Successfully submitted certificate request for #{certname}"
|
106
|
-
return
|
126
|
+
return :success
|
107
127
|
else
|
108
128
|
@logger.err 'Error:'
|
109
129
|
@logger.err " When attempting to submit certificate request for '#{certname}', received:"
|
110
130
|
@logger.err " code: #{result.code}"
|
111
131
|
@logger.err " body: #{result.body.to_s}" if result.body
|
112
|
-
return
|
132
|
+
return :error
|
113
133
|
end
|
114
134
|
end
|
115
135
|
end
|
@@ -132,11 +152,24 @@ module Puppetserver
|
|
132
152
|
cleaned = check_clean(certname, clean_result)
|
133
153
|
end
|
134
154
|
|
135
|
-
|
155
|
+
if revoked == :error || cleaned != :success
|
156
|
+
:error
|
157
|
+
|
158
|
+
# If we get passed the first conditional we know that
|
159
|
+
# cleaned must == :success and revoked must be one of
|
160
|
+
# :invalid, :not_found, or :success. We'll treat both
|
161
|
+
# :not_found and :success of revocation here as successes.
|
162
|
+
# However we'll treat invalid's specially.
|
163
|
+
elsif revoked == :invalid
|
164
|
+
:invalid
|
165
|
+
|
166
|
+
else
|
167
|
+
:success
|
168
|
+
end
|
136
169
|
end
|
137
170
|
end
|
138
171
|
|
139
|
-
return results.
|
172
|
+
return results.reduce {|prev, curr| worst_result(prev, curr) }
|
140
173
|
end
|
141
174
|
|
142
175
|
# possibly logs the action, always returns a status symbol 👑
|
@@ -145,6 +178,8 @@ module Puppetserver
|
|
145
178
|
when '200', '204'
|
146
179
|
@logger.inform "Revoked certificate for #{certname}"
|
147
180
|
return :success
|
181
|
+
when '409'
|
182
|
+
return :invalid
|
148
183
|
when '404'
|
149
184
|
return :not_found
|
150
185
|
else
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppetserver-ca
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Puppet, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-09-
|
11
|
+
date: 2018-09-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: facter
|