puppetserver-ca 2.1.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 497bfffece8f53a956a7b1e668e9e822cd96e1e14ee9491c8e7cc88d9344a373
-  data.tar.gz: a77a2b34ef63e9952daf7b67f90ba895427584e02e859739a93092246775a5a6
+  metadata.gz: 92fe6ca44899e2b5aeec75304212ff99b5e4530cbed2e0b451ad2dd77e2bf09a
+  data.tar.gz: c46bc437a85f0a52fde2d3b2b51bda909ad179c1997056810b397d4b27ae4867
 SHA512:
-  metadata.gz: 175e6787a090312bca7d48f042fba739e35b0eb41bde6059408ad1490788049906b5ccfa1c4408c1c391491c7ea73a98ba31b34062ec61eeb101aad20aaf749e
-  data.tar.gz: 1fd6b2216952dca8053b03d5f2b09db65e6b4b3529a6c025ebb86331901f56aa3f1a25bb2c7cda3bbd7da3592ecd691a1e3b169b6e2166b57802b48adb0c6101
+  metadata.gz: 5c7ff17130d558382fa05f5f5bcb537ce9f2bc63a13078d1014783f636fcf0b0c02e604a0d4bf5694a486f67a56dec653430cea0c31eb911b7c15c9ea4e7f59d
+  data.tar.gz: 3ad80f74f02aac6a0dab1601cf54aad14756e0b1c0e2e0a30075d1eeafedff03b4546bc7c0cb7bc6dc6197b71abdb9f74816cd4596050b39e6c0f47ca47baf45

data/README.md

@@ -55,6 +55,11 @@ To create a new keypair and certificate for a certname:
 puppetserver ca generate --certname foo.example.com
 ```
 
+To enable verbose mode:
+```
+puppetserver ca --verbose <action>
+```
+
 For more details, see the help output:
 ```
 puppetserver ca --help
@@ -68,7 +73,7 @@ for more details.
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then,
-run `rake spec` to run the tests. You can also run `bin/console` for an
+run `bundle exec rake spec` to run the tests. You can also run `bin/console` for an
 interactive prompt that will allow you to experiment.
 
 To install this gem onto your local machine, run `bundle exec rake install`.
@@ -92,8 +97,7 @@ To test your changes on a VM:
 1. To confirm that installation was successful, run `puppetserver ca --help`
 
 ### Releasing
-To release a new version, run the [release pipeline](https://jenkins-master-prod-1.delivery.puppetlabs.net/job/platform_puppetserver-ca_init-multijob_main/), which will bump the version, tag, build, and release the gem.
-
+To release a new version, run the [release pipeline](https://jenkins-platform.delivery.puppetlabs.net/job/platform_puppetserver-ca_init-multijob_main/), which will bump the version, tag, build, and release the gem.
 
 ## Contributing & Support
 

data/lib/puppetserver/ca/action/list.rb

@@ -30,6 +30,7 @@ Options:
       BANNER
 
         BODY = JSON.dump({desired_state: 'signed'})
+        VALID_FORMAT = ['text', 'json']
 
         def initialize(logger)
           @logger = logger
@@ -47,6 +48,9 @@ Options:
             opts.on('--all', 'List all certificates') do |a|
               parsed['all'] = true
             end
+            opts.on('--format FORMAT', "Valid formats are: 'text' (default), 'json'") do |f|
+              parsed['format'] = f
+            end
             opts.on('--certname NAME[,NAME]', Array, 'List the specified cert(s)') do |cert|
               parsed['certname'] = cert
             end
@@ -57,9 +61,15 @@ Options:
           config = input['config']
           certnames = input['certname'] || []
           all = input['all']
+          output_format = input['format'] || "text"
+
+          unless VALID_FORMAT.include?(output_format)
+            Errors.handle_with_usage(@logger, ["Unknown format flag '#{output_format}'. Valid formats are '#{VALID_FORMAT.join("', '")}'."])
+            return 1
+          end
 
           if all && certnames.any?
-            Errors.handle_with_usage(@logger, ['Cannot combine use of --all and --certname'])
+            Errors.handle_with_usage(@logger, ['Cannot combine use of --all and --certname.'])
             return 1
           end
 
@@ -71,24 +81,60 @@ Options:
           puppet = Config::Puppet.parse(config, @logger)
           return 1 if Errors.handle_with_usage(@logger, puppet.errors)
 
-          filter_names = certnames.any? \
-            ? lambda { |x| certnames.include?(x['name']) }
-            : lambda { |x| true }
+          if certnames.any?
+            filter_names = lambda { |x| certnames.include?(x['name']) }
+          else
+            filter_names = lambda { |x| true }
+          end
 
           all_certs = get_all_certs(puppet.settings).select { |cert| filter_names.call(cert) }
           requested, signed, revoked = separate_certs(all_certs)
           missing = certnames - all_certs.map { |cert| cert['name'] }
 
-          (all || certnames.any?) \
-            ? output_certs_by_state(requested, signed, revoked, missing)
-            : output_certs_by_state(requested)
+          if (all || certnames.any?)
+            output_certs_by_state(all, output_format, requested, signed, revoked, missing)
+          else
+            output_certs_by_state(all, output_format, requested)
+          end
+
+          return missing.any? ? 1 : 0
+        end
 
-          return missing.any? \
-            ? 1
-            : 0
+        def output_certs_by_state(all, output_format, requested, signed = [], revoked = [], missing = [])
+          if output_format == 'json'
+            output_certs_json_format(all, requested, signed, revoked, missing)
+          else
+            output_certs_text_format(requested, signed, revoked, missing)
+          end
         end
 
-        def output_certs_by_state(requested, signed = [], revoked = [], missing = [])
+        def output_certs_json_format(all, requested, signed, revoked, missing)
+          grouped_cert = {}
+
+          if all
+            grouped_cert = { "requested" => requested,
+                             "signed" => signed,
+                             "revoked" => revoked }.to_json
+            @logger.inform(grouped_cert)
+          else
+            grouped_cert["requested"] = requested unless requested.empty?
+            grouped_cert["signed"] = signed unless signed.empty?
+            grouped_cert["revoked"] = revoked unless revoked.empty?
+            grouped_cert["missing"] = missing unless missing.empty?
+
+            # If neither the '--all' flag or the '--certname' flag was passed in
+            # and the requested cert array is empty, we output a JSON object
+            # with an empty 'requested' key. Otherwise, we display
+            # any of the classes that are currently in grouped_cert
+            if grouped_cert.empty?
+              @logger.inform({ "requested" => requested }.to_json)
+            else
+              @logger.inform(grouped_cert.to_json)
+            end
+          end
+        end
+
+        def output_certs_text_format(requested, signed, revoked, missing)
           if revoked.empty? && signed.empty? && requested.empty? && missing.empty?
             @logger.inform "No certificates to list"
             return
@@ -165,7 +211,12 @@ Options:
 
         def get_all_certs(settings)
           result = Puppetserver::Ca::CertificateAuthority.new(@logger, settings).get_certificate_statuses
-          result ? JSON.parse(result.body) : []
+
+          if result
+            return JSON.parse(result.body)
+          else
+            return []
+          end
         end
 
         def parse(args)
@@ -176,8 +227,11 @@ Options:
 
           errors_were_handled = Errors.handle_with_usage(@logger, errors, parser.help)
 
-          exit_code = errors_were_handled ? 1 : nil
-
+          if errors_were_handled
+            exit_code = 1
+          else
+            exit_code = nil
+          end
           return results, exit_code
         end
       end

data/lib/puppetserver/ca/certificate_authority.rb

@@ -23,7 +23,7 @@ module Puppetserver
 
       def initialize(logger, settings)
         @logger = logger
-        @client = HttpClient.new(settings)
+        @client = HttpClient.new(@logger, settings)
         @ca_server = settings[:ca_server]
         @ca_port = settings[:ca_port]
       end

data/lib/puppetserver/ca/cli.rb

@@ -64,8 +64,10 @@ BANNER
 
 
       def self.run(cli_args = ARGV, out = STDOUT, err = STDERR)
-        logger = Puppetserver::Ca::Logger.new(:info, out, err)
         parser, general_options, unparsed = parse_general_inputs(cli_args)
+        level = general_options.delete('verbose') ? :debug : :info
+
+        logger = Puppetserver::Ca::Logger.new(level, out, err)
 
         if general_options['version']
           logger.inform Puppetserver::Ca::VERSION
@@ -121,6 +123,9 @@ BANNER
           opts.on('--version', 'Display the version') do |v|
             parsed['version'] = true
           end
+          opts.on('--verbose', 'Display low-level information') do |verbose|
+            parsed['verbose'] = true
+          end
 
           opts.separator ACTION_OPTIONS
           opts.separator "\nSee `puppetserver ca <action> --help` for detailed info"

data/lib/puppetserver/ca/logger.rb

@@ -13,6 +13,10 @@ module Puppetserver
         @err = err
       end
 
+      def level
+        @level
+      end
+
       def debug(text)
         if @level >= LEVELS[:debug]
           @out.puts(text)

data/lib/puppetserver/ca/utils/http_client.rb

@@ -19,7 +19,8 @@ module Puppetserver
 
         # Not all connections require a client cert to be present.
         # For example, when querying the status endpoint.
-        def initialize(settings, with_client_cert: true)
+        def initialize(logger, settings, with_client_cert: true)
+          @logger = logger
           @store = make_store(settings[:localcacert],
                               settings[:certificate_revocation],
                               settings[:hostcrl])
@@ -50,7 +51,7 @@ module Puppetserver
         # The Connection object should have HTTP verbs defined on it that take
         # a body (and optional overrides). Returns whatever the block given returned.
         def with_connection(url, &block)
-          request = ->(conn) { block.call(Connection.new(conn, url)) }
+          request = ->(conn) { block.call(Connection.new(conn, url, @logger)) }
 
           begin
             Net::HTTP.start(url.host, url.port,
@@ -85,29 +86,35 @@ module Puppetserver
         # and defines methods named after HTTP verbs that are called on the
         # saved connection, returning a Result.
         class Connection
-          def initialize(net_http_connection, url_struct)
+          def initialize(net_http_connection, url_struct, logger)
             @conn = net_http_connection
             @url = url_struct
+            @logger = logger
           end
 
           def get(url_overide = nil, headers = {})
             url = url_overide || @url
             headers = DEFAULT_HEADERS.merge(headers)
 
+            @logger.debug("Making a GET request at #{url.full_url}")
+
             request = Net::HTTP::Get.new(url.to_uri, headers)
             result = @conn.request(request)
-
             Result.new(result.code, result.body)
+
           end
 
           def put(body, url_override = nil, headers = {})
             url = url_override || @url
             headers = DEFAULT_HEADERS.merge(headers)
 
+            @logger.debug("Making a PUT request at #{url.full_url}")
+
             request = Net::HTTP::Put.new(url.to_uri, headers)
             request.body = body
             result = @conn.request(request)
 
+
             Result.new(result.code, result.body)
           end
 
@@ -115,6 +122,8 @@ module Puppetserver
             url = url_override || @url
             headers = DEFAULT_HEADERS.merge(headers)
 
+            @logger.debug("Making a DELETE request at #{url.full_url}")
+
             result = @conn.request(Net::HTTP::Delete.new(url.to_uri, headers))
 
             Result.new(result.code, result.body)
@@ -171,7 +180,7 @@ module Puppetserver
             # we commonly won't have one, don't require one for creating the connection.
             # Additionally, we want to ensure the server is stopped before migrating the CA dir to
             # avoid issues with writing to the CA dir and moving it.
-            self.new(settings, with_client_cert: false).with_connection(status_url) do |conn|
+            self.new(logger, settings, with_client_cert: false).with_connection(status_url) do |conn|
               result = conn.get
               if result.body == "running"
                 logger.err "Puppetserver service is running. Please stop it before attempting to run this command."

data/lib/puppetserver/ca/version.rb

@@ -1,5 +1,5 @@
 module Puppetserver
   module Ca
-    VERSION = "2.1.0"
+    VERSION = "2.2.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppetserver-ca
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Puppet, Inc.
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-04-21 00:00:00.000000000 Z
+date: 2021-07-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter