Class: Puppetserver::Ca::Action::Revoke

Inherits:
Object
  • Object
show all
Includes:
Utils
Defined in:
lib/puppetserver/ca/action/revoke.rb

Constant Summary collapse

CERTNAME_BLACKLIST = 
%w{--all --config}
SUMMARY = 
'Revoke certificate(s)'
<<-BANNER
Usage:
  puppetserver ca revoke [--help]
  puppetserver ca revoke [--config] --certname NAME[,NAME]

Description:
  Given one or more valid certnames, instructs the CA to revoke them over
  HTTPS using the local agent's PKI

Options:
BANNER

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(logger) ⇒ Revoke

Returns a new instance of Revoke.



47
48
49
 
# File 'lib/puppetserver/ca/action/revoke.rb', line 47

def initialize(logger)
  @logger = logger
end

Class Method Details

.parser(parsed = {}) ⇒ Object 



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/puppetserver/ca/action/revoke.rb', line 30

def self.parser(parsed = {})
  parsed['certnames'] = []
  OptionParser.new do |o|
    o.banner = BANNER
    o.on('--certname NAME[,NAME]', Array,
         'One or more comma separated certnames') do |certs|
      parsed['certnames'] += certs
    end
    o.on('--config CONF', 'Custom path to puppet.conf') do |conf|
      parsed['config'] = conf
    end
    o.on('--help', 'Displays this revoke specific help output') do |help|
      parsed['help'] = true
    end
  end
end

Instance Method Details

#parse(args) ⇒ Object 



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'lib/puppetserver/ca/action/revoke.rb', line 51

def parse(args)
  results = {}
  parser = self.class.parser(results)

  errors = CliParsing.parse_with_errors(parser, args)

  results['certnames'].each do |certname|
    if CERTNAME_BLACKLIST.include?(certname)
      errors << "    Cannot manage cert named `#{certname}` from " +
                "the CLI, if needed use the HTTP API directly"
    end
  end

  if results['certnames'].empty?
    errors << '  At least one certname is required to revoke'
  end

  errors_were_handled = Errors.handle_with_usage(@logger, errors, parser.help)

  # if there is an exit_code then Cli will return it early, so we only
  # return an exit_code if there's an error
  exit_code = errors_were_handled ? 1 : nil

  return results, exit_code
end

#revoke_certs(certnames, settings) ⇒ Object 



101
102
103
104
 
# File 'lib/puppetserver/ca/action/revoke.rb', line 101

def revoke_certs(certnames, settings)
  ca = Puppetserver::Ca::CertificateAuthority.new(@logger, settings)
  ca.revoke_certs(certnames)
end

#run(args) ⇒ Object 



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
 
# File 'lib/puppetserver/ca/action/revoke.rb', line 77

def run(args)
  certnames = args['certnames']
  config = args['config']

  if config
    errors = FileSystem.validate_file_paths(config)
    return 1 if Errors.handle_with_usage(@logger, errors)
  end

  puppet = Config::Puppet.parse(config)
  return 1 if Errors.handle_with_usage(@logger, puppet.errors)

  result =  revoke_certs(certnames, puppet.settings)

  case result
  when :success
    return 0
  when :invalid
    return 24
  when :not_found, :error
    return 1
  end
end