Class: Puppet::SSL::Inventory

Inherits:

Object

• Object
• Puppet::SSL::Inventory

Defined in:

lib/vendor/puppet/ssl/inventory.rb

Overview

Keep track of all of our known certificates.

Instance Attribute Summary

• #path ⇒ Object readonly

  Returns the value of attribute path.

Instance Method Summary

• #add(cert) ⇒ Object

  Add a certificate to our inventory.

• #format(cert) ⇒ Object

  Format our certificate for output.

• #initialize ⇒ Inventory constructor

  A new instance of Inventory.

• #rebuild ⇒ Object

  Rebuild the inventory from scratch.

• #serial(name) ⇒ Object

  Find the serial number for a given certificate.

Constructor Details

#initialize ⇒ Inventory

Returns a new instance of Inventory.

# File 'lib/vendor/puppet/ssl/inventory.rb', line 26

def initialize
  @path = Puppet[:cert_inventory]
end

Instance Attribute Details

#path ⇒ Object (readonly)

Returns the value of attribute path.

# File 'lib/vendor/puppet/ssl/inventory.rb', line 6

def path
  @path
end

Instance Method Details

#add(cert) ⇒ Object

Add a certificate to our inventory.

# File 'lib/vendor/puppet/ssl/inventory.rb', line 9

def add(cert)
  cert = cert.content if cert.is_a?(Puppet::SSL::Certificate)

  # Create our file, if one does not already exist.
  rebuild unless FileTest.exist?(@path)

  Puppet.settings.write(:cert_inventory, "a") do |f|
    f.print format(cert)
  end
end

#format(cert) ⇒ Object

Format our certificate for output.

# File 'lib/vendor/puppet/ssl/inventory.rb', line 21

def format(cert)
  iso = '%Y-%m-%dT%H:%M:%S%Z'
  "0x%04x %s %s %s\n" % [cert.serial,  cert.not_before.strftime(iso), cert.not_after.strftime(iso), cert.subject]
end

#rebuild ⇒ Object

Rebuild the inventory from scratch. This should happen if the file is entirely missing or if it’s somehow corrupted.

# File 'lib/vendor/puppet/ssl/inventory.rb', line 32

def rebuild
  Puppet.notice "Rebuilding inventory file"

  Puppet.settings.write(:cert_inventory) do |f|
    f.print "# Inventory of signed certificates\n# SERIAL NOT_BEFORE NOT_AFTER SUBJECT\n"
  end

  Puppet::SSL::Certificate.indirection.search("*").each { |cert| add(cert) }
end

#serial(name) ⇒ Object

Find the serial number for a given certificate.

# File 'lib/vendor/puppet/ssl/inventory.rb', line 43

def serial(name)
  return nil unless FileTest.exist?(@path)

  File.readlines(@path).each do |line|
    next unless line =~ /^(\S+).+\/CN=#{name}$/

    return Integer($1)
  end

  return nil
end