Module: Puppet::Rest::Routes
- Defined in:
- lib/puppet/rest/routes.rb
Constant Summary collapse
- ACCEPT_ENCODING =
'gzip;q=1.0,deflate;q=0.6,identity;q=0.3'
Class Method Summary collapse
- .ca ⇒ Object
-
.get_certificate(name, ssl_context) ⇒ String
Make an HTTP request to fetch the named certificate.
-
.get_certificate_request(name, ssl_context) ⇒ String
Make an HTTP request to get the named CSR.
-
.get_crls(name, ssl_context) ⇒ String
Make an HTTP request to fetch the named crl.
-
.put_certificate_request(csr_pem, name, ssl_context) ⇒ Object
Make an HTTP request to send the named CSR.
Class Method Details
.ca ⇒ Object
12 13 14 15 16 17 |
# File 'lib/puppet/rest/routes.rb', line 12 def self.ca @ca ||= Route.new(api: '/puppet-ca/v1/', server_setting: :ca_server, port_setting: :ca_port, srv_service: :ca) end |
.get_certificate(name, ssl_context) ⇒ String
Make an HTTP request to fetch the named certificate
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'lib/puppet/rest/routes.rb', line 24 def self.get_certificate(name, ssl_context) ca.with_base_url(Puppet::Network::Resolver.new) do |url| header = { 'Accept' => 'text/plain', 'Accept-Encoding' => ACCEPT_ENCODING } url.path += "certificate/#{name}" use_ssl = url.is_a? URI::HTTPS # Deeper levels of the code assume that if we have any number of # certificate related files, we have all of the certificate related # files. This assumption caused us to download the certificate twice. # We have to hard code `verify_mode=false` so we don't attempt to # download the certificate so that we can download the certificate. # # This is related to PUP-9094. We won't have so many issues with this # once we are using the httpclient gem to handle this work. We were # unable to get this work completed in time for Puppet 6.0.0, so we had # to switch back to using Puppet::Network::HttpPool, which has # unfortunate limitations (i.e., an all or nothing approach to cert # verification). verify_mode = false client = Puppet::Network::HttpPool.http_instance(url.host, url.port, use_ssl, verify_mode) response = client.get(url.request_uri, header) unless response.code.to_i == 200 raise Puppet::Rest::ResponseError.new(response., response) end Puppet.info _("Downloaded certificate for %{name} from %{server}") % { name: name, server: ca.server } uncompress_body(response) end end |
.get_certificate_request(name, ssl_context) ⇒ String
Make an HTTP request to get the named CSR
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 |
# File 'lib/puppet/rest/routes.rb', line 130 def self.get_certificate_request(name, ssl_context) ca.with_base_url(Puppet::Network::Resolver.new) do |url| header = { 'Accept' => 'text/plain', 'Accept-Encoding' => ACCEPT_ENCODING } url.path += "certificate_request/#{name}" use_ssl = url.is_a? URI::HTTPS # See notes above as to why verify_mode is hardcoded to false verify_mode = false client = Puppet::Network::HttpPool.http_instance(url.host, url.port, use_ssl, verify_mode) response = client.get(url.request_uri, header) unless response.code.to_i == 200 raise Puppet::Rest::ResponseError.new(response., response) end Puppet.debug _("Downloaded existing certificate request for %{name} from %{server}") % { name: name, server: ca.server } uncompress_body(response) end end |
.get_crls(name, ssl_context) ⇒ String
Make an HTTP request to fetch the named crl
63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
# File 'lib/puppet/rest/routes.rb', line 63 def self.get_crls(name, ssl_context) ca.with_base_url(Puppet::Network::Resolver.new) do |url| header = { 'Accept' => 'text/plain', 'Accept-Encoding' => ACCEPT_ENCODING } url.path += "certificate_revocation_list/#{name}" use_ssl = url.is_a? URI::HTTPS # Deeper levels of the code assume that if we have any number of # certificate related files, we have all of the certificate related # files. Unfortunately, this causes us to get stuck in an infinite loop, # so we have to hard code `verify_mode=false` so we don't attempt to use # files that do not exist yet in order to download those files. # # This is related to PUP-9094. We won't have so many issues with this # once we are using the httpclient gem to handle this work. We were # unable to get this work completed in time for Puppet 6.0.0, so we had # to switch back to using Puppet::Network::HttpPool, which has # unfortunate limitations (i.e., an all or nothing approach to cert # verification). verify_mode = false client = Puppet::Network::HttpPool.http_instance(url.host, url.port, use_ssl, verify_mode) response = client.get(url.request_uri, header) unless response.code.to_i == 200 raise Puppet::Rest::ResponseError.new(response., response) end Puppet.debug _("Downloaded certificate revocation list for %{name} from %{server}") % { name: name, server: ca.server } uncompress_body(response) end end |
.put_certificate_request(csr_pem, name, ssl_context) ⇒ Object
Make an HTTP request to send the named CSR
102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 |
# File 'lib/puppet/rest/routes.rb', line 102 def self.put_certificate_request(csr_pem, name, ssl_context) ca.with_base_url(Puppet::Network::Resolver.new) do |url| header = { 'Accept' => 'text/plain', 'Accept-Encoding' => ACCEPT_ENCODING, 'Content-Type' => 'text/plain' } url.path += "certificate_request/#{name}" use_ssl = url.is_a? URI::HTTPS # See notes above as to why verify_mode is hardcoded to false verify_mode = false client = Puppet::Network::HttpPool.http_instance(url.host, url.port, use_ssl, verify_mode) response = client.put(url.request_uri, csr_pem, header) if response.code.to_i == 200 Puppet.debug "Submitted certificate request to server." else raise Puppet::Rest::ResponseError.new(response., response) end end end |