Class: Puppet::HTTP::Service::Ca Private

Inherits:

Puppet::HTTP::Service

• Object
• Puppet::HTTP::Service
• Puppet::HTTP::Service::Ca

Defined in:

lib/puppet/http/service/ca.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

The Ca service is used to handle certificate requests

Constant Summary

HEADERS =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Returns default headers for the ca service.

Returns:

• (Hash) —

  default headers for the ca service

{ 'Accept' => 'text/plain' }.freeze

API =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Returns default API for the ca service.

Returns:

• (String) —

  default API for the ca service

'/puppet-ca/v1'.freeze

Constants inherited from Puppet::HTTP::Service

EXCLUDED_FORMATS, SERVICE_NAMES

Instance Attribute Summary

Attributes inherited from Puppet::HTTP::Service

#url

Instance Method Summary

• #get_certificate(name, ssl_context: nil) ⇒ Array<Puppet::HTTP::Response, String> private

  Submit a GET request to retrieve the named certificate from the server.

• #get_certificate_revocation_list(if_modified_since: nil, ssl_context: nil) ⇒ Array<Puppet::HTTP::Response, String> private

  Submit a GET request to retrieve the certificate revocation list from the server.

• #initialize(client, session, server, port) ⇒ Ca constructor private

  A new instance of Ca.

• #put_certificate_request(name, csr, ssl_context: nil) ⇒ Puppet::HTTP::Response private

  Submit a PUT request to send a certificate request to the server.

Methods inherited from Puppet::HTTP::Service

#connect, create_service, valid_name?, #with_base_url

Constructor Details

#initialize(client, session, server, port) ⇒ Ca

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a new instance of Ca.

Parameters:

• client (Puppet::HTTP::Client)
• session (Puppet::HTTP::Session)
• server (String) —

  (Puppet) If an explicit server is given, create a service using that server. If server is nil, the default value is used to create the service.

• port (Integer) —

  (Puppet) If an explicit port is given, create a service using that port. If port is nil, the default value is used to create the service.

# File 'lib/puppet/http/service/ca.rb', line 27

def initialize(client, session, server, port)
  url = build_url(API, server || Puppet[:ca_server], port || Puppet[:ca_port])
  super(client, session, url)
end

Instance Method Details

#get_certificate(name, ssl_context: nil) ⇒ Array<Puppet::HTTP::Response, String>

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Submit a GET request to retrieve the named certificate from the server

Parameters:

• name (String) —

  name of the certificate to request

• ssl_context (Puppet::SSL::SSLContext) (defaults to: nil)

Returns:

• (Array<Puppet::HTTP::Response, String>) —

  An array containing the request response and the stringified body of the request response

# File 'lib/puppet/http/service/ca.rb', line 43

def get_certificate(name, ssl_context: nil)
  response = @client.get(
    with_base_url("/certificate/#{name}"),
    headers: add_puppet_headers(HEADERS),
    options: {ssl_context: ssl_context}
  )

  process_response(response)

  [response, response.body.to_s]
end

#get_certificate_revocation_list(if_modified_since: nil, ssl_context: nil) ⇒ Array<Puppet::HTTP::Response, String>

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Submit a GET request to retrieve the certificate revocation list from the

server

Parameters:

• if_modified_since (Time) (defaults to: nil) —

  If not nil, only download the CRL if it has been modified since the specified time.

• ssl_context (Puppet::SSL::SSLContext) (defaults to: nil)

Returns:

• (Array<Puppet::HTTP::Response, String>) —

  An array containing the request response and the stringified body of the request response

# File 'lib/puppet/http/service/ca.rb', line 68

def get_certificate_revocation_list(if_modified_since: nil, ssl_context: nil)
  headers = add_puppet_headers(HEADERS)
  headers['If-Modified-Since'] = if_modified_since.httpdate if if_modified_since

  response = @client.get(
    with_base_url("/certificate_revocation_list/ca"),
    headers: headers,
    options: {ssl_context: ssl_context}
  )

  process_response(response)

  [response, response.body.to_s]
end

#put_certificate_request(name, csr, ssl_context: nil) ⇒ Puppet::HTTP::Response

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Submit a PUT request to send a certificate request to the server

Parameters:

• name (String) —

  The name of the certificate request being sent

• csr (OpenSSL::X509::Request) —

  Certificate request to send to the server

• ssl_context (Puppet::SSL::SSLContext) (defaults to: nil)

Returns:

• (Puppet::HTTP::Response) —

  The request response

# File 'lib/puppet/http/service/ca.rb', line 95

def put_certificate_request(name, csr, ssl_context: nil)
  headers = add_puppet_headers(HEADERS)
  headers['Content-Type'] = 'text/plain'

  response = @client.put(
    with_base_url("/certificate_request/#{name}"),
    csr.to_pem,
    headers: headers,
    options: {
      ssl_context: ssl_context
    }
  )

  process_response(response)

  response
end