Class: Puppet::HTTP::Service::Ca

Inherits:
Puppet::HTTP::Service show all
Defined in:
lib/puppet/http/service/ca.rb

Overview

The CA service is used to handle certificate related REST requests.

Constant Summary collapse

HEADERS =

Returns default headers for the ca service.

Returns:

  • (Hash)

    default headers for the ca service

{ 'Accept' => 'text/plain' }.freeze
API =

Returns default API for the ca service.

Returns:

  • (String)

    default API for the ca service

'/puppet-ca/v1'

Constants inherited from Puppet::HTTP::Service

EXCLUDED_FORMATS, SERVICE_NAMES

Instance Attribute Summary

Attributes inherited from Puppet::HTTP::Service

#url

Instance Method Summary collapse

Methods inherited from Puppet::HTTP::Service

#connect, create_service, valid_name?, #with_base_url

Constructor Details

#initialize(client, session, server, port) ⇒ Ca

Use ‘Puppet::HTTP::Session.route_to(:ca)` to create or get an instance of this class.

Parameters:

  • client (Puppet::HTTP::Client)
  • session (Puppet::HTTP::Session)
  • server (String)

    (‘Puppet`) If an explicit server is given, create a service using that server. If server is nil, the default value is used to create the service.

  • port (Integer)

    (‘Puppet`) If an explicit port is given, create a service using that port. If port is nil, the default value is used to create the service.



23
24
25
26
 
# File 'lib/puppet/http/service/ca.rb', line 23

def initialize(client, session, server, port)
  url = build_url(API, server || Puppet[:ca_server], port || Puppet[:ca_port])
  super(client, session, url)
end

Instance Method Details

#get_certificate(name, if_modified_since: nil, ssl_context: nil) ⇒ Array<Puppet::HTTP::Response, String>

Submit a GET request to retrieve the named certificate from the server.

Parameters:

  • name (String)

    name of the certificate to request

  • if_modified_since (Time) (defaults to: nil)

    If not nil, only download the cert if it has been modified since the specified time.

  • ssl_context (Puppet::SSL::SSLContext) (defaults to: nil)

Returns:

  • (Array<Puppet::HTTP::Response, String>)

    An array containing the request response and the stringified body of the request response



39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/puppet/http/service/ca.rb', line 39

def get_certificate(name, if_modified_since: nil, ssl_context: nil)
  headers = add_puppet_headers(HEADERS)
  headers['If-Modified-Since'] = if_modified_since.httpdate if if_modified_since

  response = @client.get(
    with_base_url("/certificate/#{name}"),
    headers: headers,
    options: {ssl_context: ssl_context}
  )

  process_response(response)

  [response, response.body.to_s]
end

#get_certificate_revocation_list(if_modified_since: nil, ssl_context: nil) ⇒ Array<Puppet::HTTP::Response, String>

Submit a GET request to retrieve the certificate revocation list from the

server.

Parameters:

  • if_modified_since (Time) (defaults to: nil)

    If not nil, only download the CRL if it has been modified since the specified time.

  • ssl_context (Puppet::SSL::SSLContext) (defaults to: nil)

Returns:

  • (Array<Puppet::HTTP::Response, String>)

    An array containing the request response and the stringified body of the request response



65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/puppet/http/service/ca.rb', line 65

def get_certificate_revocation_list(if_modified_since: nil, ssl_context: nil)
  headers = add_puppet_headers(HEADERS)
  headers['If-Modified-Since'] = if_modified_since.httpdate if if_modified_since

  response = @client.get(
    with_base_url("/certificate_revocation_list/ca"),
    headers: headers,
    options: {ssl_context: ssl_context}
  )

  process_response(response)

  [response, response.body.to_s]
end

#post_certificate_renewal(ssl_context) ⇒ Array<Puppet::HTTP::Response, String>

Submit a POST request to send a certificate renewal request to the server

Parameters:

Returns:

Raises:

  • (ArgumentError) 


115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
 
# File 'lib/puppet/http/service/ca.rb', line 115

def post_certificate_renewal(ssl_context)
  headers = add_puppet_headers(HEADERS)
  headers['Content-Type'] = 'text/plain'

  response = @client.post(
    with_base_url('/certificate_renewal'),
    '', # Puppet::HTTP::Client.post requires a body, the API endpoint does not
    headers: headers,
    options: {ssl_context: ssl_context}
  )

  raise ArgumentError.new(_('SSL context must contain a client certificate.')) unless ssl_context.client_cert

  process_response(response)

  [response, response.body.to_s]
end

#put_certificate_request(name, csr, ssl_context: nil) ⇒ Puppet::HTTP::Response

Submit a PUT request to send a certificate request to the server.

Parameters:

Returns:



90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
# File 'lib/puppet/http/service/ca.rb', line 90

def put_certificate_request(name, csr, ssl_context: nil)
  headers = add_puppet_headers(HEADERS)
  headers['Content-Type'] = 'text/plain'

  response = @client.put(
    with_base_url("/certificate_request/#{name}"),
    csr.to_pem,
    headers: headers,
    options: {
      ssl_context: ssl_context
    }
  )

  process_response(response)

  response
end