Class: Puppetserver::Ca::ImportAction

Inherits:
Object
  • Object
show all
Defined in:
lib/puppetserver/ca/import_action.rb

Constant Summary collapse

SUMMARY = 
"Import the CA's key, certs, and crls"
<<-BANNER
Usage:
  puppetserver ca import [--help]
  puppetserver ca import [--config PATH]
      --private-key PATH --cert-bundle PATH --crl-chain PATH

Description:
Given a private key, cert bundle, and a crl chain,
validate and import to the Puppet Server CA.

To determine the target location the default puppet.conf
is consulted for custom values. If using a custom puppet.conf
provide it with the --config flag

Options:
BANNER

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(logger) ⇒ ImportAction

Returns a new instance of ImportAction.



28
29
30
 
# File 'lib/puppetserver/ca/import_action.rb', line 28

def initialize(logger)
  @logger = logger
end

Class Method Details

.parser(parsed = {}) ⇒ Object 



131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
 
# File 'lib/puppetserver/ca/import_action.rb', line 131

def self.parser(parsed = {})
  OptionParser.new do |opts|
    opts.banner = BANNER
    opts.on('--help', 'Display this import specific help output') do |help|
      parsed['help'] = true
    end
    opts.on('--config CONF', 'Path to puppet.conf') do |conf|
      parsed['config'] = conf
    end
    opts.on('--private-key KEY', 'Path to PEM encoded key') do |key|
      parsed['private-key'] = key
    end
    opts.on('--cert-bundle BUNDLE', 'Path to PEM encoded bundle') do |bundle|
      parsed['cert-bundle'] = bundle
    end
    opts.on('--crl-chain CHAIN', 'Path to PEM encoded chain') do |chain|
      parsed['crl-chain'] = chain
    end
  end
end

Instance Method Details

#log_possible_errors(maybe_errors) ⇒ Object 



65
66
67
68
69
70
71
72
73
74
 
# File 'lib/puppetserver/ca/import_action.rb', line 65

def log_possible_errors(maybe_errors)
  errors = Array(maybe_errors).compact
  unless errors.empty?
    @logger.err "Error:"
    errors.each do |message|
      @logger.err "    #{message}"
    end
    return true
  end
end

#parse(cli_args) ⇒ Object 



76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
 
# File 'lib/puppetserver/ca/import_action.rb', line 76

def parse(cli_args)
  parser, inputs, unparsed = parse_inputs(cli_args)

  if !unparsed.empty?
    @logger.err 'Error:'
    @logger.err 'Unknown arguments or flags:'
    unparsed.each do |arg|
      @logger.err "    #{arg}"
    end

    @logger.err ''
    @logger.err parser.help

    exit_code = 1
  else
    exit_code = validate_inputs(inputs, parser.help)
  end

  return inputs, exit_code
end

#parse_inputs(inputs) ⇒ Object 



112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
 
# File 'lib/puppetserver/ca/import_action.rb', line 112

def parse_inputs(inputs)
  parsed = {}
  unparsed = []

  parser = self.class.parser(parsed)

  begin
    parser.order!(inputs) do |nonopt|
      unparsed << nonopt
    end
  rescue OptionParser::ParseError => e
    unparsed += e.args
    unparsed << inputs.shift unless inputs.first =~ /^-{1,2}/
    retry
  end

  return parser, parsed, unparsed
end

#run(input) ⇒ Object 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/puppetserver/ca/import_action.rb', line 32

def run(input)
  bundle_path = input['cert-bundle']
  key_path = input['private-key']
  chain_path = input['crl-chain']
  config_path = input['config']

  files = [bundle_path, key_path, chain_path, config_path].compact

  errors = Puppetserver::Utils::FileUtilities.validate_file_paths(files)
  return 1 if log_possible_errors(errors)

  loader = X509Loader.new(bundle_path, key_path, chain_path)
  return 1 if log_possible_errors(loader.errors)

  puppet = PuppetConfig.parse(config_path)
  return 1 if log_possible_errors(puppet.errors)

  Puppetserver::Utils::FileUtilities.ensure_dir(puppet.settings[:cadir])

  Puppetserver::Utils::FileUtilities.write_file(puppet.settings[:cacert], loader.certs, 0640)

  Puppetserver::Utils::FileUtilities.write_file(puppet.settings[:cakey], loader.key, 0640)

  Puppetserver::Utils::FileUtilities.write_file(puppet.settings[:cacrl], loader.crls, 0640)

  # Puppet's internal CA expects these file to exist.
  Puppetserver::Utils::FileUtilities.ensure_file(puppet.settings[:serial], "001", 0640)
  Puppetserver::Utils::FileUtilities.ensure_file(puppet.settings[:cert_inventory], "", 0640)

  @logger.inform "Import succeeded. Find your files in #{puppet.settings[:cadir]}"
  return 0
end

#validate_inputs(input, usage) ⇒ Object 



97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
# File 'lib/puppetserver/ca/import_action.rb', line 97

def validate_inputs(input, usage)
  exit_code = nil

  if input.values_at('cert-bundle', 'private-key', 'crl-chain').any?(&:nil?)
    @logger.err 'Error:'
    @logger.err 'Missing required argument'
    @logger.err '    --cert-bundle, --private-key, --crl-chain are required'
    @logger.err ''
    @logger.err usage
    exit_code = 1
  end

  exit_code
end