Class: Puppetserver::Ca::Action::Sign

Inherits:
Object
  • Object
show all
Includes:
Utils
Defined in:
lib/puppetserver/ca/action/sign.rb

Constant Summary collapse

SUMMARY = 
'Sign certificate request(s)'
<<-BANNER
Usage:
  puppetserver ca sign [--help]
  puppetserver ca sign [--config] --certname NAME[,NAME]
  puppetserver ca sign  --all

Description:
Given a comma-separated list of valid certnames, instructs the CA to sign each cert.

Options:
BANNER

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(logger) ⇒ Sign

Returns a new instance of Sign.



48
49
50
 
# File 'lib/puppetserver/ca/action/sign.rb', line 48

def initialize(logger)
  @logger = logger
end

Class Method Details

.parser(parsed = {}) ⇒ Object 



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/puppetserver/ca/action/sign.rb', line 30

def self.parser(parsed = {})
  OptionParser.new do |opts|
    opts.banner = BANNER
    opts.on('--certname NAME[,NAME]', Array, 'the name(s) of the cert(s) to be signed') do |cert|
      parsed['certname'] = cert
    end
    opts.on('--config CONF', 'Custom path to Puppet\'s config file') do |conf|
      parsed['config'] = conf
    end
    opts.on('--help', 'Display this command specific help output') do |help|
      parsed['help'] = true
    end
    opts.on('--all', 'Operate on all certnames') do |a|
      parsed['all'] = true
    end
  end
end

Instance Method Details

#check_flag_usage(results) ⇒ Object 



95
96
97
98
99
100
101
102
103
104
 
# File 'lib/puppetserver/ca/action/sign.rb', line 95

def check_flag_usage(results)
  if results['certname'] && results['all']
    '--all and --certname cannot be used together'
  elsif !results['certname'] && !results['all']
    'No arguments given'
  elsif results['certname'] && results['certname'].include?('--all')
    'Cannot use --all with --certname. If you actually have a certificate request ' +
                    'for a certifcate named --all, you need to use the HTTP API.'
  end
end

#get_all_pending_certs(ca) ⇒ Object 



77
78
79
80
81
 
# File 'lib/puppetserver/ca/action/sign.rb', line 77

def get_all_pending_certs(ca)
  if result = ca.get_certificate_statuses
    select_pending_certs(result.body)
  end
end

#parse(args) ⇒ Object 



106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
# File 'lib/puppetserver/ca/action/sign.rb', line 106

def parse(args)
  results = {}
  parser = self.class.parser(results)

  errors = CliParsing.parse_with_errors(parser, args)

  if err = check_flag_usage(results)
    errors << err
  end

  errors_were_handled = CliParsing.handle_errors(@logger, errors, parser.help)

  exit_code = errors_were_handled ? 1 : nil

  return results, exit_code
end

#run(input) ⇒ Object 



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'lib/puppetserver/ca/action/sign.rb', line 52

def run(input)
  config = input['config']

  if config
    errors = FileSystem.validate_file_paths(config)
    return 1 if CliParsing.handle_errors(@logger, errors)
  end

  puppet = Config::Puppet.parse(config)
  return 1 if CliParsing.handle_errors(@logger, puppet.errors)

  ca = Puppetserver::Ca::CertificateAuthority.new(@logger, puppet.settings)

  if input['all']
    requested_certnames = get_all_pending_certs(ca)
    return 1 if requested_certnames.nil?
    return 24 if requested_certnames.empty?
  else
    requested_certnames = input['certname']
  end

  success = ca.sign_certs(requested_certnames)
  return success ? 0 : 1
end

#select_pending_certs(get_result) ⇒ Object 



83
84
85
86
87
88
89
90
91
92
93
 
# File 'lib/puppetserver/ca/action/sign.rb', line 83

def select_pending_certs(get_result)
  requested_certnames = JSON.parse(get_result).select{|e| e["state"] == "requested"}.map{|e| e["name"]}

  if requested_certnames.empty?
    @logger.err 'Error:'
    @logger.err "    No waiting certificate requests to sign"
    return requested_certnames
  end

  return requested_certnames
end