Class: Puppetserver::Ca::Action::Sign
- Inherits:
-
Object
- Object
- Puppetserver::Ca::Action::Sign
- Includes:
- Utils
- Defined in:
- lib/puppetserver/ca/action/sign.rb
Constant Summary collapse
- SUMMARY =
'Sign certificate request(s)'
- BANNER =
<<-BANNER Usage: puppetserver ca sign [--help] puppetserver ca sign [--config] --certname NAME[,NAME] puppetserver ca sign --all Description: Given a comma-separated list of valid certnames, instructs the CA to sign each cert. Options: BANNER
Class Method Summary collapse
Instance Method Summary collapse
- #check_flag_usage(results) ⇒ Object
- #get_all_pending_certs(ca) ⇒ Object
-
#initialize(logger) ⇒ Sign
constructor
A new instance of Sign.
- #parse(args) ⇒ Object
- #run(input) ⇒ Object
- #select_pending_certs(get_result) ⇒ Object
Constructor Details
#initialize(logger) ⇒ Sign
Returns a new instance of Sign.
53 54 55 |
# File 'lib/puppetserver/ca/action/sign.rb', line 53 def initialize(logger) @logger = logger end |
Class Method Details
.parser(parsed = {}) ⇒ Object
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/puppetserver/ca/action/sign.rb', line 32 def self.parser(parsed = {}) OptionParser.new do |opts| opts. = BANNER opts.on('--ttl TTL', 'The time-to-live for each cert signed') do |ttl| parsed['ttl'] = ttl end opts.on('--certname NAME[,NAME]', Array, 'the name(s) of the cert(s) to be signed') do |cert| parsed['certname'] = cert end opts.on('--config CONF', 'Custom path to Puppet\'s config file') do |conf| parsed['config'] = conf end opts.on('--help', 'Display this command-specific help output') do |help| parsed['help'] = true end opts.on('--all', 'Operate on all certnames') do |a| parsed['all'] = true end end end |
Instance Method Details
#check_flag_usage(results) ⇒ Object
116 117 118 119 120 121 122 123 124 125 |
# File 'lib/puppetserver/ca/action/sign.rb', line 116 def check_flag_usage(results) if results['certname'] && results['all'] '--all and --certname cannot be used together' elsif !results['certname'] && !results['all'] 'No arguments given' elsif results['certname'] && results['certname'].include?('--all') 'Cannot use --all with --certname. If you actually have a certificate request ' + 'for a certifcate named --all, you need to use the HTTP API.' end end |
#get_all_pending_certs(ca) ⇒ Object
98 99 100 101 102 |
# File 'lib/puppetserver/ca/action/sign.rb', line 98 def get_all_pending_certs(ca) if result = ca.get_certificate_statuses select_pending_certs(result.body) end end |
#parse(args) ⇒ Object
127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 |
# File 'lib/puppetserver/ca/action/sign.rb', line 127 def parse(args) results = {} parser = self.class.parser(results) errors = CliParsing.parse_with_errors(parser, args) if err = check_flag_usage(results) errors << err end errors_were_handled = Errors.handle_with_usage(@logger, errors, parser.help) exit_code = errors_were_handled ? 1 : nil return results, exit_code end |
#run(input) ⇒ Object
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
# File 'lib/puppetserver/ca/action/sign.rb', line 57 def run(input) config = input['config'] if config errors = FileSystem.validate_file_paths(config) return 1 if Errors.handle_with_usage(@logger, errors) end puppet = Config::Puppet.parse(config, @logger) return 1 if Errors.handle_with_usage(@logger, puppet.errors) ca = Puppetserver::Ca::CertificateAuthority.new(@logger, puppet.settings) bulk_sign = ca.server_has_bulk_signing_endpoints # Bulk sign endpoints don't allow setting TTL, so # use single signing endpoint if TTL is specified. success = false if input['ttl'] || !bulk_sign if input['all'] requested_certnames = get_all_pending_certs(ca) return 1 if requested_certnames.nil? return 24 if requested_certnames.empty? else requested_certnames = input['certname'] end success = ca.sign_certs(requested_certnames, input['ttl']) return success ? 0 : 1 else result = input['all'] ? ca.sign_all : ca.sign_bulk(input['certname']) case result when :success return 0 when :no_requests return 24 else return 1 end end end |
#select_pending_certs(get_result) ⇒ Object
104 105 106 107 108 109 110 111 112 113 114 |
# File 'lib/puppetserver/ca/action/sign.rb', line 104 def select_pending_certs(get_result) requested_certnames = JSON.parse(get_result).select{|e| e["state"] == "requested"}.map{|e| e["name"]} if requested_certnames.empty? @logger.err 'Error:' @logger.err " No waiting certificate requests to sign" return requested_certnames end return requested_certnames end |