Class: Puppetserver::Ca::Action::Sign

Inherits:

Object

• Object
• Puppetserver::Ca::Action::Sign

Includes:

Utils

Defined in:

lib/puppetserver/ca/action/sign.rb

Constant Summary

SUMMARY =

'Sign certificate request(s)'

BANNER =

<<-BANNER
Usage:
  puppetserver ca sign [--help]
  puppetserver ca sign [--config] --certname NAME[,NAME]
  puppetserver ca sign  --all

Description:
  Given a comma-separated list of valid certnames, instructs the CA to sign
  each cert.

Options:
BANNER

Class Method Summary

• .parser(parsed = {}) ⇒ Object

Instance Method Summary

• #check_flag_usage(results) ⇒ Object
• #get_all_pending_certs(ca) ⇒ Object
• #initialize(logger) ⇒ Sign constructor

  A new instance of Sign.

• #parse(args) ⇒ Object
• #run(input) ⇒ Object
• #select_pending_certs(get_result) ⇒ Object

Constructor Details

#initialize(logger) ⇒ Sign

Returns a new instance of Sign.

# File 'lib/puppetserver/ca/action/sign.rb', line 53

def initialize(logger)
  @logger = logger
end

Class Method Details

.parser(parsed = {}) ⇒ Object

# File 'lib/puppetserver/ca/action/sign.rb', line 32

def self.parser(parsed = {})
  OptionParser.new do |opts|
    opts.banner = BANNER
    opts.on('--ttl TTL', 'The time-to-live for each cert signed') do |ttl|
      parsed['ttl'] = ttl
    end
    opts.on('--certname NAME[,NAME]', Array, 'the name(s) of the cert(s) to be signed') do |cert|
      parsed['certname'] = cert
    end
    opts.on('--config CONF', 'Custom path to Puppet\'s config file') do |conf|
      parsed['config'] = conf
    end
    opts.on('--help', 'Display this command-specific help output') do |help|
      parsed['help'] = true
    end
    opts.on('--all', 'Operate on all certnames') do |a|
      parsed['all'] = true
    end
  end
end

Instance Method Details

#check_flag_usage(results) ⇒ Object

# File 'lib/puppetserver/ca/action/sign.rb', line 116

def check_flag_usage(results)
  if results['certname'] && results['all']
    '--all and --certname cannot be used together'
  elsif !results['certname'] && !results['all']
    'No arguments given'
  elsif results['certname'] && results['certname'].include?('--all')
    'Cannot use --all with --certname. If you actually have a certificate request ' +
                    'for a certifcate named --all, you need to use the HTTP API.'
  end
end

#get_all_pending_certs(ca) ⇒ Object

# File 'lib/puppetserver/ca/action/sign.rb', line 98

def get_all_pending_certs(ca)
  if result = ca.get_certificate_statuses
    select_pending_certs(result.body)
  end
end

#parse(args) ⇒ Object

# File 'lib/puppetserver/ca/action/sign.rb', line 127

def parse(args)
  results = {}
  parser = self.class.parser(results)

  errors = CliParsing.parse_with_errors(parser, args)

  if err = check_flag_usage(results)
    errors << err
  end

  errors_were_handled = Errors.handle_with_usage(@logger, errors, parser.help)

  exit_code = errors_were_handled ? 1 : nil

  return results, exit_code
end

#run(input) ⇒ Object

# File 'lib/puppetserver/ca/action/sign.rb', line 57

def run(input)
  config = input['config']

  if config
    errors = FileSystem.validate_file_paths(config)
    return 1 if Errors.handle_with_usage(@logger, errors)
  end

  puppet = Config::Puppet.parse(config, @logger)
  return 1 if Errors.handle_with_usage(@logger, puppet.errors)

  ca = Puppetserver::Ca::CertificateAuthority.new(@logger, puppet.settings)
  bulk_sign = ca.server_has_bulk_signing_endpoints

  # Bulk sign endpoints don't allow setting TTL, so
  # use single signing endpoint if TTL is specified.
  success = false
  if input['ttl'] || !bulk_sign
    if input['all']
      requested_certnames = get_all_pending_certs(ca)
      return 1 if requested_certnames.nil?
      return 24 if requested_certnames.empty?
    else
      requested_certnames = input['certname']
    end

    success = ca.sign_certs(requested_certnames, input['ttl'])
    return success ? 0 : 1
  else
    result = input['all'] ? ca.sign_all : ca.sign_bulk(input['certname'])
    case result
    when :success
      return 0
    when :no_requests
      return 24
    else
      return 1
    end
  end
end

#select_pending_certs(get_result) ⇒ Object

# File 'lib/puppetserver/ca/action/sign.rb', line 104

def select_pending_certs(get_result)
  requested_certnames = JSON.parse(get_result).select{|e| e["state"] == "requested"}.map{|e| e["name"]}

  if requested_certnames.empty?
    @logger.err 'Error:'
    @logger.err "    No waiting certificate requests to sign"
    return requested_certnames
  end

  return requested_certnames
end