Class: Puppetserver::Ca::Utils::HttpClient

Inherits:
Object
  • Object
show all
Defined in:
lib/puppetserver/ca/utils/http_client.rb

Overview

Utilities for doing HTTPS against the CA that wraps Net::HTTP constructs

Defined Under Namespace

Classes: Connection, Result, URL

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(logger, settings, with_client_cert: true) ⇒ HttpClient

Not all connections require a client cert to be present. For example, when querying the status endpoint.



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/puppetserver/ca/utils/http_client.rb', line 17

def initialize(logger, settings, with_client_cert: true)
  @default_headers = make_headers(ENV['HOME'])
  @logger = logger
  @store = make_store(settings[:localcacert],
                      settings[:certificate_revocation],
                      settings[:hostcrl])

  if with_client_cert
    @cert = load_cert(settings[:hostcert])
    @key = load_key(settings[:hostprivkey])
  else
    @cert = nil
    @key = nil
  end
end

Instance Attribute Details

#storeObject (readonly)

Returns the value of attribute store.



13
14
15
 
# File 'lib/puppetserver/ca/utils/http_client.rb', line 13

def store
  @store
end

Class Method Details

.check_server_online(settings, logger) ⇒ Object

Queries the simple status endpoint for the status of the CA service. Returns true if it receives back a response of “running”, and false if no connection can be made, or a different response is received.



203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
 
# File 'lib/puppetserver/ca/utils/http_client.rb', line 203

def self.check_server_online(settings, logger)
  status_url = URL.new('https', settings[:ca_server], settings[:ca_port], 'status', 'v1', 'simple', 'ca')
  begin
    # Generating certs offline is necessary if the server cert has been destroyed
    # or compromised. Since querying the status endpoint does not require a client cert, and
    # we commonly won't have one, don't require one for creating the connection.
    # Additionally, we want to ensure the server is stopped before migrating the CA dir to
    # avoid issues with writing to the CA dir and moving it.
    self.new(logger, settings, with_client_cert: false).with_connection(status_url) do |conn|
      result = conn.get
      if result.body == "running"
        logger.err "Puppetserver service is running. Please stop it before attempting to run this command."
        true
      else
        false
      end
    end
  rescue Puppetserver::Ca::ConnectionFailed => e
    if e.wrapped.is_a? Errno::ECONNREFUSED
      return false
    else
      raise e
    end
  end
end

Instance Method Details

#load_cert(path) ⇒ Object 



33
34
35
36
37
 
# File 'lib/puppetserver/ca/utils/http_client.rb', line 33

def load_cert(path)
  load_with_errors(path, 'hostcert') do |content|
    OpenSSL::X509::Certificate.new(content)
  end
end

#load_key(path) ⇒ Object 



39
40
41
42
43
 
# File 'lib/puppetserver/ca/utils/http_client.rb', line 39

def load_key(path)
  load_with_errors(path, 'hostprivkey') do |content|
    OpenSSL::PKey.read(content)
  end
end

#with_connection(url, &block) ⇒ Object

Takes an instance URL (defined lower in the file), and creates a connection. The given block is passed our own Connection object. The Connection object should have HTTP verbs defined on it that take a body (and optional overrides). Returns whatever the block given returned.



49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/puppetserver/ca/utils/http_client.rb', line 49

def with_connection(url, &block)
  request = ->(conn) { block.call(Connection.new(conn, url, @logger, @default_headers)) }

  begin
    Net::HTTP.start(url.host, url.port,
                    use_ssl: true, cert_store: @store,
                    cert: @cert, key: @key,
                    &request)
  rescue StandardError => e
    raise ConnectionFailed.create(e,
            "Failed connecting to #{url.full_url}\n" +
            "  Root cause: #{e.message}")
  end
end