Fixes #3663 - It should be possible to list signed hosts only

Adds a --signed option to the --list feature that only displays signed certificates

4 files changed, 25 insertions, 2 deletions

diff --git a/lib/puppet/application/puppetca.rb b/lib/puppet/application/puppetca.rb
index 68ea3e5fb..b8b8252c5 100644
--- a/lib/puppet/application/puppetca.rb
+++ b/lib/puppet/application/puppetca.rb
@@ -6,7 +6,7 @@ Puppet::Application.new(:puppetca) do
 
     should_parse_config
 
-    attr_accessor :mode, :all, :ca
+    attr_accessor :mode, :all, :signed, :ca
 
     def find_mode(opt)
         modes = Puppet::SSL::CertificateAuthority::Interface::INTERFACE_METHODS
@@ -22,6 +22,10 @@ Puppet::Application.new(:puppetca) do
         @all = true
     end
 
+    option("--signed", "-s") do
+        @signed = true
+    end
+
     option("--debug", "-d") do |arg|
         Puppet::Util::Log.level = :debug
     end
@@ -39,6 +43,8 @@ Puppet::Application.new(:puppetca) do
     command(:main) do
         if @all
             hosts = :all
+        elsif @signed
+            hosts = :signed
         else
             hosts = ARGV.collect { |h| puts h; h.downcase }
         end
diff --git a/lib/puppet/ssl/certificate_authority/interface.rb b/lib/puppet/ssl/certificate_authority/interface.rb
index 3f91434e3..20fd85020 100644
--- a/lib/puppet/ssl/certificate_authority/interface.rb
+++ b/lib/puppet/ssl/certificate_authority/interface.rb
@@ -55,6 +55,8 @@ class Puppet::SSL::CertificateAuthority::Interface
 
         if subjects == :all
             hosts = [signed, requests].flatten
+        elsif subjects == :signed
+            hosts = signed.flatten
         else
             hosts = subjects
         end
@@ -104,7 +106,7 @@ class Puppet::SSL::CertificateAuthority::Interface
 
     # Set the list of hosts we're operating on.  Also supports keywords.
     def subjects=(value)
-        unless value == :all or value.is_a?(Array)
+        unless value == :all or value == :signed or value.is_a?(Array)
             raise ArgumentError, "Subjects must be an array or :all; not %s" % value
         end
 
diff --git a/spec/unit/application/puppetca.rb b/spec/unit/application/puppetca.rb
index d5ee0d06b..3bab6c77d 100644
--- a/spec/unit/application/puppetca.rb
+++ b/spec/unit/application/puppetca.rb
@@ -49,6 +49,11 @@ describe "PuppetCA" do
         @puppetca.all.should be_true
     end
 
+    it "should set signed to true for --signed" do
+        @puppetca.handle_signed(0)
+        @puppetca.signed.should be_true
+    end
+    
     Puppet::SSL::CertificateAuthority::Interface::INTERFACE_METHODS.reject { |m| m == :destroy }.each do |method|
         it "should set mode to #{method} with option --#{method}" do
             @puppetca.send("handle_#{method}".to_sym, nil)
diff --git a/spec/unit/ssl/certificate_authority/interface.rb b/spec/unit/ssl/certificate_authority/interface.rb
index d741ec400..b1c203c5d 100755
--- a/spec/unit/ssl/certificate_authority/interface.rb
+++ b/spec/unit/ssl/certificate_authority/interface.rb
@@ -204,6 +204,16 @@ describe Puppet::SSL::CertificateAuthority::Interface do
                 end
             end
 
+           describe "and :signed was provided" do
+                it "should print a string containing all signed certificate requests and certificates" do
+                    @ca.expects(:list).returns %w{host1 host2}
+
+                    @applier = @class.new(:list, :signed)
+
+                    @applier.apply(@ca)
+                end
+            end
+
             describe "and an array of names was provided" do
                 it "should print a string of all named hosts that have a waiting request" do
                     @ca.expects(:waiting?).returns %w{host1 host2}