Adding inventory support to the new certificate authority.

The new-style CA now keeps track of all of its signed certificates in its inventory file.
author: Luke Kanies <luke@madstop.com> 2008-04-18 11:57:50 -0500
committer: Luke Kanies <luke@madstop.com> 2008-04-18 11:57:50 -0500
commit: 16056a24c65a7c6485b65f15700ff3971781031b (patch)
tree: 7ae8f2c283a6f3ef273cc29540901518f266a64e
parent: d498c4ac4c7b97b5f8e004b3e31d8cbeed914711 (diff)
download: puppet-16056a24c65a7c6485b65f15700ff3971781031b.tar.gz
puppet-16056a24c65a7c6485b65f15700ff3971781031b.tar.xz
puppet-16056a24c65a7c6485b65f15700ff3971781031b.zip
4 files changed, 32 insertions, 5 deletions
diff --git a/lib/puppet/ssl/certificate_authority.rb b/lib/puppet/ssl/certificate_authority.rb
index 6a1986bc9..7b30e08f7 100644
--- a/lib/puppet/ssl/certificate_authority.rb
+++ b/lib/puppet/ssl/certificate_authority.rb
@@ -11,8 +11,9 @@ require 'puppet/ssl/certificate_request'
 # SSL stuff.
 class Puppet::SSL::CertificateAuthority
     require 'puppet/ssl/certificate_factory'
+    require 'puppet/ssl/inventory'
 
-    attr_reader :name, :host
+    attr_reader :name, :host, :inventory
 
     # Generate our CA certificate.
     def generate_ca_certificate
@@ -36,6 +37,8 @@ class Puppet::SSL::CertificateAuthority
         @name = Puppet[:certname]
 
         @host = Puppet::SSL::Host.new(Puppet::SSL::Host.ca_name)
+
+        @inventory = Puppet::SSL::Inventory.new
     end
 
     # Sign a given certificate request.
@@ -59,6 +62,11 @@ class Puppet::SSL::CertificateAuthority
 
         Puppet.notice "Signed certificate request for %s" % hostname
 
+        # Add the cert to the inventory before we save it, since
+        # otherwise we could end up with it being duplicated, if
+        # this is the first time we build the inventory file.
+        inventory.add(cert)
+
         # Save the now-signed cert.  This should get routed correctly depending
         # on the certificate type.
         cert.save
diff --git a/lib/puppet/ssl/inventory.rb b/lib/puppet/ssl/inventory.rb
index 953c93d37..3b32b6d7b 100644
--- a/lib/puppet/ssl/inventory.rb
+++ b/lib/puppet/ssl/inventory.rb
@@ -20,7 +20,7 @@ class Puppet::SSL::Inventory
     # Format our certificate for output.
     def format(cert)
         iso = '%Y-%m-%dT%H:%M:%S%Z'
-        return "0x%04x %s %s %s" % [cert.serial,  cert.not_before.strftime(iso), cert.not_after.strftime(iso), cert.subject]
+        return "0x%04x %s %s %s\n" % [cert.serial,  cert.not_before.strftime(iso), cert.not_after.strftime(iso), cert.subject]
     end
 
     def initialize
diff --git a/spec/unit/ssl/certificate_authority.rb b/spec/unit/ssl/certificate_authority.rb
index 9460e7c40..c102d05fe 100755
--- a/spec/unit/ssl/certificate_authority.rb
+++ b/spec/unit/ssl/certificate_authority.rb
@@ -32,6 +32,12 @@ describe Puppet::SSL::CertificateAuthority do
             Puppet.settings.expects(:use).with(:main, :ssl, :ca)
             Puppet::SSL::CertificateAuthority.new
         end
+
+        it "should create an inventory instance" do
+            Puppet::SSL::Inventory.expects(:new).returns "inventory"
+
+            Puppet::SSL::CertificateAuthority.new.inventory.should == "inventory"
+        end
     end
 
     describe "when generating a self-signed CA certificate" do
@@ -116,6 +122,10 @@ describe Puppet::SSL::CertificateAuthority do
             Puppet::SSL::CertificateFactory.stubs(:new).returns @factory
 
             @request = stub 'request', :content => "myrequest"
+
+            # And the inventory
+            @inventory = stub 'inventory', :add => nil
+            @ca.stubs(:inventory).returns @inventory
         end
 
         describe "and calculating the next certificate serial number" do
@@ -279,13 +289,18 @@ describe Puppet::SSL::CertificateAuthority do
         end
 
         it "should return the certificate instance" do
-            @serial = 10
-            @ca.stubs(:next_serial).returns @serial
-
             Puppet::SSL::CertificateRequest.stubs(:find).with(@name).returns @request
             @cert.stubs :save
             @ca.sign(@name).should equal(@cert)
         end
+
+        it "should add the certificate to its inventory" do
+            @inventory.expects(:add).with(@cert)
+
+            Puppet::SSL::CertificateRequest.stubs(:find).with(@name).returns @request
+            @cert.stubs :save
+            @ca.sign(@name)
+        end
     end
 
     describe "when managing certificate clients" do
diff --git a/spec/unit/ssl/inventory.rb b/spec/unit/ssl/inventory.rb
index f394cc932..10eb42d95 100755
--- a/spec/unit/ssl/inventory.rb
+++ b/spec/unit/ssl/inventory.rb
@@ -144,6 +144,10 @@ describe Puppet::SSL::Inventory do
                 @inventory.format(@cert).split[3].should == "mycert"
             end
 
+            it "should add a carriage return" do
+                @inventory.format(@cert).should =~ /\n$/
+            end
+
             it "should produce a line consisting of the serial number, start date, expiration date, and subject" do
                 # Just make sure our serial and subject bracket the lines.
                 @inventory.format(@cert).should =~ /^0x.+mycert$/
author	Luke Kanies <luke@madstop.com>	2008-04-18 11:57:50 -0500
committer	Luke Kanies <luke@madstop.com>	2008-04-18 11:57:50 -0500
commit	16056a24c65a7c6485b65f15700ff3971781031b (patch)
tree	7ae8f2c283a6f3ef273cc29540901518f266a64e
parent	d498c4ac4c7b97b5f8e004b3e31d8cbeed914711 (diff)
download	puppet-16056a24c65a7c6485b65f15700ff3971781031b.tar.gz puppet-16056a24c65a7c6485b65f15700ff3971781031b.tar.xz puppet-16056a24c65a7c6485b65f15700ff3971781031b.zip