Feature #2395 - revoke when cleaning a certificate with puppetca

As the ticket says:
"the certificates would still be valid even if cleaned,
therefore, it makes more sense revoke them instead."

Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>

2 files changed, 11 insertions, 0 deletions

diff --git a/lib/puppet/application/puppetca.rb b/lib/puppet/application/puppetca.rb
index 68ea3e5fb..adc1a6ff5 100644
--- a/lib/puppet/application/puppetca.rb
+++ b/lib/puppet/application/puppetca.rb
@@ -43,6 +43,7 @@ Puppet::Application.new(:puppetca) do
             hosts = ARGV.collect { |h| puts h; h.downcase }
         end
         begin
+            @ca.apply(:revoke, :to => hosts) if @mode == :destroy
             @ca.apply(@mode, :to => hosts)
         rescue => detail
             puts detail.backtrace if Puppet[:trace]
diff --git a/spec/unit/application/puppetca.rb b/spec/unit/application/puppetca.rb
index d5ee0d06b..3a535f394 100644
--- a/spec/unit/application/puppetca.rb
+++ b/spec/unit/application/puppetca.rb
@@ -138,5 +138,15 @@ describe "PuppetCA" do
             @puppetca.main
         end
 
+        it "should revoke cert if mode is clean" do
+            @puppetca.mode = :destroy
+            ARGV.stubs(:collect).returns(["host"])
+
+            @ca.expects(:apply).with { |mode,to| mode == :revoke }
+            @ca.expects(:apply).with { |mode,to| mode == :destroy }
+
+            @puppetca.main
+        end
+
     end
 end