Merge branch 'feature/master/5528-certificates_signing_api' into next

* feature/master/5528-certificates_signing_api: (#5528) Add REST API for signing, revoking, retrieving, cleaning certs
author: Max Martin <max@puppetlabs.com> 2011-04-05 15:56:29 -0700
committer: Max Martin <max@puppetlabs.com> 2011-04-05 15:56:29 -0700
commit: ff9b24fa7d60e7a224c78904ab451c4c39cb231f (patch)
tree: fa38972bd3e446d8eedd17de3b15dbd7a69ca2dd /lib/puppet/indirector
parent: b82bf9faa84447ac13b09d9d2db310fb3a35bd12 (diff)
parent: e20e6185f7f26d02c7ea275f8adf43c088169129 (diff)
download: puppet-ff9b24fa7d60e7a224c78904ab451c4c39cb231f.tar.gz
puppet-ff9b24fa7d60e7a224c78904ab451c4c39cb231f.tar.xz
puppet-ff9b24fa7d60e7a224c78904ab451c4c39cb231f.zip
3 files changed, 96 insertions, 0 deletions
diff --git a/lib/puppet/indirector/certificate_status.rb b/lib/puppet/indirector/certificate_status.rb
new file mode 100644
index 000000000..47c3adcd4
--- /dev/null
+++ b/lib/puppet/indirector/certificate_status.rb
@@ -0,0 +1,4 @@
+require 'puppet/indirector'
+
+class Puppet::Indirector::CertificateStatus
+end
diff --git a/lib/puppet/indirector/certificate_status/file.rb b/lib/puppet/indirector/certificate_status/file.rb
new file mode 100644
index 000000000..9061d9423
--- /dev/null
+++ b/lib/puppet/indirector/certificate_status/file.rb
@@ -0,0 +1,82 @@
+require 'puppet'
+require 'puppet/indirector/certificate_status'
+require 'puppet/ssl/certificate'
+require 'puppet/ssl/certificate_authority'
+require 'puppet/ssl/certificate_request'
+require 'puppet/ssl/host'
+require 'puppet/ssl/key'
+
+class Puppet::Indirector::CertificateStatus::File < Puppet::Indirector::Code
+  def ca
+    raise ArgumentError, "This process is not configured as a certificate authority" unless Puppet::SSL::CertificateAuthority.ca?
+    Puppet::SSL::CertificateAuthority.new
+  end
+
+  def destroy(request)
+    deleted = []
+    [
+      Puppet::SSL::Certificate,
+      Puppet::SSL::CertificateRequest,
+      Puppet::SSL::Key,
+    ].collect do |part|
+      if part.indirection.destroy(request.key)
+        deleted << "#{part}"
+      end
+    end
+
+    return "Nothing was deleted" if deleted.empty?
+    "Deleted for #{request.key}: #{deleted.join(", ")}"
+  end
+
+  def save(request)
+    if request.instance.desired_state == "signed"
+      certificate_request = Puppet::SSL::CertificateRequest.indirection.find(request.key)
+      raise Puppet::Error, "Cannot sign for host #{request.key} without a certificate request" unless certificate_request
+      ca.sign(request.key)
+    elsif request.instance.desired_state == "revoked"
+      certificate = Puppet::SSL::Certificate.indirection.find(request.key)
+      raise Puppet::Error, "Cannot revoke host #{request.key} because has it doesn't have a signed certificate" unless certificate
+      ca.revoke(request.key)
+    else
+      raise Puppet::Error, "State #{request.instance.desired_state} invalid; Must specify desired state of 'signed' or 'revoked' for host #{request.key}"
+    end
+
+  end
+
+  def search(request)
+    # Support historic interface wherein users provide classes to filter
+    # the search.  When used via the REST API, the arguments must be
+    # a Symbol or an Array containing Symbol objects.
+    klasses = case request.options[:for]
+    when Class
+      [request.options[:for]]
+    when nil
+      [
+        Puppet::SSL::Certificate,
+        Puppet::SSL::CertificateRequest,
+        Puppet::SSL::Key,
+      ]
+    else
+      [request.options[:for]].flatten.map do |klassname|
+        indirection.class.model(klassname.to_sym)
+      end
+    end
+
+    klasses.collect do |klass|
+      klass.indirection.search(request.key, request.options)
+    end.flatten.collect do |result|
+      result.name
+    end.uniq.collect &Puppet::SSL::Host.method(:new)
+  end
+
+  def find(request)
+    ssl_host = Puppet::SSL::Host.new(request.key)
+    public_key = Puppet::SSL::Certificate.indirection.find(request.key)
+
+    if ssl_host.certificate_request || public_key
+      ssl_host
+    else
+      nil
+    end
+  end
+end
diff --git a/lib/puppet/indirector/certificate_status/rest.rb b/lib/puppet/indirector/certificate_status/rest.rb
new file mode 100644
index 000000000..c53b663b5
--- /dev/null
+++ b/lib/puppet/indirector/certificate_status/rest.rb
@@ -0,0 +1,10 @@
+require 'puppet/ssl/host'
+require 'puppet/indirector/rest'
+require 'puppet/indirector/certificate_status'
+
+class Puppet::Indirector::CertificateStatus::Rest < Puppet::Indirector::REST
+  desc "Sign, revoke, search for, or clean certificates & certificate requests over HTTP."
+
+  use_server_setting(:ca_server)
+  use_port_setting(:ca_port)
+end
author	Max Martin <max@puppetlabs.com>	2011-04-05 15:56:29 -0700
committer	Max Martin <max@puppetlabs.com>	2011-04-05 15:56:29 -0700
commit	ff9b24fa7d60e7a224c78904ab451c4c39cb231f (patch)
tree	fa38972bd3e446d8eedd17de3b15dbd7a69ca2dd /lib/puppet/indirector
parent	b82bf9faa84447ac13b09d9d2db310fb3a35bd12 (diff)
parent	e20e6185f7f26d02c7ea275f8adf43c088169129 (diff)
download	puppet-ff9b24fa7d60e7a224c78904ab451c4c39cb231f.tar.gz puppet-ff9b24fa7d60e7a224c78904ab451c4c39cb231f.tar.xz puppet-ff9b24fa7d60e7a224c78904ab451c4c39cb231f.zip