diff options
| author | Luke Kanies <luke@madstop.com> | 2008-05-05 17:10:07 -0500 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-05-05 17:10:07 -0500 |
| commit | 67dc268fae0489de93f247b08fdaf7b1eec0e15d (patch) | |
| tree | 727206889dcccab3d9d3292726e87a663ae539f9 /lib/puppet/ssl | |
| parent | 6356c043a44c771d707750f96f7660a1093be9ac (diff) | |
| download | puppet-67dc268fae0489de93f247b08fdaf7b1eec0e15d.tar.gz puppet-67dc268fae0489de93f247b08fdaf7b1eec0e15d.tar.xz puppet-67dc268fae0489de93f247b08fdaf7b1eec0e15d.zip | |
The CA now initializes itself.
I realized that it never made sense to have a CA
that didn't know how to initialize itself, so we
now have a singleton method for the CA, and it also
automatically initializes itself.
Diffstat (limited to 'lib/puppet/ssl')
| -rw-r--r-- | lib/puppet/ssl/certificate_authority.rb | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/lib/puppet/ssl/certificate_authority.rb b/lib/puppet/ssl/certificate_authority.rb index 42981424e..d336692a6 100644 --- a/lib/puppet/ssl/certificate_authority.rb +++ b/lib/puppet/ssl/certificate_authority.rb @@ -124,6 +124,19 @@ class Puppet::SSL::CertificateAuthority end end + # If this process can function as a CA, then return a singleton + # instance. + def self.instance + return nil unless Puppet[:ca] + return nil unless Puppet[:name] == "puppetmasterd" + + unless defined?(@instance) and @instance + @instance = new + end + + @instance + end + attr_reader :name, :host # Create and run an applicator. I wanted to build an interface where you could do @@ -192,6 +205,8 @@ class Puppet::SSL::CertificateAuthority @name = Puppet[:certname] @host = Puppet::SSL::Host.new(Puppet::SSL::Host.ca_name) + + setup() end # Retrieve (or create, if necessary) our inventory manager. @@ -267,6 +282,14 @@ class Puppet::SSL::CertificateAuthority crl.revoke(serial, host.key.content) end + # This initializes our CA so it actually works. This should be a private + # method, except that you can't any-instance stub private methods, which is + # *awesome*. This method only really exists to provide a stub-point during + # testing. + def setup + generate_ca_certificate unless @host.certificate + end + # Sign a given certificate request. def sign(hostname, cert_type = :server, self_signing_csr = nil) # This is a self-signed certificate @@ -274,8 +297,6 @@ class Puppet::SSL::CertificateAuthority csr = self_signing_csr issuer = csr.content else - generate_ca_certificate unless host.certificate - unless csr = Puppet::SSL::CertificateRequest.find(hostname) raise ArgumentError, "Could not find certificate request for %s" % hostname end |