summaryrefslogtreecommitdiffstats
path: root/lib/puppet/ssl
diff options
context:
space:
mode:
authorJesse Wolfe <jes5199@gmail.com>2010-05-12 15:19:33 -0700
committertest branch <puppet-dev@googlegroups.com>2010-02-17 06:50:53 -0800
commit8f4d644210e7a6afc9e08d65a0c60987171747c6 (patch)
treedb5570739e34e4177b8417ba65f9b8a53ea5d4bc /lib/puppet/ssl
parent6b26a7c0f1793a74ca778383125b7e4618fcc9e2 (diff)
downloadpuppet-8f4d644210e7a6afc9e08d65a0c60987171747c6.tar.gz
puppet-8f4d644210e7a6afc9e08d65a0c60987171747c6.tar.xz
puppet-8f4d644210e7a6afc9e08d65a0c60987171747c6.zip
Feature #2935: lazify require graph for applications
Because environments have to declare their mode before puppet tries to load defaults.rb, it reduces the complexity considerably to have application classes to load their lib dependencies at the last possible moment. Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
Diffstat (limited to 'lib/puppet/ssl')
-rw-r--r--lib/puppet/ssl/certificate_authority/interface.rb254
1 files changed, 130 insertions, 124 deletions
diff --git a/lib/puppet/ssl/certificate_authority/interface.rb b/lib/puppet/ssl/certificate_authority/interface.rb
index b60834a2c..ffae66d2d 100644
--- a/lib/puppet/ssl/certificate_authority/interface.rb
+++ b/lib/puppet/ssl/certificate_authority/interface.rb
@@ -1,132 +1,138 @@
# This class is basically a hidden class that knows how to act
# on the CA. It's only used by the 'puppetca' executable, and its
# job is to provide a CLI-like interface to the CA class.
-class Puppet::SSL::CertificateAuthority::Interface
- INTERFACE_METHODS = [:destroy, :list, :revoke, :generate, :sign, :print, :verify, :fingerprint]
-
- class InterfaceError < ArgumentError; end
-
- attr_reader :method, :subjects, :digest
-
- # Actually perform the work.
- def apply(ca)
- unless subjects or method == :list
- raise ArgumentError, "You must provide hosts or :all when using %s" % method
- end
-
- begin
- if respond_to?(method)
- return send(method, ca)
- end
-
- (subjects == :all ? ca.list : subjects).each do |host|
- ca.send(method, host)
- end
- rescue InterfaceError
- raise
- rescue => detail
- puts detail.backtrace if Puppet[:trace]
- Puppet.err "Could not call %s: %s" % [method, detail]
- end
- end
-
- def generate(ca)
- raise InterfaceError, "It makes no sense to generate all hosts; you must specify a list" if subjects == :all
-
- subjects.each do |host|
- ca.generate(host)
- end
- end
-
- def initialize(method, options)
- self.method = method
- self.subjects = options[:to]
- @digest = options[:digest] || :MD5
- end
-
- # List the hosts.
- def list(ca)
- unless subjects
- puts ca.waiting?.join("\n")
- return nil
- end
-
- signed = ca.list
- requests = ca.waiting?
-
- if subjects == :all
- hosts = [signed, requests].flatten
- elsif subjects == :signed
- hosts = signed.flatten
- else
- hosts = subjects
- end
-
- hosts.uniq.sort.each do |host|
- invalid = false
- begin
- ca.verify(host) unless requests.include?(host)
- rescue Puppet::SSL::CertificateAuthority::CertificateVerificationError => details
- invalid = details.to_s
- end
- if not invalid and signed.include?(host)
- puts "+ #{host} (#{ca.fingerprint(host, @digest)})"
- elsif invalid
- puts "- #{host} (#{ca.fingerprint(host, @digest)}) (#{invalid})"
- else
- puts "#{host} (#{ca.fingerprint(host, @digest)})"
+module Puppet
+ module SSL
+ class CertificateAuthority
+ class Interface
+ INTERFACE_METHODS = [:destroy, :list, :revoke, :generate, :sign, :print, :verify, :fingerprint]
+
+ class InterfaceError < ArgumentError; end
+
+ attr_reader :method, :subjects, :digest
+
+ # Actually perform the work.
+ def apply(ca)
+ unless subjects or method == :list
+ raise ArgumentError, "You must provide hosts or :all when using %s" % method
+ end
+
+ begin
+ if respond_to?(method)
+ return send(method, ca)
+ end
+
+ (subjects == :all ? ca.list : subjects).each do |host|
+ ca.send(method, host)
+ end
+ rescue InterfaceError
+ raise
+ rescue => detail
+ puts detail.backtrace if Puppet[:trace]
+ Puppet.err "Could not call %s: %s" % [method, detail]
+ end
+ end
+
+ def generate(ca)
+ raise InterfaceError, "It makes no sense to generate all hosts; you must specify a list" if subjects == :all
+
+ subjects.each do |host|
+ ca.generate(host)
+ end
+ end
+
+ def initialize(method, options)
+ self.method = method
+ self.subjects = options[:to]
+ @digest = options[:digest] || :MD5
+ end
+
+ # List the hosts.
+ def list(ca)
+ unless subjects
+ puts ca.waiting?.join("\n")
+ return nil
+ end
+
+ signed = ca.list
+ requests = ca.waiting?
+
+ if subjects == :all
+ hosts = [signed, requests].flatten
+ elsif subjects == :signed
+ hosts = signed.flatten
+ else
+ hosts = subjects
+ end
+
+ hosts.uniq.sort.each do |host|
+ invalid = false
+ begin
+ ca.verify(host) unless requests.include?(host)
+ rescue Puppet::SSL::CertificateAuthority::CertificateVerificationError => details
+ invalid = details.to_s
+ end
+ if not invalid and signed.include?(host)
+ puts "+ #{host} (#{ca.fingerprint(host, @digest)})"
+ elsif invalid
+ puts "- #{host} (#{ca.fingerprint(host, @digest)}) (#{invalid})"
+ else
+ puts "#{host} (#{ca.fingerprint(host, @digest)})"
+ end
+ end
+ end
+
+ # Set the method to apply.
+ def method=(method)
+ raise ArgumentError, "Invalid method %s to apply" % method unless INTERFACE_METHODS.include?(method)
+ @method = method
+ end
+
+ # Print certificate information.
+ def print(ca)
+ (subjects == :all ? ca.list : subjects).each do |host|
+ if value = ca.print(host)
+ puts value
+ else
+ Puppet.err "Could not find certificate for %s" % host
+ end
+ end
+ end
+
+ # Print certificate information.
+ def fingerprint(ca)
+ (subjects == :all ? ca.list + ca.waiting?: subjects).each do |host|
+ if value = ca.fingerprint(host, @digest)
+ puts "#{host} #{value}"
+ else
+ Puppet.err "Could not find certificate for %s" % host
+ end
+ end
+ end
+
+ # Sign a given certificate.
+ def sign(ca)
+ list = subjects == :all ? ca.waiting? : subjects
+ raise InterfaceError, "No waiting certificate requests to sign" if list.empty?
+ list.each do |host|
+ ca.sign(host)
+ end
+ end
+
+ # Set the list of hosts we're operating on. Also supports keywords.
+ def subjects=(value)
+ unless value == :all or value == :signed or value.is_a?(Array)
+ raise ArgumentError, "Subjects must be an array or :all; not %s" % value
+ end
+
+ if value.is_a?(Array) and value.empty?
+ value = nil
+ end
+
+ @subjects = value
+ end
end
end
end
-
- # Set the method to apply.
- def method=(method)
- raise ArgumentError, "Invalid method %s to apply" % method unless INTERFACE_METHODS.include?(method)
- @method = method
- end
-
- # Print certificate information.
- def print(ca)
- (subjects == :all ? ca.list : subjects).each do |host|
- if value = ca.print(host)
- puts value
- else
- Puppet.err "Could not find certificate for %s" % host
- end
- end
- end
-
- # Print certificate information.
- def fingerprint(ca)
- (subjects == :all ? ca.list + ca.waiting?: subjects).each do |host|
- if value = ca.fingerprint(host, @digest)
- puts "#{host} #{value}"
- else
- Puppet.err "Could not find certificate for %s" % host
- end
- end
- end
-
- # Sign a given certificate.
- def sign(ca)
- list = subjects == :all ? ca.waiting? : subjects
- raise InterfaceError, "No waiting certificate requests to sign" if list.empty?
- list.each do |host|
- ca.sign(host)
- end
- end
-
- # Set the list of hosts we're operating on. Also supports keywords.
- def subjects=(value)
- unless value == :all or value == :signed or value.is_a?(Array)
- raise ArgumentError, "Subjects must be an array or :all; not %s" % value
- end
-
- if value.is_a?(Array) and value.empty?
- value = nil
- end
-
- @subjects = value
- end
end
generated by cgit (git 2.34.1) at 2026-01-06 08:12:30 +0000