diff options
| author | Daniel Pittman <daniel@puppetlabs.com> | 2011-04-05 18:39:19 -0700 |
|---|---|---|
| committer | Daniel Pittman <daniel@puppetlabs.com> | 2011-04-06 16:37:08 -0700 |
| commit | a03790d82a2c190d6f00ee7677617a7be04aa85d (patch) | |
| tree | 0aac739e7554a7a7b7e65ccb5788efb16594d475 /lib | |
| parent | 7e7d246bf46349c904c76a31951d4a40c200790b (diff) | |
| download | puppet-a03790d82a2c190d6f00ee7677617a7be04aa85d.tar.gz puppet-a03790d82a2c190d6f00ee7677617a7be04aa85d.tar.xz puppet-a03790d82a2c190d6f00ee7677617a7be04aa85d.zip | |
(#6972) Handle ca-location in the certificate string.
This ports the existing certificate location configuration to be a string
option, and then uses that to change the configuration. This will leak state
between calls, which is somewhat unavoidable, but should at least get the
basic stuff right for the CLI.
We eventually need the CA string to be supported by a stateless internal CA
implementation that allows us to do the right thing overall.
Reviewed-By: Dan Bode <dan@puppetlabs.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/puppet/application/certificate.rb | 15 | ||||
| -rw-r--r-- | lib/puppet/string/certificate.rb | 17 |
2 files changed, 20 insertions, 12 deletions
diff --git a/lib/puppet/application/certificate.rb b/lib/puppet/application/certificate.rb index f4b13ffe0..eacb830b2 100644 --- a/lib/puppet/application/certificate.rb +++ b/lib/puppet/application/certificate.rb @@ -1,18 +1,10 @@ require 'puppet/application/indirection_base' class Puppet::Application::Certificate < Puppet::Application::IndirectionBase - - # Luke used to call this --ca but that's taken by the global boolean --ca. - # Since these options map CA terminology to indirector terminology, it's - # now called --ca-location. - option "--ca-location CA_LOCATION" do |arg| - Puppet::SSL::Host.ca_location = arg.to_sym - end - def setup - - unless Puppet::SSL::Host.ca_location - raise ArgumentError, "You must have a CA location specified; use --ca-location to specify the location (remote, local, only)" + unless options[:ca_location] + raise ArgumentError, "You must have a CA location specified;\n" + + "use --ca-location to specify the location (remote, local, only)" end location = Puppet::SSL::Host.ca_location @@ -23,5 +15,4 @@ class Puppet::Application::Certificate < Puppet::Application::IndirectionBase super end - end diff --git a/lib/puppet/string/certificate.rb b/lib/puppet/string/certificate.rb index b231cafb1..fdb0bc9f4 100644 --- a/lib/puppet/string/certificate.rb +++ b/lib/puppet/string/certificate.rb @@ -2,9 +2,24 @@ require 'puppet/string/indirector' require 'puppet/ssl/host' Puppet::String::Indirector.define(:certificate, '0.0.1') do + # REVISIT: This should use a pre-invoke hook to run the common code that + # needs to happen before we invoke any action; that would be much nicer than + # the "please repeat yourself" stuff found in here right now. + # + # option "--ca-location LOCATION" do + # type [:whatever, :location, :symbols] + # hook :before do |value| + # Puppet::SSL::Host.ca_location = value + # end + # end + # + # ...but should I pass the arguments as well? + # --daniel 2011-04-05 + option "--ca-location LOCATION" action :generate do when_invoked do |name, options| + Puppet::SSL::Host.ca_location = options[:ca_location].to_sym host = Puppet::SSL::Host.new(name) host.generate_certificate_request host.certificate_request.class.indirection.save(host.certificate_request) @@ -13,6 +28,7 @@ Puppet::String::Indirector.define(:certificate, '0.0.1') do action :list do when_invoked do |options| + Puppet::SSL::Host.ca_location = options[:ca_location].to_sym Puppet::SSL::Host.indirection.search("*", { :for => :certificate_request, }).map { |h| h.inspect } @@ -21,6 +37,7 @@ Puppet::String::Indirector.define(:certificate, '0.0.1') do action :sign do when_invoked do |name, options| + Puppet::SSL::Host.ca_location = options[:ca_location].to_sym host = Puppet::SSL::Host.new(name) host.desired_state = 'signed' Puppet::SSL::Host.indirection.save(host) |