Moving the CA Interface class to a separate file.

author: Luke Kanies <luke@madstop.com> 2008-05-06 15:39:18 -0500
committer: Luke Kanies <luke@madstop.com> 2008-05-06 15:39:18 -0500
commit: a822ef9ce5c6d603f4a98b9dda0dbf4661528128 (patch)
tree: d35c546f2321b49d7be7bff0a367564ed1ca350b /lib
parent: 38e2dcf35a1d9b19970d1fb253f6c09b0529e083 (diff)
download: puppet-a822ef9ce5c6d603f4a98b9dda0dbf4661528128.tar.gz
puppet-a822ef9ce5c6d603f4a98b9dda0dbf4661528128.tar.xz
puppet-a822ef9ce5c6d603f4a98b9dda0dbf4661528128.zip
2 files changed, 144 insertions, 109 deletions
diff --git a/lib/puppet/ssl/certificate_authority.rb b/lib/puppet/ssl/certificate_authority.rb
index 9958575d5..9385110d2 100644
--- a/lib/puppet/ssl/certificate_authority.rb
+++ b/lib/puppet/ssl/certificate_authority.rb
@@ -14,115 +14,7 @@ class Puppet::SSL::CertificateAuthority
     require 'puppet/ssl/inventory'
     require 'puppet/ssl/certificate_revocation_list'
 
-    # This class is basically a hidden class that knows how to act
-    # on the CA.  It's only used by the 'puppetca' executable, and its
-    # job is to provide a CLI-like interface to the CA class. 
-    class Interface
-        INTERFACE_METHODS = [:destroy, :list, :revoke, :generate, :sign, :print, :verify]
-
-        class InterfaceError < ArgumentError; end
-
-        attr_reader :method, :subjects
-
-        # Actually perform the work.
-        def apply(ca)
-            unless subjects or method == :list
-                raise ArgumentError, "You must provide hosts or :all when using %s" % method
-            end
-
-            begin
-                if respond_to?(method)
-                    return send(method, ca)
-                end
-
-                (subjects == :all ? ca.list : subjects).each do |host|
-                    ca.send(method, host)
-                end
-            rescue InterfaceError
-                raise
-            rescue => detail
-                puts detail.backtrace if Puppet[:trace]
-                Puppet.err "Could not call %s: %s" % [method, detail]
-            end
-        end
-
-        def generate(ca)
-            raise InterfaceError, "It makes no sense to generate all hosts; you must specify a list" if subjects == :all
-
-            subjects.each do |host|
-                ca.generate(host)
-            end
-        end
-
-        def initialize(method, subjects)
-            self.method = method
-            self.subjects = subjects
-        end
-
-        # List the hosts.
-        def list(ca)
-            unless subjects
-                puts ca.waiting?.join("\n")
-                return nil
-            end
-
-            signed = ca.list
-            requests = ca.waiting?
-
-            if subjects == :all
-                hosts = [signed, requests].flatten
-            else
-                hosts = subjects
-            end
-
-            hosts.uniq.sort.each do |host|
-                if signed.include?(host)
-                    puts "+ " + host
-                else
-                    puts host
-                end
-            end
-        end
-
-        # Set the method to apply.
-        def method=(method)
-            raise ArgumentError, "Invalid method %s to apply" % method unless INTERFACE_METHODS.include?(method)
-            @method = method
-        end
-
-        # Print certificate information.
-        def print(ca)
-            (subjects == :all ? ca.list : subjects).each do |host|
-                if value = ca.print(host)
-                    puts value
-                else
-                    Puppet.err "Could not find certificate for %s" % host
-                end
-            end
-        end
-
-        # Sign a given certificate.
-        def sign(ca)
-            list = subjects == :all ? ca.waiting? : subjects
-            raise InterfaceError, "No waiting certificate requests to sign" if list.empty?
-            list.each do |host|
-                ca.sign(host)
-            end
-        end
-
-        # Set the list of hosts we're operating on.  Also supports keywords.
-        def subjects=(value)
-            unless value == :all or value.is_a?(Array)
-                raise ArgumentError, "Subjects must be an array or :all; not %s" % value
-            end
-
-            if value.is_a?(Array) and value.empty?
-                value = nil
-            end
-
-            @subjects = value
-        end
-    end
+    require 'puppet/ssl/certificate_authority/interface'
 
     # If this process can function as a CA, then return a singleton
     # instance.
@@ -150,6 +42,39 @@ class Puppet::SSL::CertificateAuthority
         applier.apply(self)
     end
 
+    # FIXME autosign? should probably accept both hostnames and IP addresses
+    def autosign?(hostname)
+        # simple values are easy
+        if autosign == true or autosign == false
+            return autosign
+        end
+
+        # we only otherwise know how to handle files
+        unless autosign =~ /^\//
+            raise Puppet::Error, "Invalid autosign value %s" %
+                autosign.inspect
+        end
+
+        unless FileTest.exists?(autosign)
+            unless defined? @@warnedonautosign
+                @@warnedonautosign = true
+                Puppet.info "Autosign is enabled but %s is missing" % autosign
+            end
+            return false
+        end
+        auth = Puppet::Network::AuthStore.new
+        File.open(autosign) { |f|
+            f.each { |line|
+                next if line =~ /^\s*#/
+                next if line =~ /^\s*$/
+                auth.allow(line.chomp)
+            }
+        }
+
+        # for now, just cheat and pass a fake IP address to allowed?
+        return auth.allowed?(hostname, "127.1.1.1")
+    end
+
     # Retrieve (or create, if necessary) the certificate revocation list.
     def crl
         unless defined?(@crl)
diff --git a/lib/puppet/ssl/certificate_authority/interface.rb b/lib/puppet/ssl/certificate_authority/interface.rb
new file mode 100644
index 000000000..b355e21f0
--- /dev/null
+++ b/lib/puppet/ssl/certificate_authority/interface.rb
@@ -0,0 +1,110 @@
+# This class is basically a hidden class that knows how to act
+# on the CA.  It's only used by the 'puppetca' executable, and its
+# job is to provide a CLI-like interface to the CA class. 
+class Puppet::SSL::CertificateAuthority::Interface
+    INTERFACE_METHODS = [:destroy, :list, :revoke, :generate, :sign, :print, :verify]
+
+    class InterfaceError < ArgumentError; end
+
+    attr_reader :method, :subjects
+
+    # Actually perform the work.
+    def apply(ca)
+        unless subjects or method == :list
+            raise ArgumentError, "You must provide hosts or :all when using %s" % method
+        end
+
+        begin
+            if respond_to?(method)
+                return send(method, ca)
+            end
+
+            (subjects == :all ? ca.list : subjects).each do |host|
+                ca.send(method, host)
+            end
+        rescue InterfaceError
+            raise
+        rescue => detail
+            puts detail.backtrace if Puppet[:trace]
+            Puppet.err "Could not call %s: %s" % [method, detail]
+        end
+    end
+
+    def generate(ca)
+        raise InterfaceError, "It makes no sense to generate all hosts; you must specify a list" if subjects == :all
+
+        subjects.each do |host|
+            ca.generate(host)
+        end
+    end
+
+    def initialize(method, subjects)
+        self.method = method
+        self.subjects = subjects
+    end
+
+    # List the hosts.
+    def list(ca)
+        unless subjects
+            puts ca.waiting?.join("\n")
+            return nil
+        end
+
+        signed = ca.list
+        requests = ca.waiting?
+
+        if subjects == :all
+            hosts = [signed, requests].flatten
+        else
+            hosts = subjects
+        end
+
+        hosts.uniq.sort.each do |host|
+            if signed.include?(host)
+                puts "+ " + host
+            else
+                puts host
+            end
+        end
+    end
+
+    # Set the method to apply.
+    def method=(method)
+        raise ArgumentError, "Invalid method %s to apply" % method unless INTERFACE_METHODS.include?(method)
+        @method = method
+    end
+
+    # Print certificate information.
+    def print(ca)
+        (subjects == :all ? ca.list : subjects).each do |host|
+            if value = ca.print(host)
+                puts value
+            else
+                Puppet.err "Could not find certificate for %s" % host
+            end
+        end
+    end
+
+    # Sign a given certificate.
+    def sign(ca)
+        list = subjects == :all ? ca.waiting? : subjects
+        raise InterfaceError, "No waiting certificate requests to sign" if list.empty?
+        list.each do |host|
+            ca.sign(host)
+        end
+    end
+
+    # Set the list of hosts we're operating on.  Also supports keywords.
+    def subjects=(value)
+        unless value == :all or value.is_a?(Array)
+            raise ArgumentError, "Subjects must be an array or :all; not %s" % value
+        end
+
+        if value.is_a?(Array) and value.empty?
+            value = nil
+        end
+
+        @subjects = value
+    end
+end
+
author	Luke Kanies <luke@madstop.com>	2008-05-06 15:39:18 -0500
committer	Luke Kanies <luke@madstop.com>	2008-05-06 15:39:18 -0500
commit	a822ef9ce5c6d603f4a98b9dda0dbf4661528128 (patch)
tree	d35c546f2321b49d7be7bff0a367564ed1ca350b /lib
parent	38e2dcf35a1d9b19970d1fb253f6c09b0529e083 (diff)
download	puppet-a822ef9ce5c6d603f4a98b9dda0dbf4661528128.tar.gz puppet-a822ef9ce5c6d603f4a98b9dda0dbf4661528128.tar.xz puppet-a822ef9ce5c6d603f4a98b9dda0dbf4661528128.zip