Class: Puppet::Indirector::CertificateStatus::File

Inherits:
Puppet::Indirector::Code show all
Defined in:
lib/puppet/indirector/certificate_status/file.rb

Constant Summary

Constants included from Util

Util::AbsolutePathPosix, Util::AbsolutePathWindows, Util::DEFAULT_POSIX_MODE, Util::DEFAULT_WINDOWS_MODE

Constants included from Util::POSIX

Util::POSIX::LOCALE_ENV_VARS, Util::POSIX::USER_ENV_VARS

Constants included from Util::SymbolicFileMode

Util::SymbolicFileMode::SetGIDBit, Util::SymbolicFileMode::SetUIDBit, Util::SymbolicFileMode::StickyBit, Util::SymbolicFileMode::SymbolicMode, Util::SymbolicFileMode::SymbolicSpecialToBit

Constants included from Util::Docs

Util::Docs::HEADER_LEVELS

Instance Attribute Summary

Attributes included from Util::Docs

#doc, #nodoc

Instance Method Summary collapse

Methods inherited from Terminus

abstract_terminus?, #allow_remote_requests?, const2name, #indirection, indirection_name, inherited, #initialize, mark_as_abstract_terminus, model, #model, #name, name2const, register_terminus_class, terminus_class, terminus_classes, #terminus_type, #validate, #validate_model

Methods included from Util::InstanceLoader

#instance_docs, #instance_hash, #instance_load, #instance_loader, #instance_loading?, #loaded_instance, #loaded_instances

Methods included from Util

absolute_path?, benchmark, chuser, clear_environment, default_env, deterministic_rand, deterministic_rand_int, exit_on_fail, get_env, get_environment, logmethods, merge_environment, path_to_uri, pretty_backtrace, replace_file, safe_posix_fork, set_env, symbolizehash, thinmark, uri_encode, uri_query_encode, uri_to_path, which, withenv, withumask

Methods included from Util::POSIX

#get_posix_field, #gid, #idfield, #methodbyid, #methodbyname, #search_posix_field, #uid

Methods included from Util::SymbolicFileMode

#normalize_symbolic_mode, #symbolic_mode_to_int, #valid_symbolic_mode?

Methods included from Util::Docs

#desc, #dochook, #doctable, #markdown_definitionlist, #markdown_header, #nodoc?, #pad, scrub

Constructor Details

This class inherits a constructor from Puppet::Indirector::Terminus

Instance Method Details

#caObject

Raises:

  • (ArgumentError) 


14
15
16
17
 
# File 'lib/puppet/indirector/certificate_status/file.rb', line 14

def ca
  raise ArgumentError, _("This process is not configured as a certificate authority") unless Puppet::SSL::CertificateAuthority.ca?
  Puppet::SSL::CertificateAuthority.new
end

#destroy(request) ⇒ Object 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/puppet/indirector/certificate_status/file.rb', line 19

def destroy(request)
  deleted = []
  [
    Puppet::SSL::Certificate,
    Puppet::SSL::CertificateRequest,
    Puppet::SSL::Key,
  ].collect do |part|
    if part.indirection.destroy(request.key)
      deleted << "#{part}"
    end
  end

  return _("Nothing was deleted") if deleted.empty?
  _("Deleted for %{request}: %{deleted}") % { request: request.key, deleted: deleted.join(", ") }
end

#find(request) ⇒ Object 



76
77
78
79
80
81
82
83
84
85
 
# File 'lib/puppet/indirector/certificate_status/file.rb', line 76

def find(request)
  ssl_host = Puppet::SSL::Host.new(request.key)
  public_key = Puppet::SSL::Certificate.indirection.find(request.key)

  if ssl_host.certificate_request || public_key
    ssl_host
  else
    nil
  end
end

#save(request) ⇒ Object 



35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/puppet/indirector/certificate_status/file.rb', line 35

def save(request)
  if request.instance.desired_state == "signed"
    certificate_request = Puppet::SSL::CertificateRequest.indirection.find(request.key)
    raise Puppet::Error, _("Cannot sign for host %{request} without a certificate request") % { request: request.key } unless certificate_request
    ca.sign(request.key)
  elsif request.instance.desired_state == "revoked"
    certificate = Puppet::SSL::Certificate.indirection.find(request.key)
    raise Puppet::Error, _("Cannot revoke host %{request} because has it doesn't have a signed certificate") % { request: request.key } unless certificate
    ca.revoke(request.key)
  else
    raise Puppet::Error, _("State %{state} invalid; Must specify desired state of 'signed' or 'revoked' for host %{request}") % { state: request.instance.desired_state, request: request.key }
  end

end

#search(request) ⇒ Object 



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/puppet/indirector/certificate_status/file.rb', line 50

def search(request)
  # Support historic interface wherein users provide classes to filter
  # the search.  When used via the REST API, the arguments must be
  # a Symbol or an Array containing Symbol objects.
  klasses = case request.options[:for]
  when Class
    [request.options[:for]]
  when nil
    [
      Puppet::SSL::Certificate,
      Puppet::SSL::CertificateRequest,
      Puppet::SSL::Key,
    ]
  else
    [request.options[:for]].flatten.map do |klassname|
      indirection.class.model(klassname.to_sym)
    end
  end

  klasses.collect do |klass|
    klass.indirection.search(request.key, request.options)
  end.flatten.collect do |result|
    result.name
  end.uniq.collect &Puppet::SSL::Host.method(:new)
end

#validate_key(request) ⇒ Object 



87
88
89
90
 
# File 'lib/puppet/indirector/certificate_status/file.rb', line 87

def validate_key(request)
  # We only use desired_state from the instance and use request.key
  # otherwise, so the name does not need to match
end