diff --git a/lib/puppet/application/ca.rb b/lib/puppet/application/cert.rb similarity index 98% rename from lib/puppet/application/ca.rb rename to lib/puppet/application/cert.rb index ab7f607ee..f48e5301a 100644 --- a/lib/puppet/application/ca.rb +++ b/lib/puppet/application/cert.rb @@ -1,76 +1,76 @@ require 'puppet' require 'puppet/application' require 'puppet/ssl/certificate_authority' -Puppet::Application.new(:ca) do +Puppet::Application.new(:cert) do should_parse_config attr_accessor :mode, :all, :ca, :digest def find_mode(opt) modes = Puppet::SSL::CertificateAuthority::Interface::INTERFACE_METHODS tmp = opt.sub("--", '').to_sym @mode = modes.include?(tmp) ? tmp : nil end option("--clean", "-c") do @mode = :destroy end option("--all", "-a") do @all = true end option("--digest DIGEST") do |arg| @digest = arg end option("--debug", "-d") do |arg| Puppet::Util::Log.level = :debug end Puppet::SSL::CertificateAuthority::Interface::INTERFACE_METHODS.reject {|m| m == :destroy }.each do |method| option("--#{method}", "-%s" % method.to_s[0,1] ) do find_mode("--#{method}") end end option("--verbose", "-v") do Puppet::Util::Log.level = :info end command(:main) do if @all hosts = :all else hosts = ARGV.collect { |h| puts h; h.downcase } end begin @ca.apply(:revoke, :to => hosts) if @mode == :destroy @ca.apply(@mode, :to => hosts, :digest => @digest) rescue => detail puts detail.backtrace if Puppet[:trace] puts detail.to_s exit(24) end end setup do if Puppet.settings.print_configs? exit(Puppet.settings.print_configs ? 0 : 1) end Puppet::Util::Log.newdestination :console Puppet::SSL::Host.ca_location = :only begin @ca = Puppet::SSL::CertificateAuthority.new rescue => detail puts detail.backtrace if Puppet[:trace] puts detail.to_s exit(23) end end end diff --git a/sbin/puppetca b/sbin/puppetca index 71cb6c930..ce2e315a7 100755 --- a/sbin/puppetca +++ b/sbin/puppetca @@ -1,111 +1,111 @@ #!/usr/bin/env ruby # # = Synopsis # # Stand-alone certificate authority. Capable of generating certificates # but mostly meant for signing certificate requests from puppet clients. # # = Usage # # puppetca [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose] # [-g|--generate] [-l|--list] [-s|--sign] [-r|--revoke] # [-p|--print] [-c|--clean] [--verify] [--digest DIGEST] # [--fingerprint] [host] # # = Description # # Because the puppetmasterd daemon defaults to not signing client certificate # requests, this script is available for signing outstanding requests. It # can be used to list outstanding requests and then either sign them individually # or sign all of them. # # = Options # # Note that any configuration parameter that's valid in the configuration file # is also a valid long argument. For example, 'ssldir' is a valid configuration # parameter, so you can specify '--ssldir ' as an argument. # # See the configuration file documentation at # http://reductivelabs.com/projects/puppet/reference/configref.html for # the full list of acceptable parameters. A commented list of all # configuration options can also be generated by running puppetca with # '--genconfig'. # # all:: # Operate on all items. Currently only makes sense with '--sign', # '--clean', or '--list'. # # digest:: # Set the digest for fingerprinting (defaults to md5). Valid values depends # on your openssl and openssl ruby extension version, but should contain at # least md5, sha1, md2, sha256. # # clean:: # Remove all files related to a host from puppetca's storage. This is # useful when rebuilding hosts, since new certificate signing requests # will only be honored if puppetca does not have a copy of a signed # certificate for that host. The certificate of the host remains valid. # If '--all' is specified then all host certificates, both signed and # unsigned, will be removed. # # debug:: # Enable full debugging. # # generate:: # Generate a certificate for a named client. A certificate/keypair will be # generated for each client named on the command line. # # help:: # Print this help message # # list:: # List outstanding certificate requests. If '--all' is specified, # signed certificates are also listed, prefixed by '+', and revoked # or invalid certificates are prefixed by '-' (the verification outcome # is printed in parenthesis). # # print:: # Print the full-text version of a host's certificate. # # fingerprint:: # Print the DIGEST (defaults to md5) fingerprint of a host's certificate. # # revoke:: # Revoke the certificate of a client. The certificate can be specified # either by its serial number, given as a decimal number or a hexadecimal # number prefixed by '0x', or by its hostname. The certificate is revoked # by adding it to the Certificate Revocation List given by the 'cacrl' # config parameter. Note that the puppetmasterd needs to be restarted # after revoking certificates. # # sign:: # Sign an outstanding certificate request. Unless '--all' is specified, # hosts must be listed after all flags. # # verbose:: # Enable verbosity. # # version:: # Print the puppet version number and exit. # # verify:: # Verify the named certificate against the local CA certificate. # # = Example # # $ puppetca -l # culain.madstop.com # $ puppetca -s culain.madstop.com # # = Author # # Luke Kanies # # = Copyright # # Copyright (c) 2005 Reductive Labs, LLC # Licensed under the GNU Public License -require 'puppet/application/ca' -Puppet::Application[:ca].run +require 'puppet/application/cert' +Puppet::Application[:cert].run diff --git a/spec/unit/application/ca.rb b/spec/unit/application/cert.rb similarity index 73% rename from spec/unit/application/ca.rb rename to spec/unit/application/cert.rb index 8432e65f3..a777a8c54 100644 --- a/spec/unit/application/ca.rb +++ b/spec/unit/application/cert.rb @@ -1,167 +1,167 @@ #!/usr/bin/env ruby require File.dirname(__FILE__) + '/../../spec_helper' -require 'puppet/application/ca' +require 'puppet/application/cert' describe "PuppetCA" do before :each do - @ca_app = Puppet::Application[:ca] + @cert_app = Puppet::Application[:cert] Puppet::Util::Log.stubs(:newdestination) Puppet::Util::Log.stubs(:level=) end it "should ask Puppet::Application to parse Puppet configuration file" do - @ca_app.should_parse_config?.should be_true + @cert_app.should_parse_config?.should be_true end it "should declare a main command" do - @ca_app.should respond_to(:main) + @cert_app.should respond_to(:main) end Puppet::SSL::CertificateAuthority::Interface::INTERFACE_METHODS.reject{ |m| m == :destroy }.each do |method| it "should declare option --#{method}" do - @ca_app.should respond_to("handle_#{method}".to_sym) + @cert_app.should respond_to("handle_#{method}".to_sym) end end it "should set log level to info with the --verbose option" do Puppet::Log.expects(:level=).with(:info) - @ca_app.handle_verbose(0) + @cert_app.handle_verbose(0) end it "should set log level to debug with the --debug option" do Puppet::Log.expects(:level=).with(:debug) - @ca_app.handle_debug(0) + @cert_app.handle_debug(0) end it "should set the fingerprint digest with the --digest option" do - @ca_app.handle_digest(:digest) + @cert_app.handle_digest(:digest) - @ca_app.digest.should == :digest + @cert_app.digest.should == :digest end it "should set mode to :destroy for --clean" do - @ca_app.handle_clean(0) - @ca_app.mode.should == :destroy + @cert_app.handle_clean(0) + @cert_app.mode.should == :destroy end it "should set all to true for --all" do - @ca_app.handle_all(0) - @ca_app.all.should be_true + @cert_app.handle_all(0) + @cert_app.all.should be_true end Puppet::SSL::CertificateAuthority::Interface::INTERFACE_METHODS.reject { |m| m == :destroy }.each do |method| it "should set mode to #{method} with option --#{method}" do - @ca_app.send("handle_#{method}".to_sym, nil) + @cert_app.send("handle_#{method}".to_sym, nil) - @ca_app.mode.should == method + @cert_app.mode.should == method end end describe "during setup" do before :each do Puppet::Log.stubs(:newdestination) Puppet::SSL::Host.stubs(:ca_location=) Puppet::SSL::CertificateAuthority.stubs(:new) end it "should set console as the log destination" do Puppet::Log.expects(:newdestination).with(:console) - @ca_app.run_setup + @cert_app.run_setup end it "should print puppet config if asked to in Puppet config" do - @ca_app.stubs(:exit) + @cert_app.stubs(:exit) Puppet.settings.stubs(:print_configs?).returns(true) Puppet.settings.expects(:print_configs) - @ca_app.run_setup + @cert_app.run_setup end it "should exit after printing puppet config if asked to in Puppet config" do Puppet.settings.stubs(:print_configs?).returns(true) - lambda { @ca_app.run_setup }.should raise_error(SystemExit) + lambda { @cert_app.run_setup }.should raise_error(SystemExit) end it "should set the CA location to 'only'" do Puppet::SSL::Host.expects(:ca_location=).with(:only) - @ca_app.run_setup + @cert_app.run_setup end it "should create a new certificate authority" do Puppet::SSL::CertificateAuthority.expects(:new) - @ca_app.run_setup + @cert_app.run_setup end end describe "when running" do before :each do - @ca_app.all = false + @cert_app.all = false @ca = stub_everything 'ca' - @ca_app.ca = @ca + @cert_app.ca = @ca ARGV.stubs(:collect).returns([]) end it "should delegate to the CertificateAuthority" do @ca.expects(:apply) - @ca_app.main + @cert_app.main end it "should delegate with :all if option --all was given" do - @ca_app.handle_all(0) + @cert_app.handle_all(0) @ca.expects(:apply).with { |mode,to| to[:to] == :all } - @ca_app.main + @cert_app.main end it "should delegate to ca.apply with the hosts given on command line" do ARGV.stubs(:collect).returns(["host"]) @ca.expects(:apply).with { |mode,to| to[:to] == ["host"]} - @ca_app.main + @cert_app.main end it "should send the currently set digest" do ARGV.stubs(:collect).returns(["host"]) - @ca_app.handle_digest(:digest) + @cert_app.handle_digest(:digest) @ca.expects(:apply).with { |mode,to| to[:digest] == :digest} - @ca_app.main + @cert_app.main end it "should delegate to ca.apply with current set mode" do - @ca_app.mode = "currentmode" + @cert_app.mode = "currentmode" ARGV.stubs(:collect).returns(["host"]) @ca.expects(:apply).with { |mode,to| mode == "currentmode" } - @ca_app.main + @cert_app.main end it "should revoke cert if mode is clean" do - @ca_app.mode = :destroy + @cert_app.mode = :destroy ARGV.stubs(:collect).returns(["host"]) @ca.expects(:apply).with { |mode,to| mode == :revoke } @ca.expects(:apply).with { |mode,to| mode == :destroy } - @ca_app.main + @cert_app.main end end end