Project

General

Profile

Download (4.98 KB) Statistics
| Branch: | Tag: | Revision:

puppet-certs/lib/puppet/provider/katello_ssl_tool.rb @ a1731d81

require 'fileutils'
module Puppet::Provider::KatelloSslTool

class Cert < Puppet::Provider

initvars

commands :rpm => 'rpm'
commands :yum => 'yum'
commands :katello_ssl_tool_command => 'katello-ssl-tool'

def exists?
! generate? && ! deploy?
end

def create
generate! if generate?
deploy! if deploy?
end

def self.details(cert_name)
details = { :pubkey => pubkey(cert_name),
:privkey => privkey(cert_name) }

passphrase_file = passphrase_file(cert_name)
if File.exists?(passphrase_file)
details[:passphrase_file] = passphrase_file
details[:passphrase] = File.read(passphrase_file).chomp
end

return details
end

def self.pubkey(name)
# TODO: just temporarily until we have this changes in katello installer as well
if name == 'candlepin-ca'
'/usr/share/katello/candlepin-ca.crt'
else
target_path("certs/#{name}.crt")
end
end

def self.privkey(name)
# TODO: just temporarily until we have this changes in katello installer as well
if name == 'candlepin-ca'
build_path('candlepin-cert.key')
else
target_path("private/#{name}.key")
end
end

def self.passphrase_file(name)
# TODO: just temporarily until we have this changes in katello installer as well
if name == 'candlepin-ca'
'/etc/katello/candlepin_ca_password-file'
else
build_path("#{name}.pwd")
end
end

protected

def katello_ssl_tool(*args)
Dir.chdir('/root') do
katello_ssl_tool_command(*args)
end
end

def generate?
return false unless resource[:generate]
return true if resource[:regenerate]
return files_to_generate.any? { |file| ! File.exist?(file) }
end

def files_to_generate
[rpmfile]
end

def deploy?
return false unless resource[:deploy]
return true if resource[:regenerate]
return true if files_to_deploy.any? { |file| ! File.exist?(file) }
return true if new_version_available?
end

def files_to_deploy
[pubkey, privkey]
end

def deploy!
if File.exists?(rpmfile)
# the rpm is available locally on the file system
rpm('-Uvh', '--force', rpmfile)
else
# we search the rpm in yum repo
yum("install", "-y", rpmfile_base_name)
end
end

def new_version_available?
if File.exists?(rpmfile)
current_version = version_from_name(`rpm -q #{rpmfile_base_name}`)
latest_version = version_from_name(`rpm -pq #{rpmfile}`)
(latest_version <=> current_version) > 0
else
`yum check-update #{rpmfile_base_name} &>/dev/null`
$?.exitstatus == 100
end
end

def version_from_name(rpmname)
rpmname.scan(/\d+/).map(&:to_i)
end

def common_args
[ '--set-country', resource[:country],
'--set-state', resource[:state],
'--set-city', resource[:city],
'--set-org', resource[:org],
'--set-org-unit', resource[:org_unit],
'--set-email', resource[:email],
'--cert-expiration', resource[:expiration]]
end

def rpmfile
rpmfile = Dir[self.build_path("#{rpmfile_base_name}*.noarch.rpm")].max_by do |file|
version_from_name(file)
end
rpmfile ||= self.build_path("#{rpmfile_base_name}.noarch.rpm")
return rpmfile
end

def rpmfile_base_name
resource[:name]
end

def pubkey
self.class.pubkey(resource[:name])
end

def privkey
self.class.privkey(resource[:name])
end

def passphrase_file
self.class.passphrase_file(resource[:name])
end

def full_path(file_name)
self.class.full_path(file_name)
end

def self.target_path(file_name = nil)
File.join("/etc/pki/tls", file_name)
end

def build_path(file_name)
self.class.build_path(file_name)
end

def self.build_path(file_name = nil)
File.join("/root/ssl-build", file_name)
end

end

class CertFile < Puppet::Provider

include Puppet::Util::Checksums

initvars

commands :openssl => 'openssl'

def exists?
return false unless File.exists?(resource[:path])
checksum(expected_content) == checksum(current_content)
end

def create
File.open(resource[:path], "w", mode) { |f| f << expected_content }
end

protected

def expected_content
File.read(source_path)
end

def current_content
File.read(resource[:path])
end


def checksum(content)
md5(content)
end

# what path to copy from
def source_path
raise NotImplementedError
end

def mode
0644
end

def cert_details
return @cert_details if defined? @cert_details
if cert_resource = @resource[:cert]
name = cert_resource.to_hash[:name]
@cert_details = Puppet::Provider::KatelloSslTool::Cert.details(name)
else
raise 'Cert was not specified'
end
end

end

end
    (1-1/1)