lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity

Add explicit renewal flag for `certiude request`

This commit is contained in:
Lauri Võsandi 2017-03-13 19:47:58 +02:00
parent 7b1dae0901
commit 79aa1e18c0
2 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
certidude/cli.py
View File

@ -62,8 +62,9 @@ ExecStart=%s request
"""
@click.command("request", help="Run processes for requesting certificates and configuring services")
@click.option("-r", "--renew", default=False, is_flag=True, help="Renew now")
@click.option("-f", "--fork", default=False, is_flag=True, help="Fork to background")
def certidude_request(fork):
def certidude_request(fork, renew):
if not os.path.exists(const.CLIENT_CONFIG_PATH):
click.echo("No %s!" % const.CLIENT_CONFIG_PATH)
return 1
@ -177,7 +178,8 @@ def certidude_request(fork):
endpoint_common_name,
insecure=endpoint_insecure,
autosign=True,
wait=True)
wait=True,
renew=renew)
break
except requests.exceptions.Timeout:
retries -= 1

7
certidude/helpers.py
View File

@ -17,7 +17,7 @@ from configparser import ConfigParser
from cryptography import x509
from cryptography.hazmat.backends import default_backend
def certidude_request_certificate(server, key_path, request_path, certificate_path, authority_path, revocations_path, common_name, autosign=False, wait=False, bundle=False, insecure=False):
def certidude_request_certificate(server, key_path, request_path, certificate_path, authority_path, revocations_path, common_name, autosign=False, wait=False, bundle=False, renew=False, insecure=False):
"""
Exchange CSR for certificate using Certidude HTTP API server
"""
@ -28,8 +28,6 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
if wait:
request_params.add("wait=forever")
renew = False # Attempt to renew if certificate has expired
# Expand ca.example.com
scheme = "http" if insecure else "https" # TODO: Expose in CLI
authority_url = "%s://%s/api/certificate/" % (scheme, server)
@ -166,7 +164,8 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
renew = True
else:
click.echo("Found valid certificate: %s" % certificate_path)
return
if not renew: # Don't do anything if renewal wasn't requested explicitly
return
# If machine is joined to domain attempt to present machine credentials for authentication
if os.path.exists("/etc/krb5.keytab"):