1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Add explicit renewal flag for certiude request

This commit is contained in:
Lauri Võsandi 2017-03-13 19:47:58 +02:00
parent 7b1dae0901
commit 79aa1e18c0
2 changed files with 7 additions and 6 deletions

View File

@ -62,8 +62,9 @@ ExecStart=%s request
""" """
@click.command("request", help="Run processes for requesting certificates and configuring services") @click.command("request", help="Run processes for requesting certificates and configuring services")
@click.option("-r", "--renew", default=False, is_flag=True, help="Renew now")
@click.option("-f", "--fork", default=False, is_flag=True, help="Fork to background") @click.option("-f", "--fork", default=False, is_flag=True, help="Fork to background")
def certidude_request(fork): def certidude_request(fork, renew):
if not os.path.exists(const.CLIENT_CONFIG_PATH): if not os.path.exists(const.CLIENT_CONFIG_PATH):
click.echo("No %s!" % const.CLIENT_CONFIG_PATH) click.echo("No %s!" % const.CLIENT_CONFIG_PATH)
return 1 return 1
@ -177,7 +178,8 @@ def certidude_request(fork):
endpoint_common_name, endpoint_common_name,
insecure=endpoint_insecure, insecure=endpoint_insecure,
autosign=True, autosign=True,
wait=True) wait=True,
renew=renew)
break break
except requests.exceptions.Timeout: except requests.exceptions.Timeout:
retries -= 1 retries -= 1

View File

@ -17,7 +17,7 @@ from configparser import ConfigParser
from cryptography import x509 from cryptography import x509
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends import default_backend
def certidude_request_certificate(server, key_path, request_path, certificate_path, authority_path, revocations_path, common_name, autosign=False, wait=False, bundle=False, insecure=False): def certidude_request_certificate(server, key_path, request_path, certificate_path, authority_path, revocations_path, common_name, autosign=False, wait=False, bundle=False, renew=False, insecure=False):
""" """
Exchange CSR for certificate using Certidude HTTP API server Exchange CSR for certificate using Certidude HTTP API server
""" """
@ -28,8 +28,6 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
if wait: if wait:
request_params.add("wait=forever") request_params.add("wait=forever")
renew = False # Attempt to renew if certificate has expired
# Expand ca.example.com # Expand ca.example.com
scheme = "http" if insecure else "https" # TODO: Expose in CLI scheme = "http" if insecure else "https" # TODO: Expose in CLI
authority_url = "%s://%s/api/certificate/" % (scheme, server) authority_url = "%s://%s/api/certificate/" % (scheme, server)
@ -166,7 +164,8 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
renew = True renew = True
else: else:
click.echo("Found valid certificate: %s" % certificate_path) click.echo("Found valid certificate: %s" % certificate_path)
return if not renew: # Don't do anything if renewal wasn't requested explicitly
return
# If machine is joined to domain attempt to present machine credentials for authentication # If machine is joined to domain attempt to present machine credentials for authentication
if os.path.exists("/etc/krb5.keytab"): if os.path.exists("/etc/krb5.keytab"):